БЕЗПЕКА ПЛАТІЖНИХ ОПЕРАЦІЙ: ОГЛЯД І ХАРАКТЕРИСТИКА КЛЮЧОВИХ ЗМІН У НОВІЙ РЕДАКЦІЇ СТАНДАРТУ PCI DSS

Yevhenii Kurii; Ivan Opirskyy

doi:10.28925/2663-4023.2024.23.145155

Authors

Yevhenii Kurii Lviv Polytechnic National University https://orcid.org/0000-0002-3423-5655
Ivan Opirskyy Lviv Polytechnic National University https://orcid.org/0000-0002-8461-8996

DOI:

https://doi.org/10.28925/2663-4023.2024.23.145155

Keywords:

: cybersecurity framework; cybercrime; information security management system; critical infrastructure; cardholder data, PCI DSS.

Abstract

This article is devoted to the study of the current state of development of cyber threats in the world and the identification of key areas of ensuring the security of organizations in accordance with the latest practices in the field of cybersecurity. The article highlights the importance of constantly updating and improving cybersecurity strategies in accordance with the latest trends and requirements of today’s digital environment. The main challenges faced by organizations in the field of cybersecurity are investigated, and effective approaches to their resolution are proposed. This approach allows not only to adapt to the constantly changing landscape of cyber threats but also increases the level of protection and reduces risks for organizational systems. The article emphasizes the importance of implementing and using cybersecurity frameworks as an effective tool for ensuring the stability and reliability of systems’ security. The use of such frameworks allows organizations to create a systematic approach to information security management, taking into account modern requirements and industry best practices. This approach helps to ensure the completeness of security measures, which is essential for successfully combating cyber threats in today’s digital environment. The article focuses on the importance of the protection of cardholder data and compliance with the PCI DSS standard. The storage and processing of such data requires a high level of security, as their unauthorized leakage or breach of integrity can lead to serious financial losses for organizations and loss of user trust. The PCI DSS standard establishes requirements for protecting payment information, including defining controls and procedures to prevent unauthorized access to cardholder data. The updated version of the standard, PCI DSS v.4.0, is an important step in the direction of improving security measures and countering modern cyber threats in this area. Its detailed analysis will allow organizations to maintain compliance with new requirements and ensure the security of cardholder card data at a high level.

Downloads

Download data is not yet available.

References

Susukailo, V., Opirsky, I., & Yaremko, O. (2022). Methodology of ISMS Establishment Against Modern Cybersecurity Threats. Future Intent-Based Networking. Lecture Notes in Electrical Engineering, 831. https://doi.org/10.1007/978-3-030-92435-5_15

Global Cybersecurity Outlook 2024. (2024). Weforum. https://www.weforum.org/publications/global-cybersecurity-outlook-2024/

Taherdoost, H. (2022). Understanding Cybersecurity Frameworks and Information Security Standards – A Review and Comprehensive Overview. Electronics, 11(14). https://doi.org/10.3390/electronics11142181

Global Threat Intelligence Report. (n.d.). Blackberry. https://www.blackberry.com/us/en/solutions/threat-intelligence/threat-report

Kurii, Y., & Opirskyy, I. (2021). Analysis and Comparison of the NIST SP 800-53 and ISO/IEC 27001:2013. Cybersecurity Providing in Information and Telecommunication Systems, 3288, 21–32.

Kurii, Y., Opirskyy, I., & Bortnik, L. (2023). ISO/IEC 27001:2022 – Analysis of Changes and Compliance Features of the New Version of the Standard. Materials of IXth International Scientific and Technical Conference Information Protection And Information Systems Security, 15–17.

Information security, cybersecurity and privacy protection — Information security management systems — Requirements. (ISO/IEC 27001). (2022).

PCI DSS: v4.0. (n.d.). https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf

Lincke, S. (2024). Complying with the PCI DSS Standard. Information Security Planning. Springer. https://doi.org/10.1007/978-3-031-43118-0_3

Mustafa, N. (2023) PCI DSS v4.0: achieving more with limited resources. Brighttalk Webinar Series. https://doi.org/10.13140/RG.2.2.17152.20486

Payment Card Industry Security Standards. (n.d.). https://listings.pcisecuritystandards.org/pdfs/pcissc_overview.pdf

PCI DSS version 4.0 is here: What you need to know now. (n.d.). https://rsmus.com/insights/services/risk-fraud-cybersecurity/pci-dss-version-4-point-0-is-here-what-you-need-to-know-now.html

PCI DSS Summary of Changes: v3.2.1 to v4.0. (n.d.). https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v3-2-1-to-v4-0-Summary-of-Changes-r2.pdf