Home // SECURWARE 2015, The Ninth International Conference on Emerging Security Information, Systems and Technologies // View article
Authors:
Hassan El Alloussi
Laila Fetjah
Abdelhak Chaichaa
Keywords: Cloud Computing; PCI-DSS; Card Industry; PCI-SSC; Cloud Computing Alliance (CSA); Cloud Controls Matrix (CCM)
Abstract:
The Payment Card Industry Data Security Standard (PCI-DSS) is a standard that aims to harmonize and strengthen the protection of Card Data in the whole lifecycle. Since its introduction, it has always been an efficient tool for controlling Card data on a platform deployed internally. In addition, it has been proved that this standard is among the best one for gauging data security, because it dictates a series of scrupulous controls and how they could be implemented. However, with the coming of the Cloud, the strategies have changed and the issues in protecting Card data become more complex. In this paper, we continue our previous work by developing a checklist that will be a reference for the Cloud tenant to control the security of Card data and information on the Cloud Computing. In the next steps, we will focus on evaluating this checklist on a real Cloud environment. Afterward, we work on recommending more requirements and controls that the norm PCI-DSS could adopt to be more efficient on Cloud and later we will develop a new Self-Assessment Questionnaire as a reference for Qualified Security Assessors (QSA) to check on the environment.
Pages: 98 to 104
Copyright: Copyright (c) IARIA, 2015
Publication date: August 23, 2015
Published in: conference
ISSN: 2162-2116
ISBN: 978-1-61208-427-5
Location: Venice, Italy
Dates: from August 23, 2015 to August 28, 2015