Purpose
This project provides an opportunity for you to apply principles related to auditing to ensure information systems are in compliance with pertinent laws and regulations, as well as industry requirements.
Required Source Information and Tools
To complete the project, you will need the following:
- Course textbook
- Access to the Internet to perform research for the project
- PCI Security Standards Council: https://www.pcisecuritystandards.org
- Important PCI Compliance Information for Merchants: https://www.bigcommerce.com/blog/pci-compliance/#weve-successfully-achieved-pci-compliance-whats-next
- COSO Internal Control—Integrated Framework Executive Summary (2013): https://www.sechistorical.org/collection/papers/2010/2013_0501_COSOInternal.pdf
- COSO Internal Control—Integrated Framework PowerPoint (2013): https://assets.kpmg.com/content/dam/kpmg/th/pdf/2016/08/ac-forum-21-coso-2013-presentation-slide-final.pdf
- COSO Internal Control—Integrated Framework (2013) whitepaper: https://assets.kpmg/content/dam/kpmg/pdf/2016/05/2750-New-COSO-2013-Framework-WHITEPAPER-V4.pdf
Learning Objectives and Outcomes
You will be able to:
- Explain the purpose of PCI DSS
- Analyze business factors that influence PCI DSS compliance
- Describe potential consequences of failing to demonstrate PCI DSS compliance
- Apply standards and frameworks to the development of information security internal control systems
- Analyze the use of information security controls within IT infrastructure domains
The rest of the instructions and assignment requirements are provided in the screenshots below.