{"title":"From auditor-centric to architecture-centric: SDLC for PCI DSS","authors":"Gunnar Peterson","doi":"10.1016/j.istr.2011.02.003","DOIUrl":null,"url":null,"abstract":"<div><p>This paper examines ways to improve security architecture by harnessing the executive attention that compliance activities like PCI DSS bring to security and focus that attention toward improving security architecture over the long term. Threat modeling fills a gap between the system's functional requirements and the auditor's checklist, and is used to catalyze this change of focus.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"15 4","pages":"Pages 150-153"},"PeriodicalIF":0.0000,"publicationDate":"2010-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2011.02.003","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Security Technical Report","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1363412711000148","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
Abstract
This paper examines ways to improve security architecture by harnessing the executive attention that compliance activities like PCI DSS bring to security and focus that attention toward improving security architecture over the long term. Threat modeling fills a gap between the system's functional requirements and the auditor's checklist, and is used to catalyze this change of focus.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
