izpis_h1_title_alt

Preplet standardov varovanja informacij pri procesiranju plačilnega prometa
ID BANJAC, VITOMIR (Author), ID Krisper, Marjan (Mentor) More about this mentor... This link opens in a new window

.pdfPDF - Presentation file, Download (2,51 MB)
MD5: E3EC404347223AE68822C5D7A2194715
PID: 20.500.12556/rul/05885acc-f015-4d22-a98c-8191a71c95bb

Abstract
Varovanje informacij je pomembna dejavnost mnogim združbam, še posebej če deluje v okolju z občutljivimi podatki. Za lažjo implementacijo varovanja informacij je na voljo mnogo standardov, ogrodij in dobrih praks, po katerih se združbe lahko ali pa se morajo ravnati. Ti standardi so si v svojih zahtevah lahko različni, nekatere zahteve in poglavja pa so si lahko podobna. Proučeno je teoretično ozadje informacijske varnosti v procesiranju plačilnega prometa, izbrani in proučeni so standardi in ogrodja, ki nudijo pomoč pri varovanju informacij. Predstavljena je implementacija standarda PCI DSS in ISO/IEC 20000 z uporabo ITIL za primer podjetja v dejavnosti procesiranja plačilnega prometa. Implementacija je predstavljena tudi na primerih tveganj in ranljivosti, modeliranih v jeziku ArchiMate. Glavni cilj magistrskega dela je preveriti, kako bi lahko podjetje s kar najmanj stroški in porabe različnih virov udejanjilo še standard ISO/IEC 27001 na podlagi tega, kar je na voljo iz zahtev standardov PCI DSS in ITIL. Narejen je pregled, primerjava in preslikava zahtev med omenjenimi standardi. Podana je tudi zamisel modela implementacije ISO/IEC 27001 z integracijo PCI DSS in ITIL, s katerim lahko podjetje zmanjšanja stroške in preprosteje udejanji vpeljavo novega standarda ter zmanjša nivo tveganj. V zaključku so oblikovani končni sklepi in ugotovitve ter predlogi za nadaljnje delo. V magistrskem delu je uporabljeno znanje, pridobljeno pri podiplomskem magistrskem študiju Informacijski sistemi in odločanje na Fakulteti za računalništvo in informatiko ter znanje in izkušnje, pridobljene pri delu na področju razvoja programske opreme, predvsem spletnih aplikacij in spletnih storitev, ter implementaciji varnostnih standardov v združbo, ki je obravnavano v magistrskem delu. Znanje se poleg omenjenega črpa predvsem iz tujih in domačih znanstvenih, strokovnih člankov, prispevkov na konferencah, standardov in ogrodij.

Language:Slovenian
Keywords:informacijska varnost, standard, PCI DSS, ITIL, ISO/IEC 27001, integracija
Work type:Master's thesis
Organization:FRI - Faculty of Computer and Information Science
Year:2016
PID:20.500.12556/RUL-83712 This link opens in a new window
Publication date in RUL:23.06.2016
Views:1735
Downloads:653
Metadata:XML DC-XML DC-RDF
:
Copy citation
Share:Bookmark and Share

Secondary language

Language:English
Title:Information security standards in payment card industry
Abstract:
Data security is an important activity in many companies, especially if they operate in an environment with sensitive data. To facilitate the implementation of data security measures, a variety of standards, frameworks and best practices are available as a guidelines according to which a company can or must act. These standards can be different in their requirements, while some of their requirements and chapters can be similar. This work examines theoretical background of information security in the processing of payments, while selected standards and frameworks that help to safeguard information are also analysed. The case of implementation of the standard PCI DSS and ISO/IEC 20000 using ITIL in companies in the business of processing payment transactions is presented. Additionally, implementation in cases of risk and vulnerability, modelled in the ArchiMate language, is also demonstrated. The main aim of the master thesis is to examine how the company could at minimum cost and use of various sources implement standard ISO/IEC 27001 on the basis of what is already available from the standards PCI DSS and ITIL. For this purpose, the master thesis reviews, compares and conducts mapping of various requirements between those standards. On this basis, the concept of the implementation model of ISO / IEC 27001 with the integration of the PCI DSS and ITIL is developed. Through this model, companies could lower their costs and more easily implement the new standard as well as reduce the level of risk. The conclusion of the thesis offers overview of the findings and suggestions for further work. In this master thesis knowledge acquired in postgraduate study of Information Systems and decision-making at the Faculty of Engineering and Computer Science is used. Moreover, this thesis makes use of the knowledge and experience gained from my work in the field of software development, in particular web applications and web services, as well as the implementation of safety standards in the network which is discussed in this thesis. In addition to this, domestic and foreign scientific, technical articles, conference contributions, standards and frameworks are used as a relevant knowledge sources.

Keywords:information security, standard, PCI DSS, ITIL, ISO/IEC 27001, integration

Similar documents

Similar works from RUL:
Similar works from other Slovenian collections:

Back