Monday, May 27, 2019
PCI DSS and the Seven Domains Essay
1. Identify the touch points between the object lenss and requirements of PCI DSS and YieldMores IT environment. The objectives and requirements for PCI DSS compliance is the same for every concern wanting to hope credit card payments. There are 6 admit objectives with 12 requirements.Control ObjectivesPCI DSS Requirements1. Build and Maintain a Secure Network1. Inst entirely and keep back a firewall configuration to protect cardholder data2. Do not use vendor-supplied defaults for system passwords and other security parameters2. Protect Cardholder Data3. Protect stored cardholder data4. cipher transmission of cardholder data across open, public profitss3. Maintain a Vulnerability forethought Program5. Use and regularly update anti-virus software on all systems commonly affected by malware6. Develop and maintain secure systems and applications4. Implement Strong Access Control Measures7. Restrict access to cardholder data by business need-to-know8. Assign a unique ID to dis tributively person with computer access9. Restrict physical access to cardholder data5. Regularly Monitor and Test Networks10. pursue and monitor all access to network resources and cardholder data11. Regularly test security systems and processes6. Maintain an schooling Security Policy12. Maintain a form _or_ system of government that addresses data security2. Determine appropriate best practices to implement when taking steps to meet PCI DSS objectives and requirements. The best way to implement best practices is following the requirements. close to of the requirements listed above read like a guideline i.e. not using vendor supplied default passwords. Obviously you would want to make your own strong password that would be difficult to guess. 3. Justify your reasoning for each identified best practice. The justification for best practice is you want to make the credit card information as secured as possible. The company will be handling the income of people and if something go es wrong and people get access to the information the business will go under. No potential customer will want to do business with them. 4. Prepare a brief report or PowerPoint presentation of your findings for IT management to review. In order to better serve their customers, YieldMore wants to begin accepting credit card payments.In order for the company to begin the process of accepting credit tease it must first be PCI DSS compliant. PCI DSS is an information security standard. So the company has meet six objectives and each of those objectives has requirements that must be met to be compliant. The first objective is to build and maintain a secure network. Two requirements must be met in order for that objective to be met. First is to install and maintain a firewall configuration to protect cardholder data and do not use vendor-supplied defaults for system passwords and other security parameters. The second objective is protecting cardholder data. Two requirements are ask to me et that objective. Protect stored cardholder data and encrypting transmission of cardholder data across open, public networks are the requirements for the second objective.The third objective is to maintain a Vulnerability Management Program with using and regularly updating anti-virus software on all systems commonly affected by malware and developing maintaining securing systems and applications requirements. Implementing a strong access control measure objective would be easy to achieve. The requirements for the fourth objective is restricting access to cardholder data by business need-to-know, assigning a unique ID to each person with computer access, and restricting the physical access to cardholder data.The fifth objective is to regularly monitor and test networks. Tracking and monitoring all access to network resources and cardholder data is the first requirement. Regularly testing securitysystems and processes is the other requirement. Maintaining a policy that addresses inf ormation security is the only requirement for the final objective, maintain an Information Security Policy. Once all these objectives are met then the company would be PCI DSS compliant.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.