scholarly journals Study case Remote Access for PCI DSS Compliance at Company in Jakarta

2016 ◽  
Vol 3 (2) ◽  
pp. 35-41
Author(s):  
Rony Andry Anthony Sihotang
Keyword(s):  
Data Security ◽  
Remote Access ◽  
Team Development ◽  
Pci Dss ◽  
Electronic Transactions ◽  
Public Areas ◽  
International Payment ◽  
Security Standard ◽  
The Government ◽  
Internal Networks

The growth of electronic transactions in Indonesia has grown tremendously since the start of the government program of the Non-Cash National Movement (GNNT) by Bank Indonesia since 2014. It is expected that the use of cash will be replaced by electronic transactions (cashless) using ATM cards, debit cards, credit cards, electronic cards. Electronic transactions must be reliable and secure, this is what drives 5 international payment networks such as American Express, Discover, JCB, Mastercard and Visa create a data security standard to secure cardholder data PCI DSS (Payment Card Industry Data Security Standard). PCI DSS has always evolved to always keep cardholder data secure for transaction and now PCI DSS has released PCI DSS version 3.2 in April 2016. Employees need to connect to internal private networks or corporation’s network over the Internet from home or public areas such as hotels, airports, cafe mall etc. Security becomes a major consideration when access to internal networks or corporation’s network from insecure network. In this case study, one company with head office located in Jakarta, Indonesia with team development located in Seoul, South Korea. Also see the connection between convenience and security when implementing remote access in accordance with PCI DSS requirements.

scholarly journals General Cybersecurity Maturity Assessment Model: Best Practice to Achieve Payment Card Industry-Data Security Standard (PCI-DSS) Compliance

2021 ◽  
Vol 15 (2) ◽  
pp. 91-104
Author(s):  
Khairur Razikin ◽  
Agus Widodo
Keyword(s):  
Data Security ◽  
Assessment Tool ◽  
Assessment Model ◽  
Model Assessment ◽  
Industry Data ◽  
Maturity Level ◽  
Payment Card ◽  
Pci Dss ◽  
Use Of Technology ◽  
Security Standard

The use of technology in the era of the Industrial Revolution 4.0 is essential, marked by the use of technology in the economy and business. This situation makes many companies in the payment sector have to improve their information technology security systems. In Indonesia, Bank Indonesia and the Financial Services Authority (Otoritas Jasa Keuangan - OJK) are agencies that provide operational permits for companies by making Payment Card Industry-Data Security Standard (PCI-DSS) certification as one of the requirements for companies to obtain operating permits. However, not all companies can easily get PCI-DSS certification because many companies still do not meet the PCI-DSS requirements. The research offers a methodology for measuring the level of technology and information maturity using general cybersecurity requirements adopted from the cybersecurity frameworks of CIS, NIST, and Cobit. Then, the research also performs qualitative calculations based on interviews, observations, and data surveys conducted on switching companies that have been able to implement and obtain certification. PCI-DSS to produce practical cybersecurity measures, in general, can be used as a measure of the maturity of technology and information security. The results and discussion provide a model assessment tool on the procedures and requirements needed to obtain PCI-DSS certification. The maturity level value of PT XYZ is 4.0667 at maturity level 4, namely quantitatively managed, approaching level 5 as the highest level at maturity level.

scholarly journals Comparative Analysis and Design of Cybersecurity Maturity Assessment Methodology Using NIST CSF, COBIT, ISO/IEC 27002 and PCI DSS

2020 ◽  
Vol 4 (4) ◽  
pp. 225
Author(s):  
Diah Sulistyowati ◽  
Fitri Handayani ◽  
Yohan Suryanto
Keyword(s):  
Information Security ◽  
Business Processes ◽  
Critical Infrastructure ◽  
Readiness Assessment ◽  
Analysis And Design ◽  
Pci Dss ◽  
Security Standard ◽  
The Government ◽  
Security Standards ◽  
Iec 27002

Data or Information security in today's digital era is crucial in every organization that needs to pay attention. Management of organizational information is one of the components in realizing Good Corporate Governance. The measure of an adequate level of protection is an indicator of the cybersecurity awareness aspects of an organization's business processes in the short, medium, and long term, especially in the field that deals with information and communication technology (ICT). To make this happen, it requires a security standard that is appropriate and follows its needs to help organizations know the maturity level of cybersecurity in protecting its information security. The ABC organization is one of the Government agencies that manage the critical infrastructure and Indonesian digital economies. The organization has currently implemented several international security standards through its planning, implementation, evaluation document, and ICT activities.  However, based on the national information security readiness assessment, information security management readiness results are still not optimal. In this study, an analysis of the NIST, ISO 27002, COBIT, and PCI DSS security standards has been carried out, which are ABC organizational security standards in managing ICT by assigned tasks and functions. Furthermore, the analysis result is used as materials for drafting a cybersecurity maturity framework through the four standard approaches that have become the basis for ICT management. The proposed concept of twenty-one integrated cybersecurity categories is expected to be a capital in measure ICT management performance in ABC organizations.

Navigating Through Choppy Waters of PCI DSS Compliance

2018 ◽  
pp. 1093-1124
Author(s):  
Amrita Nanda ◽  
Priyal Popat ◽  
Deepak Vimalkumar
Keyword(s):  
Financial Institutions ◽  
Data Security ◽  
Credit Card ◽  
Holistic Approach ◽  
Security Breaches ◽  
High Profile ◽  
Pci Dss ◽  
Compliance Requirements ◽  
Security Standard

PCI Data Security Standard is increasingly becoming one of the major compliance requirements all organizations are concerned about. This chapter taking a holistic approach, provides an overview of various components of PCI DSS. We discuss various versions of PCI DSS and the industries affected by this standard, the scope and requirements to comply and hesitation on part of most companies to imbibe it. We also look at the high-profile credit card breaches which have occurred recently and their impact on concerned industries. Additionally, we focus on the challenges faced by financial institutions to effectively meet PCI DSS requirements. Based on our analysis of different requirements of PCI DSS, challenges faced by organizations and recent security breaches of companies which were PCI DSS complaint at the time of breach, we propose recommendations to help organizations secure their cardholder data beyond the achieved compliance in place.

Navigating Through Choppy Waters of PCI DSS Compliance

2017 ◽  
pp. 99-140
Author(s):  
Amrita Nanda ◽  
Priyal Popat ◽  
Deepak Vimalkumar
Keyword(s):  
Financial Institutions ◽  
Data Security ◽  
Credit Card ◽  
Holistic Approach ◽  
Security Breaches ◽  
High Profile ◽  
Pci Dss ◽  
Compliance Requirements ◽  
Security Standard

PCI Data Security Standard is increasingly becoming one of the major compliance requirements all organizations are concerned about. This chapter taking a holistic approach, provides an overview of various components of PCI DSS. We discuss various versions of PCI DSS and the industries affected by this standard, the scope and requirements to comply and hesitation on part of most companies to imbibe it. We also look at the high-profile credit card breaches which have occurred recently and their impact on concerned industries. Additionally, we focus on the challenges faced by financial institutions to effectively meet PCI DSS requirements. Based on our analysis of different requirements of PCI DSS, challenges faced by organizations and recent security breaches of companies which were PCI DSS complaint at the time of breach, we propose recommendations to help organizations secure their cardholder data beyond the achieved compliance in place.

Telemedicine (or Teleconsultation?) Practice Guidelines of India: A Game changer or a half-hearted attempt amid COVID-19? (Preprint)

2020 ◽  
Author(s):  
Venkatesh U ◽  
Aravind Gandhi P
Keyword(s):  
Health Care ◽  
Practice Guidelines ◽  
Health Care Workers ◽  
Data Security ◽  
Patient Relationship ◽  
Medical Practitioners ◽  
Care Workers ◽  
The Government ◽  
First Time ◽  
Game Changer

UNSTRUCTURED Telemedicine is where health care intersects with Information Technology. In India, there has been no statutory regulations or official guidelines, specific for Telemedicine practice and allied matters, so far. For the first time, Government of India has released Telemedicine Practice Guidelines for Registered Medical Practitioners on March 25, 2020, amid the COVID-19 outbreak. Through this paper, we would like to initiate the discussion on the features of the guidelines, limitations, and its significance in times of COVID-19 pandemic. The guidelines are with a restricted scope for providing medical consultation to patients, excluding other aspects of Telemedicine such as research and evaluation, and the continuing education of health-care workers. The guidelines have elaborated on the eligibility for practicing Telemedicine in India, the modes and types of Teleconsultation, delved into doctor-patient relationship, consent, & management protocols, touched upon the data security & privacy aspects of the Teleconsultation. After releasing the guidelines, Telescreening of public for COVID-19 symptoms is being advocated by the Government of India. COVID-19 National Teleconsultation Centre (CoNTeC) has been initiated, which connects the doctors across the India to AIIMS in real-time for accessing expert guidance on treatment of the COVID-19 patients.

Sign in / Sign up

Export Citation Format

Share Document