Title: Payment Card Industry PCI regulatory compliance: A Model for business service continuity for educati
1Payment Card Industry (PCI) regulatory
compliance A Model for business service
continuity for educational institutionsChapter1-
3
- Veena Nagarajan
- TEPM 6391
- Technology Project Management Seminar
- Masters Project -TPMISS
- College Of Technology
- University of Houston
- November 26 , 2007
2Agenda
- What is PCI Regulatory Compliance?
- Why is this project important?
- PCIDSS
- Consequences of PCIDSS non-compliance
- Project methodology phases
- Sponsor Organization
- Proposed project plan
- Questions
3What is PCI Regulatory Compliance?
- PCI Data Security Standard (DSS) is a set of
comprehensive requirements for enhancing payment
account data security. 1 - PCI Compliance regulation is a process developed
for organizations that carry out credit and debit
card transactions.3 - Compliance is required of all merchants and
service providers that store, process, or
transmit cardholder data.2
4Why is this Project important ?
- Increase in high profile security breaches
threat 5 - According to Gartner, unauthorized credit card
charges increased fourfold from 2005 to 2006.5 - Open source Internet 6
- Protection of sensitive electronic data from
criminals - According to FTC (2006) - 685,000 Consumer fraud
and ID complaints.
Figure 1.2 Consumer Fraud and Identity Theft
Consumer Data, FTC (2006)
5Why is this Project important ?
Figure 2.2 Data breaches that could lead to
identity theft by sector Symantec (2007)
6PCIDSS
7Consequences of PCIDSS non-compliance
- Non-compliant organization penalized with huge
fines if faced with security breach - Organizations susceptible to legal action by the
cardholder if data is lost - Results in bad publicity and loss of business
reputation
8Consequences of PCIDSS non-compliance
9Project methodology phases
- Secondary Data Collection.
- Content organization.
- Content analysis.
- Inductive Reasoning.
- Assessment of Academic Institutions PCI
Practices using the Model. - Primary data collection.
10Sponsor organization
- UHs IT Service Continuity
- UHs IT Security
11Proposed Project plan
12Questions