Preview

PCI DSS and the seven domains

Satisfactory Essays
Open Document
Open Document
565 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
PCI DSS and the seven domains
IS3110
Unit 2 Assignment PCI DSS and the Seven Domians
Jose J Delgado

PCI DSS and the Seven Domains
YieldMore
YieldMore has a network needing to configure its current configuration and policy to meet PCI DSS standards which can be found at: https://www.pcisecuritystandards.org/security_standards/documents.php?agreements=pcidss&association=pcidss
In order to be in compliance a basic compliance plan has been created to ensure YieldMore and customer data in the reconfiguration will be met. Software and hardware used will be checked to PCI DSS database to ensure compliance. The network plan will be required to meet these minimum requirements before compliance assessment test will be made.
*Note: If third party is to host the payment process and procedure. They will be responsible to uphold the PCI DSS standards, they will be held liable if failure to maintain compliance.

Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall
-In reference to previous network plan U1A1 a firewall will be in place in the LAN/WAN Domain & System/Application Domain to protect internal network from potential external threats.
Requirement 2: Do not use defaults, such as default password
-In reference to previous network plan U1A1 GPO and AD will be created and upheld for the internal network. GPO will be in place to provide username and password security policy for external network users. (System/Application Domain)
Protect Cardholder Data
Requirement 3: Protect stored data
-Policy will be implemented to document all security policies and operation policy to secure cardholder data that will be stored in company database. (System/Application Domain & LAN Domain & Remote Access Domain)
Requirement 4: Encrypt transmissions
- SSL and HTTPS will applied to online transactions. Enabling encrypted connection through user login to encrypted pages until sign out. (System/ Application Domain & LAN Domain & Remote Access Domain)
Maintain a

You May Also Find These Documents Helpful

  • Powerful Essays

    1. Briefly explain how the Gufw internal Ubuntu host IP ststeful firewall can be used in a layered security strategy at the Workstation Domain level.…

    • 1518 Words
    • 5 Pages
    Powerful Essays
  • Powerful Essays

    1. Briefly explain how the Gufw internal Ubuntu host IP ststeful firewall can be used in a layered security strategy at the Workstation Domain level.…

    • 1518 Words
    • 5 Pages
    Powerful Essays
  • Satisfactory Essays

    Heartland Case Summary

    • 376 Words
    • 2 Pages

    Summary: Heartland is requiring that all merchants comply with PCI-DSS standards, and as part of this effort, have partnered with ControlScan to serve as both the ASV and QSA. Failure to comply with these standards, will lead to a penalty for those business owners not in compliance.…

    • 376 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    References: Cisco Unified WAN Services: Services, Security, Resiliency, and Intelligence - Cisco. (n.d.). Retrieved from http://www.cisco.com/en/US/prod/collateral/routers/ps9343/solution_overview_c22-450358_ps9343_Products_White_Paper.html…

    • 681 Words
    • 2 Pages
    Good Essays
  • Satisfactory Essays

    IS3230 Lab 7 Multi-Factor Authentication Process Chris Wiginton ITT Technical Institute, Tampa FL Instructor: David Marquez 1 May 2014 Multi-Factor Authentication Process Area Authentication Process(es) Authentication Factors Authentication and Authorization LDAP /Kerberos Authentication, Token , Session Timeline Username , Password Token, Pin, Biometric Device Support Device should not be end of life and under support contract Vendor Supported Firewalls using Approved Product List (APL) Interoperability ISO and IEEE Standards for Encryption Multi-Vendor Interoperability based on AES, 3DES Standards, and SSL Encryption methods. Multiprotocol Support TCP, UDP, ESP, SSL ACL only allows trusted endpoints based on Port and Protocol Packet Encryption IKE - Internet Key Exchange VPN 2 Phase Negotiation based on Pre-Share Key, VPN Certificate Authentication.…

    • 155 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Looking at the network diagram provided I determined that the user, workstation, LAN, LAN-to-WAN, and system/application domains involved in the company should be redesigned to implement better access controls to provide multi-layered security. The most important access control implementation would be the user domain where the company should put emphasis on training; how to recognize social engineering attacks, how to create strong passwords, and how often they should be changed. The workstation domain should focus security via virus and malware scanning, operating system patching, and other types of application-level firewalls. To achieve a multi-layered security approach in the LAN domain I would recommend using an intrusion detection system (IDS) and an intrusion prevention system (IPS) to prevent unauthorized access. Security for the LAN-to-WAN domain should be implemented through the use of a firewall or DMZ to also prevent unauthorized access into the company’s network.…

    • 439 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    This domain needs strict security controls given the risks and threats of connecting to the internet. This domain is where all data travels into and out of the IT infrastructure. A security solution for unauthorized access through the LAN-to-WAN domain is to apply strict security monitoring controls for intrusion detection and prevention.…

    • 801 Words
    • 4 Pages
    Good Essays
  • Good Essays

    Employees will be also using the workstation domain is where they will connect to the company’s network. Tight security and access controls will be enforced on company equipment and users must have proper access rights…

    • 539 Words
    • 3 Pages
    Good Essays
  • Powerful Essays

    Reseta

    • 1504 Words
    • 7 Pages

    1. Purpose. This Interim Policy Document (IPD) establishes XX Agency (XXA) procedures for managing network security.…

    • 1504 Words
    • 7 Pages
    Powerful Essays
  • Powerful Essays

    Capstone Test Plan

    • 1638 Words
    • 7 Pages

    This test plan document will describe the testing activities to be conducted as part of the Capstone Healthcare Modernization project at Capstone Healthcare.…

    • 1638 Words
    • 7 Pages
    Powerful Essays
  • Satisfactory Essays

    11231

    • 551 Words
    • 3 Pages

    6. Refer to the exhibit. Beginning with HR servers and workstations, a network engineer is designing a new security structure for the network. Which set of policies adheres to the hierarchical network model design principles?…

    • 551 Words
    • 3 Pages
    Satisfactory Essays
  • Good Essays

    E-Retailing

    • 354 Words
    • 2 Pages

    When ready to complete the sale, the customer proceeds to the checkout. At this time, the customer enters personal and financial data through a secure Internet connection. The transaction and financial data automatically are verified at a banking Web site. If the bank approves the transaction, the customer receives an online confirmation notice of the purchase.…

    • 354 Words
    • 2 Pages
    Good Essays
  • Powerful Essays

    This book is designed to provide information about exam topics for the Cisco Certified Network Associate (CCNA) Exam…

    • 116315 Words
    • 466 Pages
    Powerful Essays
  • Good Essays

    I-Factor Testimony Bureau

    • 2920 Words
    • 12 Pages

    This project helps to maintain the details of the clients, banks and transaction details in full fledged security. Unauthorized persons cannot access the data. The transactions are kept online, so that there is fast completion of the transaction process available…

    • 2920 Words
    • 12 Pages
    Good Essays
  • Good Essays

    systems that underpin them, form the basis of the Cisco Supplier Code of Conduct, which conforms…

    • 595 Words
    • 3 Pages
    Good Essays