Abstract
Organizations must increasingly demonstrate to their customers and regulatory authorities that they have sufficient protection, security, resilience, and privacy of their information, assets, and systems, based on best practices. International information security standards applicable for all organizations such as ISO 27000 series or industry-specific information security standards such as PCI DSS and SWIFT were created for that reason. When organizations show their compliance to these standards, their customers acknowledge that they understand their risks, perform risk mitigation actions, create baseline security, and manage the risk on their systems. This does not mean that compliant organizations are free of risks or vulnerabilities, but they certainly have a better security posture than non-compliant organizations.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
Seaman, Jim. PCI DSS: An Integrated Data Security Standard Guide. Apress, 2020.
- 6.
PCI SSC has an FAQ on card data received from unintended channels. https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/What-should-a-merchant-do-if-cardholder-data-is-accidentally-received-via-an-unintended-channel All related PCI DSS requirements are also applicable to those card data that are somehow stored in your system.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
Based on definition of “Strong Cryptography” of PCI SSC Glossary, see www.pcisecuritystandards.org/pci_security/glossary#Strong%20Cryptography
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
The use of generic usernames should be avoided as per requirement 8.5, however, some PAM tools are using these generic usernames on-the-fly. It is transparent to the user, but in the event logs, it generally shows the generic username. The PAM tool itself associates the individual’s PAM account with these generic user logins. Organizations using such processes need to make sure that they can identify the actual user.
- 35.
- 36.
For service providers, it is also essential to timely detect any faults and respond in the following security devices: firewalls, IDS / IPS, FIM, antivirus, physical access controls, logical access controls, audit logging mechanisms, segmentation controls
- 37.
- 38.
- 39.
- 40.
- 41.
- 42.
- 43.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to APress Media, LLC, part of Springer Nature
About this chapter
Cite this chapter
Viegas, V., Kuyucu, O. (2022). International Security Standards. In: IT Security Controls. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-7799-7_2
Download citation
DOI: https://doi.org/10.1007/978-1-4842-7799-7_2
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-7798-0
Online ISBN: 978-1-4842-7799-7
eBook Packages: Professional and Applied ComputingApress Access BooksProfessional and Applied Computing (R0)