Homework answers / question archive / S&H Aquariums' board of directors reviewed the report you submitted on PCI DSS compliance (in Project Part 1), and they were grateful for the background and analysis you provided

S&H Aquariums' board of directors reviewed the report you submitted on PCI DSS compliance (in Project Part 1), and they were grateful for the background and analysis you provided

Computer Science

Share With

---

S&H Aquariums' board of directors reviewed the report you submitted on PCI DSS compliance (in Project Part 1), and they were grateful for the background and analysis you provided. After discussing the information, they realized that PCI DSS compliance is but one aspect of the overarching information security system needed to launch and sustain the new business.

 

 The board would like to understand the bigger picture of how you will develop the control system needed to protect credit card data and document compliance with the PCI DSS requirements. You know this will be a rather complex process. You are planning to use a combination of frameworks and standards to guide the development of the control system. Furthermore, you are making it a priority to design an integrated system so the company can efficiently prepare for multiple types of audits, not just those related to PCI DSS compliance. 

 

After explaining to the board that, realistically, you and your team will need much more time to research, discuss, plan, and implement the company's control system, you agree  a report that highlights some of the key principles and procedures involved in this undertaking. 

 

Review information about the following frameworks or standards introduced in the textbook: COSO, COBIT, SOC, ISO, and NIST. Consider how you may use some or all of these frameworks/standards to guide the creation of an internal control system at S&H Aquariums. Note the similarities or overlaps among each set of frameworks/standards, as well as the differences. ? 

 

1. Introduction

2. Plan for Developing an Integrated Internal Control System ? 

        Explain how and why you will use multiple frameworks and standards to guide your development of this control       system. ?           

      Explain how you will ensure the control system can be used to demonstrate PCI DSS and other forms of compliance.

3. Conclusion