The Payment Card Industry Security Standards Council (PCI DSS) has suggested standards to address cases similar to the Target data breach discussed in this chapter’s AIS in the Business World; the Council’s Web site is www.pcisecuritystandards.org.

a. Point your web browser to the Council’s Web site. Access the “Payment Card Industry Data Security Standard Version 3.0,” published in November 2013. In consultation with your instructor, choose one of the 12 requirements discussed in the standard.

b. Explain how the requirement you selected, if violated, could lead to one type of computer crime identified in Carter’s taxonomy. For example, failure to “regularly test security systems and processes” (Requirement 11) could allow a computer criminal to hack the organization’s information system remotely (an example of instrumentality).

c. Relate the same requirement and the same category from Carter’s taxonomy to one or more of the business risks and threats discussed in the chapter. For example, a hacker could shut down the organization’s information system for a period of time (an example of service interruption and delays).

d. Considering all the three of the preceding items (requirement, Carter’s taxonomy element, business risk/threat), explain how strengthening one of CoBIT’s seven enablers could address the problem. For example, training all employees to recognize red flags for a hacked information system (people/skills/competencies) could lead to the organization becoming aware of a problem more quickly.

e. Using the control taxonomy , classify the control you indicated in (d). (Training employees is an example of administrative control.)