Naslov
Risk Assessment of the Bank's Noncompliance with Payment Card Industry Data Security Standard

Autori
Maček, Davor ; Magdalenić, Ivan ; Ivković, Nikola

Vrsta, podvrsta i kategorija rada
Radovi u zbornicima skupova, cjeloviti rad (in extenso), znanstveni

Izvornik
Central European Conference on Information and Intelligent Systems, CECIIS, 23rd International Conference 2012 / Hunjak, Tihomir ; Lovrenčić, Sandra ; Tomičić, Igor - Varaždin : Fakultet organizacije i informatike Sveučilišta u Zagrebu, 2012, 305-311

Skup
Central European Conference on Information and Intelligent Systems

Mjesto i datum
Varaždin, Hrvatska, 19.09.2012. - 21.09.2012

Vrsta sudjelovanja
Predavanje

Vrsta recenzije
Međunarodna recenzija

Ključne riječi
Risk assessment; information security; PCI DSS; compliance; AHP; OCTAVE; financial institution; bank

Sažetak
This paper describes methodology of finding potential risks of bank's noncompliance with Payment Card Industry Data Security Standard (PCI DSS) v2.0 mandatory security requirements. For different types of information assets or security requirements it is necessary to apply different methods of security risk assessment or different standards for specific environment. In this paper, PCI DSS security requirements are explained, Analytic Hierarchy Process (AHP) technique is used as a groundwork to decide which PCI requirements are the most critical and the OCTAVE method is used for formal risk assessment of the most significant PCI requirement in case the requirement is not satisfied. Both, AHP technique and OCTAVE method are applied to a real case scenario in the bank before conducting PCI auditing process.

Izvorni jezik
Engleski

Znanstvena područja
Elektrotehnika, Računarstvo, Informacijske i komunikacijske znanosti

POVEZANOST RADA