从以审计人员为中心到以体系结构为中心:PCI DSS的SDLC

Information Security Technical Report Pub Date : 2010-11-01 DOI:10.1016/j.istr.2011.02.003

Gunnar Peterson

{"title":"从以审计人员为中心到以体系结构为中心:PCI DSS的SDLC","authors":"Gunnar Peterson","doi":"10.1016/j.istr.2011.02.003","DOIUrl":null,"url":null,"abstract":"<div><p>This paper examines ways to improve security architecture by harnessing the executive attention that compliance activities like PCI DSS bring to security and focus that attention toward improving security architecture over the long term. Threat modeling fills a gap between the system's functional requirements and the auditor's checklist, and is used to catalyze this change of focus.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"15 4","pages":"Pages 150-153"},"PeriodicalIF":0.0000,"publicationDate":"2010-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2011.02.003","citationCount":"3","resultStr":"{\"title\":\"From auditor-centric to architecture-centric: SDLC for PCI DSS\",\"authors\":\"Gunnar Peterson\",\"doi\":\"10.1016/j.istr.2011.02.003\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>This paper examines ways to improve security architecture by harnessing the executive attention that compliance activities like PCI DSS bring to security and focus that attention toward improving security architecture over the long term. Threat modeling fills a gap between the system's functional requirements and the auditor's checklist, and is used to catalyze this change of focus.</p></div>\",\"PeriodicalId\":100669,\"journal\":{\"name\":\"Information Security Technical Report\",\"volume\":\"15 4\",\"pages\":\"Pages 150-153\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://sci-hub-pdf.com/10.1016/j.istr.2011.02.003\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Information Security Technical Report\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1363412711000148\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Security Technical Report","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1363412711000148","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

本文研究了通过利用诸如PCI DSS之类的遵从性活动给安全性带来的执行关注来改进安全体系结构的方法，并将注意力集中在长期改进安全体系结构上。威胁建模填补了系统功能需求和审核员清单之间的空白，并用于催化焦点的变化。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

From auditor-centric to architecture-centric: SDLC for PCI DSS

This paper examines ways to improve security architecture by harnessing the executive attention that compliance activities like PCI DSS bring to security and focus that attention toward improving security architecture over the long term. Threat modeling fills a gap between the system's functional requirements and the auditor's checklist, and is used to catalyze this change of focus.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Information Security Technical Report

自引率

0.00%

发文量