Do you have any experience with pci
Course:- Computer Network Security
Reference No.:- EM13963515

Assignment Help
Expertsmind Rated 4.9 / 5 based on 47215 reviews.
Review Site
Assignment Help >> Computer Network Security

Security v. Compliance

One of our first modules pertains to why and how we need to build a proactive information security program. Some of our requirements flow down from client contracts, others are regulatory obligations, and the rest are "best practices" that an organization should meet in order to fulfill a fiduciary obligation (reasonable and ethical). This of these as a grid or framework of what and how your information security program must do. The objective is to build a program that accomplishes these requirements. One contract may say "review sources of information security relevant data for indication of intrusion or attack on a weekly basis", another may ask for a "daily review". You always choose the most stringent requirement so you can maintain a level of "comfortable compliance". If you or your people are reviewing your intrusion prevention systems, log aggregation tools, anti-malware dashboards, etc. on a "continuous basis", you're comfortable compliant with the most stringent requirement and far exceeding the others.

The Payment Card Industry's (PCI) Data Security Standard is one of the most common contractual security drivers; it applies to almost all organization that process, store, or transmit credit card data. Please review the first document linked below, and skim the second (no need to read them in their entirety):

https://www.pcisecuritystandards.org/pdfs/pcissc_overview.pdf (Links to an external site.)

https://www.pcisecuritystandards.org/documents/pci_dss_v2.pdf (Links to an external site.)

To start off, I'd like to get your response to the following four questions:

1. What are your initial thoughts about the seemingly straight forward six goals in the first link compared to 75 pages in the second?

2. Do you have any experience with PCI? Have you worked for an organization that dealt with PCI? HIPAA? SOX?

3. What's your perspective on "compliance" versus "security" or risk reduction?

4. If any organization meets the PCI compliance / security standard, should they be considered "secure"?

Put your comment

Ask Question & Get Answers from Experts
Browse some more (Computer Network Security) Materials
Search for security awareness on the internet. Describe the available materials. Choose one of the web sites that might work for security awareness program at your school
Your submission should demonstrate thoughtful consideration of the ideas and concepts that are presented in the course and provide new thoughts and insight relating directly
Describe how a hacker might go about cracking a message encrypted with each type of algorithm. Suggest a specific application for each type of algorithm where the advanta
Suppose Ali and Jim are sending packets to each other over a computer network. Suppose Thomas positions himself in the network so he can capture all packets sent by Ali and
Summarize the primary vulnerabilities and potential threats that exist for GCI related to the practice of storing sensitive data on laptops. In your opinion, which of the ri
How are many chunks of code from many organizations really going to work together to provide a secure and reliable computing environment?
In your essay response, define CPTED and describe how following the CPTED discipline can provide a more aesthetic alternative to classic target hardening approaches. Make su
You decide to create security checklist for New Century. Create list of security issues which the firm must evaluate and monitor. Make sure to organize items into categories