All three frameworks have their own perspective policies and goals which help businesses better secure their own and customer data and other sensitive information. The PCI DSS framework deal with financial information such as credit cards and how to protect customer’s credit card information. Companies that accept credit payments can use this framework to ensure secure online and in store exchanges. The PCI DDS main controls are maintaining a secure network, protecting cardholder data and monitoring and testing. FISMA is a framework enacted by the government and used by different federal agencies to secure their data. COBIT is an overall framework that has a variety of uses but it was created by ISACA for information technology and management. It ensures that IT processes are optimal and that businesses IT departments have best practices and objectives in the industry. Online shopping as an industry is a good example of the need for the PCI DSS. As online shopping becomes more and more prominent, so the number of services that are used to exchange credit card information for payments. Paypal was a major company using credit cards and account transfers for shopping, but many websites are using other smaller third-party systems and other companies to process their credit card. There are also countries which have different laws and may have different services but still allow US credit card holders to shop online. The PCI DSS can be used by these smaller companies to lessen the risk in online transactions. The VA or Veterans affair is a government department which uses FISMA. Our textbook cites the VA as one department that was not FISMA compliant and had several thousand security policy violations. (Johnson) Even tough FISMA requires agencies to send annual reviews to the Office of Management and Budget, this was not enough to curb all the violations. Since the federal government is much bigger and slower than the private industry there should me a much stronger need for a security