Project part 6
The senior management has been advised by the legal department that the organization will need to become PCI DSS compliant before using online applications that accept credit cards and customer personal information. The management isn’t familiar with PCI DSS compliance; therefore, the management asked you to prepare a recommendation explaining PCI DSS compliance, how the organization can move through the compliance process, and the consequences of noncompliance.
PCI DSS stands for Payment Card Industry Data Security Standard. PCI DSS originally began as five different programs: Visa, MasterCard, American Express, Discover and JCB data security programs. Each company creates an additional level of protection for card issuers by ensuring that merchants meet minimum levels of security when they store, process and transmit cardholder data. PCI DSS specifies 12 requirements for compliance, organized into six logically related groups called control objectives. Each version of PCI DSS has divided these 12 requirements into a number of sub-requirements differently, but the 12 high level requirements have not changed since the inception standard. The control objectives are Build and maintain a secure network, protect cardholder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test networks and maintain an information security policy. The requirements for compliance are, install and maintain a firewall configuration to protect card holder data, do not use vendor-supplied defaults for system passwords and other security parameters, protect stored cardholder data, encrypt transmission of cardholder data across open public networks, use and regularly update anti-virus software on all systems commonly affected by malware, develop and maintain secure systems and applications, restrict access to cardholder data by business need-to-know, assign a unique ID to each person with computer access, restrict
PCI DSS stands for Payment Card Industry Data Security Standard. PCI DSS originally began as five different programs: Visa, MasterCard, American Express, Discover and JCB data security programs. Each company creates an additional level of protection for card issuers by ensuring that merchants meet minimum levels of security when they store, process and transmit cardholder data. PCI DSS specifies 12 requirements for compliance, organized into six logically related groups called control objectives. Each version of PCI DSS has divided these 12 requirements into a number of sub-requirements differently, but the 12 high level requirements have not changed since the inception standard. The control objectives are Build and maintain a secure network, protect cardholder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test networks and maintain an information security policy. The requirements for compliance are, install and maintain a firewall configuration to protect card holder data, do not use vendor-supplied defaults for system passwords and other security parameters, protect stored cardholder data, encrypt transmission of cardholder data across open public networks, use and regularly update anti-virus software on all systems commonly affected by malware, develop and maintain secure systems and applications, restrict access to cardholder data by business need-to-know, assign a unique ID to each person with computer access, restrict