Preview

Lab 9

Satisfactory Essays
Open Document
Open Document
1001 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Lab 9
1. What are some common risks, and vulnerabilities commonly found in the System/Application Domain that must be mitigated with proper security countermeasures?
Unauthorized access to data centers, computer rooms and wiring closets, servers must be shut down occasionally for maintenance causing network downtime, data can be easily lost or corrupt and recovering critical business functions may take too long to be useful.
2. If your company makes software to accept credit card payments, what standard would you use to measure and audit your software security?
You must adhere to the PCI Data Security Standard Compliance requirements.
3. Which 3 PCI requirements are most relevant to the systems/application domain?
Install and maintain a firewall configuration to protect cardholder data.
Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect stored cardholder data.
4. Your production system is regularly back-up, and some of the data is used for testing and development for a new application interface. Is this in compliance with PCI DSS?
No, because if the test environment is not secure then its not in compliance.
Yes, if the test and production environment has same level of security

5. Why is it a risk to use production data for development?
Because if the information is not tested properly during the testing phase then its possibility that the information is not skewed. And also if the environment is not safe then there can be some compliance issues.
6. What are some options according to PCI DSS to protect external facing web applications from known attacks?
Having all custom application code reviewed for common vulnerabilities by an organization that specializes in application security.
Installing an application layer firewall in front of Web-facing applications.

7. In order to perform a PCI DSS compliance audit on your e-commerce website, what should you incorporate into Requirement #6 regarding “Develop and Maintain Secure

You May Also Find These Documents Helpful

  • Powerful Essays

    Simpson Case ACL

    • 651 Words
    • 10 Pages

    Question 5. Determine if the amounts for each of the four transaction types are consistent with the information you received from the IT department.…

    • 651 Words
    • 10 Pages
    Powerful Essays
  • Better Essays

    Web application design and coding defects are the main reasons to create a secure coding policy and guidelines. The policy/guidelines are to provide awareness and ensure security when developing code.…

    • 813 Words
    • 4 Pages
    Better Essays
  • Good Essays

    RLOT2 Task 2 B rev 1

    • 569 Words
    • 2 Pages

    The only zero cost opportunity, standardizing polices and procedures, is also the most difficult. Processes for incident response, patch management, and preventative maintenance must be developed, refined and communicated to the appropriate staff. Incident response processes must further be exercised so all incident responders know exactly what to do in the event of a (D)DoS. Development and deployment policies must be developed defining the process for development and deployment and use of University owned and managed computing devices. Security must be forefront-outlining security in the software development life cycle (SDLC) for both University developed applications and off the shelf applications.…

    • 569 Words
    • 2 Pages
    Good Essays
  • Satisfactory Essays

    lasb 8 IS3220

    • 390 Words
    • 2 Pages

    3. What recommendations do you have for the future e-commerce server and deployment in regards to physical location and back-end security for privacy data and credit card data?…

    • 390 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    NT2580

    • 331 Words
    • 2 Pages

    Given a list of policy violations and security breaches, select three breaches, and consider the best options for controlling and monitoring each incident. Identify the methods to mitigate risk and minimize exposure to threats or vulnerabilities.…

    • 331 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Is3110 Week5 Quiz

    • 218 Words
    • 2 Pages

    5. List and explain three basic protection steps you can take to ensure all servers are hardened, thus reducing incidents.…

    • 218 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    Use strong password policies, do not store credentials in insecure manner, use authentication mechanisms, encrypt communication channels, use secure HTTP(HTTPS) only with Forms authentication cookies…

    • 1000 Words
    • 4 Pages
    Good Essays
  • Satisfactory Essays

    Project part 6

    • 406 Words
    • 2 Pages

    PCI DSS stands for Payment Card Industry Data Security Standard. PCI DSS originally began as five different programs: Visa, MasterCard, American Express, Discover and JCB data security programs. Each company creates an additional level of protection for card issuers by ensuring that merchants meet minimum levels of security when they store, process and transmit cardholder data. PCI DSS specifies 12 requirements for compliance, organized into six logically related groups called control objectives. Each version of PCI DSS has divided these 12 requirements into a number of sub-requirements differently, but the 12 high level requirements have not changed since the inception standard. The control objectives are Build and maintain a secure network, protect cardholder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test networks and maintain an information security policy. The requirements for compliance are, install and maintain a firewall configuration to protect card holder data, do not use vendor-supplied defaults for system passwords and other security parameters, protect stored cardholder data, encrypt transmission of cardholder data across open public networks, use and regularly update anti-virus software on all systems commonly affected by malware, develop and maintain secure systems and applications, restrict access to cardholder data by business need-to-know, assign a unique ID to each person with computer access, restrict…

    • 406 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    Nt1330 Unit 3 Essay

    • 764 Words
    • 4 Pages

    8. Identify the five components of an information system. Which are most directly impacted by the study of computer security? Which are most commonly associated with its…

    • 764 Words
    • 4 Pages
    Good Essays
  • Good Essays

    Lab 7

    • 928 Words
    • 3 Pages

    1. What are some common risks, threats, and vulnerabilities commonly found in the LAN-to-WAN Domain that must be mitigated through a layered security strategy?…

    • 928 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    PCI DSS Interviews

    • 363 Words
    • 2 Pages

    PCI DSS Assessment Personnel Interviews will be conducted the week of October 31 through November 4, 2016. Most, if not all of you were selected by the External PCI Audit Team last year so I anticipate similar, if not the same this audit cycle. As soon as the Lead Auditor (QSA) confirms, I will communicate dates, times, and locations. In the meantime, please take a moment to review the Interview Preparation guidance below. For your convenience, intent this year is to conduct most interviews at the Century Center Data Center. More to follow……

    • 363 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    OWASP

    • 5288 Words
    • 22 Pages

    O About OWASP Foreword About OWASP Insecure software is already undermining our financial, healthcare, defense, energy, and other critical infrastructure. As our digital infrastructure gets increasingly complex and interconnected, the difficulty of achieving application security increases exponentially. We can no longer afford to tolerate relatively simple security problems like those presented in the OWASP Top 10. The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications that can be trusted.…

    • 5288 Words
    • 22 Pages
    Good Essays
  • Powerful Essays

    Cobit Security Checklist

    • 7749 Words
    • 31 Pages

    The first step in a security checklist for XYZ Company is COBIT PO1.3, an assessment of the current capability and performance of solution and service delivery. The assessment should measure IT's contribution to business objectives, functionality, stability, complexity, costs, strengths, and weaknesses. While this assessment will be useful for security purposes, all areas of IT can use it because security capabilities are a subset of overall IT capabilities. It will provide a baseline to which to compare future changes. Since XYZ is not a new company, they must have existing infrastructure and services in place. Thus, having a baseline is advantageous because it will allow IT to show tangible improvements to executives, which will help procure financing for future IT endeavors.…

    • 7749 Words
    • 31 Pages
    Powerful Essays
  • Powerful Essays

    Application Security

    • 2278 Words
    • 10 Pages

    According to the patterns & practices Improving Web Application Security book, a principle-based approach for application security includes:[1]…

    • 2278 Words
    • 10 Pages
    Powerful Essays
  • Powerful Essays

    Exponential growth of the Internet and the transmission bandwidth of the communication carrier is transforming the way businesses operate and communicate. In this technology-centric world, customers, partners, suppliers and employees are demanding unparalleled levels of service, collaboration and communications, to compete in the emerging market place. Technology has become so advanced and IT auditing advances as well. However, the fact still remains that even if technology has become very advanced risks and potential harm to integrity and accuracy of the data still remains especially in cyber commerce. Cyber commerce has three categories which are business-to-business (B2B), business-to-customers (B2C) and mobile commerce (m-commerce). Today, the term “e-commerce” includes all commercial activities performed through information technology and communication engineering, such as the Internet, virtual private networks (VPNs), automated teller machines (ATMs), electronic fund transfers (EFTs), electronic data interchange (EDI), e-supply chain management (e-SCM) and e-customer relationship management. E-commerce is now a trend and IT auditors must audit them to minimize the threats and risks that come with it. IT auditors look into existing internal controls, which might not have been optimized for the best results. There are several reasons why internal control cannot provide absolute assurance that objectives will be achieved: cost-benefit realities, collusion among employees and external events beyond an organization’s control.…

    • 2481 Words
    • 10 Pages
    Powerful Essays

Related Topics