| Abstract [eng] |
With the rapid growth of the number of electronic payments and increasing threats to information security, payment card data protection has become a key priority for organizations. The Payment Card Industry Data Security Standard (PCI DSS) is a widely recognized international information security standard that all organizations processing, storing, or transmitting cardholder data must comply with. It has been observed that many organizations face challenges in implementing PCI DSS requirements, ranging from insufficient compliance monitoring to ineffective risk management. The topic of this paper is a method for assessing a company's compliance with the PCI DSS based on the TOPSIS method. The large volume of electronic payments and the increasing number of cyber threats pose challenges for organizations, as it is becoming increasingly important to ensure not only formal but also actual compliance with PCI DSS requirements. In practice, there is often a lack of a structured and quantitatively based method that would allow for an objective assessment of the level of compliance and the identification of priority areas for improvement. The aim of this work is to accelerate the process of assessing a company's compliance with PCI DSS standard, which would allow for a systematic assessment of the organization's security status according to 12 PCI DSS requirements and assessment criteria. The method integrates assessments of the company's current level, desired security goals, and priorities. These main objects are used to calculate dynamic criteria weights and determine the overall level of compliance. During the analysis, the assessment method allows for identifying the weakest areas of security, determining the gap from the ideal level of compliance, and comparing improvement solutions. The TOPSIS method is used to evaluate software and hardware suppliers. It would show the optimal solution to be selected according to the company's strategic priorities. The synthesized results of the study showed that the TOPSIS method is a suitable and practical tool for assessing PCI DSS compliance, enabling objective, data-driven decisions, and targeted planning to improve the organization's PCI DSS standard compliance. |
