Napredna pretraga

Pregled bibliografske jedinice broj: 594207

Risk Assessment of the Bank's Noncompliance with Payment Card Industry Data Security Standard


Maček, Davor; Magdalenić, Ivan; Ivković, Nikola
Risk Assessment of the Bank's Noncompliance with Payment Card Industry Data Security Standard // Central European Conference on Information and Intelligent Systems, CECIIS, 23rd International Conference 2012 / Hunjak, Tihomir ; Lovrenčić, Sandra ; Tomičić, Igor (ur.).
Varaždin: University of Zagreb, Faculty of organization and informatics, 2012. str. 305-311 (predavanje, međunarodna recenzija, cjeloviti rad (in extenso), znanstveni)


Naslov
Risk Assessment of the Bank's Noncompliance with Payment Card Industry Data Security Standard

Autori
Maček, Davor ; Magdalenić, Ivan ; Ivković, Nikola

Vrsta, podvrsta i kategorija rada
Radovi u zbornicima skupova, cjeloviti rad (in extenso), znanstveni

Izvornik
Central European Conference on Information and Intelligent Systems, CECIIS, 23rd International Conference 2012 / Hunjak, Tihomir ; Lovrenčić, Sandra ; Tomičić, Igor - Varaždin : University of Zagreb, Faculty of organization and informatics, 2012, 305-311

Skup
Central European Conference on Information and Intelligent Systems

Mjesto i datum
Varaždin, Hrvatska, 19-21.09.2012

Vrsta sudjelovanja
Predavanje

Vrsta recenzije
Međunarodna recenzija

Ključne riječi
Risk assessment; information security; PCI DSS; compliance; AHP; OCTAVE; financial institution; bank

Sažetak
This paper describes methodology of finding potential risks of bank's noncompliance with Payment Card Industry Data Security Standard (PCI DSS) v2.0 mandatory security requirements. For different types of information assets or security requirements it is necessary to apply different methods of security risk assessment or different standards for specific environment. In this paper, PCI DSS security requirements are explained, Analytic Hierarchy Process (AHP) technique is used as a groundwork to decide which PCI requirements are the most critical and the OCTAVE method is used for formal risk assessment of the most significant PCI requirement in case the requirement is not satisfied. Both, AHP technique and OCTAVE method are applied to a real case scenario in the bank before conducting PCI auditing process.

Izvorni jezik
Engleski

Znanstvena područja
Elektrotehnika, Računarstvo, Informacijske i komunikacijske znanosti



POVEZANOST RADA


Projekt / tema
016-0161199-1715 - Informacijska infrastruktura i interoperabilnost (Neven Vrček, )
016-0361935-1728 - Semantičko modeliranje višeagentnih sustava (Mirko Maleković, )
036-0362027-1638 - Umrežena ekonomija (Zoran Skočir, )

Ustanove
Fakultet organizacije i informatike, Varaždin,
Fakultet elektrotehnike i računarstva, Zagreb