IT Compliance

There are several compliance frameworks these days that organizations have to implement for different reasons. I still see many organizations that struggle with all these frameworks. Each framework usually has an impressive set of objectives and controls. Does an organization have to process credit card information?

PCI DSS is probably one of the most misunderstood compliance obligations among IT professionals. It is in fact the Payment Card Industry Data Security Standard (PCI DSS) governed by the PCI Security Standards Council (PCI SSC) founded in 2006 by American Express, Discover Financial Services, JCB International, MasterCard and Visa.

In August 2014, I published a post about my experience with the CISA exam and the required experience. Even 3 years later, it is still the most popular post here and not so long ago, I was always seeing more requests after the exam dates.

Update: I published a new post with the most frequently asked questions on this post. Back in the summer 2013, I was interested to pass the CISA exam even if could not obtain the certification without experience. This was a way for me to demonstrate my interest in IT audit to future potential employers.