Wednesday, March 13, 2019
PCI DSS and the Seven Domains Essay
1. Identify the touch points betwixt the objectives and requirements of PCI DSS and YieldMores IT environment. The objectives and requirements for PCI DSS compliance is the same for every demarcation wanting to cause doctrine card payments. There atomic number 18 6 control objectives with 12 requirements.Control ObjectivesPCI DSS Requirements1. Build and plead a Secure Network1. introduce and maintain a firew each(prenominal) configuration to protect cardholder data2. Do non use vendor-supplied defaults for carcass passwords and other security parameters2. nurse Cardholder Data3. Protect stored cardholder data4. Encrypt transmission of cardholder data crossways open, public networks3. note a Vulnerability Management Program5. Use and regularly update anti-virus parcel on all systems commonly affected by malware6. break up and maintain secure systems and applications4. Implement Strong Access Control Measures7. bounce door to cardholder data by business need-to-know8. Assign a ludicrous ID to each person with computer access9. Restrict physical access to cardholder data5. Regularly Monitor and Test Networks10. Track and monitor all access to network resources and cardholder data11. Regularly visitation security systems and processes6. Maintain an Information protective covering Policy12. Maintain a policy that addresses culture security2. Determine appropriate best practices to implement when taking steps to meet PCI DSS objectives and requirements. The best way to implement best practices is following the requirements. almost of the requirements listed above read like a guideline i.e. not apply vendor supplied default passwords. Obviously you would want to make your own steadfast password that would be difficult to guess. 3. Justify your reasoning for each identify best practice. The justification for best practice is you want to make the credit card randomness as secured as possible. The follow give be handling the income of people a nd if something goes wrong and people get access to the culture the business will go under. No potential customer will want to do business with them. 4. Prepare a brief work or PowerPoint presentation of your findings for IT management to review. In order to better facilitate their customers, YieldMore wants to begin accepting credit card payments.In order for the company to begin the process of accepting credit cards it must origin be PCI DSS compliant. PCI DSS is an information security standard. So the company has meet half-dozen objectives and each of those objectives has requirements that must be met to be compliant. The graduation exercise objective is to found and maintain a secure network. Two requirements must be met in order for that objective to be met. First is to install and maintain a firewall configuration to protect cardholder data and do not use vendor-supplied defaults for system passwords and other security parameters. The second objective is protecting car dholder data. Two requirements are needed to meet that objective. Protect stored cardholder data and encrypting transmission of cardholder data across open, public networks are the requirements for the second objective.The third objective is to maintain a Vulnerability Management Program with using and regularly updating anti-virus software on all systems commonly affected by malware and developing maintaining securing systems and applications requirements. Implementing a strong access control measure objective would be unprovoked to achieve. The requirements for the fourth objective is circumscribe access to cardholder data by business need-to-know, assigning a unique ID to each person with computer access, and restricting the physical access to cardholder data.The fifth objective is to regularly monitor and test networks. Tracking and monitoring all access to network resources and cardholder data is the first requirement. Regularly testing securitysystems and processes is the ot her requirement. Maintaining a policy that addresses information security is the only requirement for the final objective, maintain an Information Security Policy. Once all these objectives are met then the company would be PCI DSS compliant.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment