ISOL633 UOFTC Payment Card Industry Security Standards Council Paper

User Generated

anirrax55

Writing

ISOL633

University of the Cumberlands

Description

In further analyzing PCI DSS it will benefit us all to learn what other American laws or regulations might relate to, implicate, or otherwise find a nexus with PCI DSS? Here, the audience needs to understand, as you will, that PCI DSS does not operate in a vacuum. Rather, like most of what we’ll learn in ISOL 633, there are numerous laws, regulations, and other governing principles that interact with PCI DSS to form an overall governance model.

User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Buddy, find the uploaded complete paper and ppt. Let me know if you need anything. Otherwise goodbye for now

COMPLEMENTARY LAWS AND PRINCIPLES OF PCI DSS

Complementary Laws and Principles of PCI DSS
Student’s Name
Institutional Affiliation

1

COMPLEMENTARY LAWS AND PRINCIPLES OF PCI DSS

2

Complementary Laws and Principles of PCI DSS
Introduction
Payment Card Industry Security Standard (PCI DSS) is a set of guidelines and
regulations that were formulated by four companies: MasterCard, Discover, Visa, and American
Express to safeguard online sellers from a data breach by setting up processes and systems
within their operations (Ataya, 2010). The regulations were formulated in 2004; however, they
have evolved to keep up with the technological advancement in business, which also poses data
breach concerns. However, the regulations do not operate in isolation. Other government set
rules complement PCI DSS to ensure that it is more effective. To that end, his paper will look at
some of the laws, regulations, and principles that interact to ensure that cardholder data
information is protected as well as promoting the security of transactions in the process.
Cybersecurity laws
The growth of E-commerce advancements in the field of information technology in the
last two decades has presented various opportunities for cybercrime in the United States.
According to Weng & Lu (2013), cybercrime has led to enormous losses for the US government
and its citizens with more focus on data breaches on financial institutions, Small Scale
Enterprises (SMEs), healthcare systems, and other industries. Data breaches existed long before
digitization; however, advanced digital platforms have catalyzed its spread leading to substantial
financial losses and as well as increasing the cost of data breaches. The US witnessed the most
significant data breach in history in 2016 with Yahoo being the notable victims; the data breach
affected the information of around 1 billion users. Therefore, cybersecurity laws have helped
reduce data loss. One of the regulations that aid in curbing data security breach and is
complementary to the goals of PCI DSS is the Cybersecurity Information Sharing Act (CISA) of

COMPLEMENTARY LAWS AND PRINCIPLES OF PCI DSS

3

2015 (Heidenreich, 2015). The act aims at improving cybersecurity by providing a platform for
sharing and cooperative consultation on security threats. The act facilitates the sharing of internet
traffic information between private technology companies and the US government. Other
cybersecurity laws complement CISA, which is evidence that the government is working to help
prevent and minimize data breaches in collaboration with private entities. However, even with
the various cybersecurity laws, cyber-attacks still occur because hackers are adaptive and use
system vulnerabilities to get their way into systems. Therefore, more complementary approaches
are needed.
Data protection laws
Half of the US population feel that their private data is less secure now than it was five
years ago due to technological advancements (Chan & Hankel, 2019). In 2017, Uber tried to
conceal a data breach which affected nearly fifty-seven million user accounts. In data protection
legislation, the US government uses a ‘sectoral’ approach whereby there is no one umbrella
legislation but a combination of legislative frameworks. Therefore, the government is not solely
responsible for data protection, which gives room for private companies to formulate their laws,
principles, and technology for data protection. The approach also calls for individuals to control
the dissemination of their data. An example of a regulation that is geared towards data protection
is the Electronic Communications Privacy Act of 1986 (ECPA) which seeks to protect all forms
of electronic communication when they are being drafted, transmitted and stored in electronic
devices (Bygrave, 2014).
ECPA has been amended several times to improve its effectiveness. ECPA comprises of
three titles, and for PCI DSS discussion, the first two titles seem most applicable. Title I
(Wiretap Act) prohibits interception or procurement of other people’s oral, electronic, and wire

COMPLEMENTARY LAWS AND PRINCIPLES OF PCI DSS

4

communication. Title II (Stored Communication Act), which protects service subscriber
information such as their billing records and name (Ahmed & Hassan, 2019). Therefore, even
with the lack of common federal law for data protection, other regulations together form
mechanisms for preventing data breaches, which contribute and guides PCI DSS objectives.
PCI Governing Principles
During its formulation in 2004, the Payment Card Industry Security Standards Council
formulated six key objectives and twelve requirements which obligated credit card companies,
service providers and merchants, transmit, store and process cardholder data to follow them
(Joerling, 2010). The purposes which are an umbrella of t...


Anonymous
Excellent resource! Really helped me get the gist of things.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags