CyberSecurity comparing PCI DSS to ISO 27001

4,356 views
4,141 views

Published on

CyberSecurity comparing PCI DSS to ISO 27001

Published in: Business
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
4,356
On SlideShare
0
From Embeds
0
Number of Embeds
461
Actions
Shares
0
Downloads
107
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

CyberSecurity comparing PCI DSS to ISO 27001

  1. 1. This information has been shared freely by Mark E.S. Bernard. If you find it useful please acknowledge this contribution. If you would like additional information or assistance with the customization and implementation of a balanced risk management process for your security program then please contact Mark @ 604-349-6557 or mesbernard@gmail.com This document compares CyberSecurity Framework ISO/IEC 27001 to PCI DSS. The PCI DSS framework specializes in protecting cardholder information. The following matrix compares each framework at the control point level. Control points are designed to mitigate known risks. At a glance the total control points in use are 210 to 222 respectively. Upon further comparison ISO/IEC 27001 is more mature. Acting like a true matrix many of the control points do not just apply to a single specific information risk area, but rather work together like a CyberSecurity web of protection. Internationally accepted ISO/IEC 27001 only represents the minimum standard for effective information security programs. Based on a formal risk assessment it is possible to increase the level of security where it is justifiable. What is completely missing from PCI DSS is the Management System. 4.Context of the organization 8 5.Leadership 19 6.Planning 39 7.Support 28 8.Operation 9 9.Performance evaluation 29 10.Improvement 16 Control Points: 148 What’s missing in PCI DSS? Why the entire ISO/IEC 27001 management system listed in clauses 4 – 10 making up 148 control points list below.

×