User Account

All Pages

Do you have any experience with pci

Assignment Help Computer Network Security
Reference no: EM13963515

Security v. Compliance

One of our first modules pertains to why and how we need to build a proactive information security program. Some of our requirements flow down from client contracts, others are regulatory obligations, and the rest are "best practices" that an organization should meet in order to fulfill a fiduciary obligation (reasonable and ethical). This of these as a grid or framework of what and how your information security program must do. The objective is to build a program that accomplishes these requirements. One contract may say "review sources of information security relevant data for indication of intrusion or attack on a weekly basis", another may ask for a "daily review". You always choose the most stringent requirement so you can maintain a level of "comfortable compliance". If you or your people are reviewing your intrusion prevention systems, log aggregation tools, anti-malware dashboards, etc. on a "continuous basis", you're comfortable compliant with the most stringent requirement and far exceeding the others.

The Payment Card Industry's (PCI) Data Security Standard is one of the most common contractual security drivers; it applies to almost all organization that process, store, or transmit credit card data. Please review the first document linked below, and skim the second (no need to read them in their entirety):

https://www.pcisecuritystandards.org/pdfs/pcissc_overview.pdf (Links to an external site.)

https://www.pcisecuritystandards.org/documents/pci_dss_v2.pdf (Links to an external site.)

To start off, I'd like to get your response to the following four questions:

1. What are your initial thoughts about the seemingly straight forward six goals in the first link compared to 75 pages in the second?

2. Do you have any experience with PCI? Have you worked for an organization that dealt with PCI? HIPAA? SOX?

3. What's your perspective on "compliance" versus "security" or risk reduction?

4. If any organization meets the PCI compliance / security standard, should they be considered "secure"?

Reference no: EM13963515

Questions Cloud

Consider the relative indices of refraction involved : How can you determine the thickness of the air gap at a particular location? Derive an equation to use in the lab. Be explicit about your assumptions. Don't assume normal incidence.
Points redeemable for future purchases : Martz Inc. has a customer loyalty program that rewards a customer with 1 customer loyalty point for every $10 of purchases. Each point is redeemable for a $3 discount on any future purchases. On July 2, 2014, customers purchase products for $302,000 ..
Find relationship between c and a to normalize the function : Using the test function φ = C cos(αx) defined in the range -Π/2
Initializing static fields : Why do static ?elds of a class have to be initialized when the class is loaded? Why can't we initialize static ?elds when the program starts? Give an example of what goes wrong if, instead of static ?elds being initialized too early, they are init..
Do you have any experience with pci : Do you have any experience with PCI? Have you worked for an organization that dealt with PCI? HIPAA? SOX? What's your perspective on "compliance" versus "security" or risk reduction?
Depreciated for three years using the straight-line method : The old truck has been depreciated for three years using the straight-line method. The new truck would be recorded at
Create a proposal for vi walker silver web site : Creating a proposal for Vi Walker Silver (Links to an external site.) web site. Vi Walker Silver (Links to an external site.) is a local business that buys and sells sterling silver.
Craft a plan for identifying and monitoring risk : Project Risk Planning: Craft a plan for identifying and monitoring risk. In your plan, you could consider: The amount of uncertainty in the project and how to deal with it and The threats of greatest concern
Multiple inheritance and thunks : Then, pa and pc will contain the same value, but pb will contain a different value; it will contain the address of the B part of the C object. The fact that pb and pc do not contain the same value means that in C++, a cast sometimes has a run-time..

Reviews

Write a Review

Computer Network Security Questions & Answers

  Describe a malware attack that causes the victim

Describe a malware attack that causes the victim to receive physical advertisements and describe an instance of a file that contain evidence of its own integrity and authenticity.

  Biggest new technology

Question 1: What are some problems with not adding data integrity for your input strings? Example: If you are asking for an amount and when you can put in a letter. Question 2: What is one security issue that can take place with an interface? Expla..

  What are the core components of a pki

What are the core components of a PKI? Briefly describe each component - Explain the problems with key management and how it affects symmetric cryptography.

  Enterprise network design and network size

In small networks, the web of router links is not complex, and paths to individual destinations are easily deduced. However, in large networks, the resulting web is highly complex, and the number of potential paths to each destination is large.

  Common information security concepts at the apprentice level

Write about common information security concepts at the apprentice level. Your summary must include an analysis that addresses strategic fit

  Using biometric device at office and home easily and cheaply

ESSAYS a special requirement mentioned back in milestone 1, Jack millss wished the system to have "state-of-the-art-maybe some biometric device which can be used in office and at home easily and cheaply.

  Describe possible liability issues

Describe regulatory requirements and describe possible liability issues that may be related to these cyberattacks. How should cyber policy controls be adjusted for each organization to reduce vulnerabilities and prevent disruption or theft due to ..

  The weakest areas of the cyber security policy

From a FIPS 200 perspective, what are the weakest areas of the cyber security policy associated with the organization you selected? Discuss at least two weak areas and describe why.

  Summarize how virtualization works

Summarize how virtualization works, what it can be used for, what the security flaws are, and why the security issues associated withvirtualization might be of concern.

  Technical project paper-information systems security

Suppose you are the IT professional in charge of security for a small pharmacy that has recently opened within a shopping mall. The daily operation of a pharmacy is a unique business that requires a combination of both physical and logical access ..

  Questions on security in computing and program security

Frequently asked questions on security in computing, program security , operating system , database security ? what is intrusion detection system , what is firewall , what re the non malicious programming errors , theft to security , how to contro..

  Express the shannon-hartley capacity theorem

Express the Shannon-Hartley capacity theorem in terms of where is the Energy/bit and is the psd of white noise.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd