cards (credit cards, debit cards, etc.). It is aligned with two other
            measures  dealing  with  payment  card  security  -  the  Payment
            Application  (PA-DSS)  and  the  Payment  Card  Industry  Pin
            Security  Requirements.  These  standards  are  a  requirement  for
            organizations that handle credit cards. The level of compliance
            with  this  standard  that  an  organization  must  demonstrate  is
            dependent on the number of payment card transactions dealt with
            by the organization per year.

            Even though this standard is explicitly written for organizations
            that handle payment cards, the principles and practices advocated
            by this standard can provide an excellent foundation for a security
            program. This is true for any organization regardless of whether
            the organization handles payment cards or not.

            The six main areas addressed in the PCI-DSSv3 are:

            - Build and Maintain a Secure Network and Systems
            - Protect Cardholder Data
            - Maintain a Vulnerability Management Program

            - Implement Strong Access Control Measures
            - Regularly Monitor and Test Networks

            - Maintain an Information Security Policy



            COBIT  A Business Framework for the Governance and
            Management of Enterprise IT

            ISACA's COBIT is another excellent tool that can be used to
            establish a comprehensive security program. The five core
            principles of COBIT 5 are:
            1- Meeting Stakeholder Needs
            2- Covering the Enterprise End-to-end