Yulianto, Semi and Soewito, Benfano and Lim, Charles (2016) Information Security Maturity Model a Best Practice Driven Approach to PCI DSS Compliance. Masters thesis, Swiss German University.
|
Text
Semi Yulianto 22013210 TOC.pdf Download (930kB) | Preview |
|
Text
Semi Yulianto 22013210 1.pdf Restricted to Registered users only Download (760kB) |
||
Text
Semi Yulianto 22013210 2.pdf Restricted to Registered users only Download (2MB) |
||
Text
Semi Yulianto 22013210 3.pdf Restricted to Registered users only Download (1MB) |
||
Text
Semi Yulianto 22013210 4.pdf Restricted to Registered users only Download (1MB) |
||
Text
Semi Yulianto 22013210 5.pdf Restricted to Registered users only Download (369kB) |
||
|
Text
Semi Yulianto 22013210 Ref.pdf Download (874kB) | Preview |
Abstract
This research study proposes a practical information security maturity model (ISMM), which utilizes the use of quantitative and qualitative analysis, enhancing the PCI DSS to ISO/IEC 27001 mapping, emphasizes on the PCI DSS (specific) to ISO/IEC 27001 (generic) mapping and focuses on improving the quality of people, process and technology. This research study presents a practical approach to effectively identify the key success factors and the most common gaps in the PCI DSS compliance requirements and encourage the organizations to proactively improve their information security state by selecting the best security countermeasures (controls) to protect their information assets from the emerging cyber-attacks. The ISMM presented in this research study is a best practice driven model intended to be used by organizations regardless of type and size. Extensive literature review were conducted and survey study approaches. Several ISMMs were selected, compared and analyzed. In order to validate the findings, three financial organizations in Indonesia were selected. The study was based on generic security controls adopted from the industry best practices by most of the organizations to protect their information asset. ISMM with four maturity level was proposed. The maturity level were: None, Initial, Basic and Capable. The research main contribution is that the proposed model would help the organizations to save the time and efforts and provided as a tool to measure the maturity level of their information security state and come up with the best strategy to fully comply with PCI DSS.
Item Type: | Thesis (Masters) |
---|---|
Uncontrolled Keywords: | PCI; PCI DSS; ISO/IEC 27001; Compliance; Compliant; Maturity; model. |
Subjects: | T Technology > T Technology (General) > T58.5 Information technology T Technology > T Technology (General) > T58.6 Management information systems |
Divisions: | Faculty of Engineering and Information Technology > Department of Information Technology |
Depositing User: | Atroridho Rizky |
Date Deposited: | 14 Jul 2020 06:47 |
Last Modified: | 14 Jul 2020 06:47 |
URI: | http://repository.sgu.ac.id/id/eprint/1150 |
Actions (login required)
View Item |