Week 2I Compliance with Laws and Regulations

docx

School

Prince George's Community College, Largo *

*We aren’t endorsed by this school

Course

413

Subject

Information Systems

Date

Nov 24, 2024

Type

docx

Pages

1

Uploaded by seth7up.sf

Report
CSIA 413 Week 2 Discussion: Compliance with Laws and Regulations The Payment Card Industry Data Security Standard (PCI DSS) are security standards set in place by many of the most prominent institutions in the payment card industry (Imperva, 2022). While PCI DSS has four separate levels for institutions complying with this standard based on the number of transactions handled by that company/institution/organization, the standard has 12 requirements broken down over 6 separate categories. Those categories include secure networks, secure card holder data, vulnerability management, access control, network monitoring and testing, and information security. These standards and categories were designed to reduce the risk of cybersecurity breaches and fraud for institutions which handle sensitive information for card holders (Barney, 2023).  The Secure network requires firewalls configurations to be maintained while passwords to systems must be complex and original. In order to secure cardholder data transactions with cardholder data must remain encrypted, and anti-virus software must be regularly updated to manage vulnerabilities (PCI DSS, 2023). Access control is critical, and access must be restricted to need-to-know which unique IDs used to access the sensitive data. Network monitoring and testing can be accomplished by tracking access to cardholder information as well as sensitive network resources. Finally, an in-depth policy must be implemented, maintained, and enforced for guaranteeing information security. Red Clay’s clients all have some of the most up-to-date, in-home Internet of Things (IoT) devices on the market, and many of these devices allow for financial transactions to pass through them with known payment card information. It is imperative for Red Clay to follow PCI DSS policies and standards when handling sensitive payment information for clients. If Red Clay doesn’t follow these standards, there could be legal repercussions if/when client payment information leaks into the wrong hands, and the company’s reputation could be damaged irreparably.   References Barney, N. (2023, June 19).  What is PCI DSS? Requirements and compliance | TechTarget . Security.  https://www.techtarget.com/searchsecurity/definition/PCI-DSS-Payment-Card- Industry-Data-Security-Standard?Offer=abMeterCharCount_var1 Imperva. (2022, October 26).  What is PCI DSS | Compliance levels, certification & requirements | Imperva . Learning Center.  https://www.imperva.com/learn/data-security/pci-dss-certification/ PCI DSS. (2023, July 27).  Document library . PCI Security Standards Council.  https://www.pcisecuritystandards.org/document_library/?document=pci_dss  
Discover more documents: Sign up today!
Unlock a world of knowledge! Explore tailored content for a richer learning experience. Here's what you'll get:
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

2.1_PROJECT MANAGEMENT PLAN 2020-01 (1).docx
CIS245_5.1_ReadingAssignment_Quiz.docx
BUS377 - Final (41).jpg
5.docx
BSBPMG430_ Assessment Task 1.docx
WK 5 Discussion.docx
TROUBLESHOOTING SET 2.docx
photo_7_2024-02-15_13-41-00.jpg
IVY BSBRSK501 Assessment 3.docx
Industry Applications.docx
Task 5.docx
ITT 307 Personal Data Search.docx