applying principles related to auditing to ensure information systems are in compliance with pertinent laws and regulations as well as industry requirements
Purpose
This project provides an opportunity for you to apply principles related to auditing to ensure information systems are in compliance with pertinent laws and regulations, as well as industry requirements.
Learning Objectives and Outcomes
You will be able to:
- Explain the purpose of PCI DSS
- Analyze business factors that influence PCI DSS compliance
- Describe potential consequences of failing to demonstrate PCI DSS compliance
- Apply standards and frameworks to the development of information security internal control systems
- Analyze the use of information security controls within IT infrastructure domains
Introduction
Public and private sector companies are expected to comply with many laws and regulations as well as industry requirements to promote information security. Assessments and audits of the information technology (IT) environment help to ensure a company is in compliance. A successful information security professional must be able to assess a business’s needs, evaluate various standards and frameworks, and develop a customized, integrated internal control system that addresses the company’s compliance responsibilities. Furthermore, the professional must be able to communicate with various people—both inside and outside the organization—to facilitate awareness of how control activities mitigate weaknesses or potential losses that could compromise the company’s information security.
Deliverables
The project is divided into three parts.
- Project Part 1: PCI DSS Compliance Requirements
- Project Part 2: Design of an Integrated Internal Control System
- Project Part 3: Compliance Within IT Infrastructure Domains
- write a one page executive letter summarizing the whole project