The public sector and private sector companies are expected to comply with many laws and regulations as well as industry requirements to promote information security. Assessments and audits of the IT environment help to ensure a company is in compliance. A successful information security professional must be able to assess a businesss needs, evaluate various standards and frameworks, and develop a customized, integrated internal control system that addresses the companys compliance responsibilities. Furthermore, the professional must be able to communicate with various peopleboth inside and outside the organizationto facilitate awareness of how control activities mitigate weaknesses or potential losses that could compromise the companys information security.

S&H Aquariums is a new online retailer that is about to begin selling aquariums and other items for aquarium hobbyists and businesses. You are an information systems and security expert hired by S&H Aquariums to lead a team that will assess processes and procedures within the company, as well as provide plans and guidance to help the company meet compliance requirements.

1. Explain the purpose of Payment Card Industry Data Security Standard (PCI DSS)
2. Analyze business factors that influence PCI DSS compliance
3. Describe potential consequences of failing to demonstrate PCI DSS compliance
4. Apply standards and frameworks to the development of information security internal control systems
5. Analyze the use of information security controls within IT infrastructure domains