Module Three Activity
docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
313
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
5
Uploaded by msheba08
Hery Gamez
Southern New Hampshire
University
IT-313 Risk Management/Mitigation Sys Des
January 22, 2023
Bathsheba Harris
Southern New Hampshire University
IT-313 Risk Management/Mitigation Sys Des
Module Three Activity
Module Three Activity
2
16 September 2023
Interactions
The implementation of the Payment Card Industry Data Security Standard (PCI DSS) aimed to enhance the security controls and data protection standards for credit card data. The main mission of the Payment Card Industry Data Security Standard (PCI DSS) is to ensure the protection of sensitive personal data, such as individuals' names, credit card numbers, expiration dates, and security codes. To ensure the security of personal account holder information and avoid potential impacts, it is imperative for Fertilizer Plus to adhere to the Payment Card Industry Data Security Standard (PCI DSS) requirements for both physical and online transactions. The adverse effects for a company that violates the Payment Card Industry Data Security Standard (PCI DSS) extend to financial penalties, limitations on card processing imposed by payment brands, and the erosion of consumer loyalty and the company's reputation. Consequently, these outcomes can result in substantial harm to the company's operations and
Module Three Activity
3
profitability. This report analyzes Fertilizer Plus's current IT infrastructure against the PCI Data Security Standard (DSS) and proposes solutions that will bring the company into compliance with the standard.
The customer database of Fertilizer Plus contains personally identifiable information (PPI), such as names and credit card payment details, which requires the implementation of strict
safety precautions to ensure confidentiality. To fulfill the necessary criteria, it is the responsibility of the IT department within the organization to ascertain the company's Payment Card Industry (PCI) level, which is determined by the number of transactions conducted annually. Additionally, the IT department must possess a complete understanding of the adverse effects associated with noncompliance, carry out a self-assessment questionnaire to evaluate the company's adherence to regulatory standards, establish and uphold a secure network infrastructure to safeguard Personally Identifiable Information (PPI) and present substantiating evidence of compliance by completing an Attestation of Compliance (Fruhlinger, 2020).
Below are PCI Compliance Standards the implementation steps:
1. Protect cardholder data by installing and maintaining a firewall.
2. Avoid vendor-supplied system passwords and security parameters.
3. Secure cardholder data.
4. Encrypt public network cardholder data transmission.
5. Use and update antivirus software.
6. Create and maintain secure apps.
7. Limit company need-to-know cardholder data access.
8. Give each computer user a unique ID.
9. Limit physical cardholder data access.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Module Three Activity
4
10. Monitor all network and cardholder data access.
11. Test security features and processes regularly.
12. Have an information security policy (PCI Compliance Checklist: 12 PCI DSS Requirements, n.d.).
Best Practices
Understanding where personally identifiable information (PII) is stored, granting only authorized users’ access, encrypting PHI, training personnel on security standards, and monitoring PHI are all best practices for maintaining PCI Compliance. Access should be restricted to individuals who require it for the purpose of fulfilling their job responsibilities. Encrypting data serves as an additional security measure, rendering it more challenging to gain access in the event of a security breach. Providing comprehensive training to employees on security policies is of paramount importance to effectively mitigate the risks associated with social engineering. Equipping individuals with the necessary knowledge and awareness regarding potential threats enables them to exercise caution and make informed decisions, thereby significantly reducing the likelihood of becoming vulnerable to such fraudulent tactics. Ultimately, it is important to keep track of who has access to what data, how that data is being utilized, and if any suspected activity has been detected. It is imperative to document policies, security incidents, and risk assessments as part of a holistic approach to organizational security. These procedures are implemented to ensure that the organization is actively carrying out the objectives outlined in the Payment Card Industry Data Security Standard (PCI DSS).
Module Three Activity
5
References
Fruhlinger, J. (2020, July 17). PCI DSS explained: Requirements, fines, and steps to compliance. CSO Online. https://www.csoonline.com/article/3566072/pci-dss-explained-
requirements-fines-and-steps-to-compliance.html
Gibson, Darril, and Andy Igonor. Managing Risk in Information Systems, Jones & Bartlett Learning, LLC, 2020. ProQuest Ebook Central, https://ebookcentral-proquest-
com.ezproxy.snhu.edu/lib/snhu-ebooks/detail.action?docID=6372043.
PCI Compliance Checklist: 12 PCI DSS Requirements. (n.d.). www.tidalcommerce.com.
Retrieved March 15, 2023, from https://www.tidalcommerce.com/learn/pci-compliance-checklist