Do you have any experience with pci
Course:- Computer Network Security
Reference No.:- EM13963515

Assignment Help
Expertsmind Rated 4.9 / 5 based on 47215 reviews.
Review Site
Assignment Help >> Computer Network Security

Security v. Compliance

One of our first modules pertains to why and how we need to build a proactive information security program. Some of our requirements flow down from client contracts, others are regulatory obligations, and the rest are "best practices" that an organization should meet in order to fulfill a fiduciary obligation (reasonable and ethical). This of these as a grid or framework of what and how your information security program must do. The objective is to build a program that accomplishes these requirements. One contract may say "review sources of information security relevant data for indication of intrusion or attack on a weekly basis", another may ask for a "daily review". You always choose the most stringent requirement so you can maintain a level of "comfortable compliance". If you or your people are reviewing your intrusion prevention systems, log aggregation tools, anti-malware dashboards, etc. on a "continuous basis", you're comfortable compliant with the most stringent requirement and far exceeding the others.

The Payment Card Industry's (PCI) Data Security Standard is one of the most common contractual security drivers; it applies to almost all organization that process, store, or transmit credit card data. Please review the first document linked below, and skim the second (no need to read them in their entirety):

https://www.pcisecuritystandards.org/pdfs/pcissc_overview.pdf (Links to an external site.)

https://www.pcisecuritystandards.org/documents/pci_dss_v2.pdf (Links to an external site.)

To start off, I'd like to get your response to the following four questions:

1. What are your initial thoughts about the seemingly straight forward six goals in the first link compared to 75 pages in the second?

2. Do you have any experience with PCI? Have you worked for an organization that dealt with PCI? HIPAA? SOX?

3. What's your perspective on "compliance" versus "security" or risk reduction?

4. If any organization meets the PCI compliance / security standard, should they be considered "secure"?

Put your comment

Ask Question & Get Answers from Experts
Browse some more (Computer Network Security) Materials
You are the Information Security Officer for a small pharmacy that has recently been opened in the local shopping mall. Identify and analyze any potential physical vulnerabili
You must include in your investigation protection of both transmitted information also sensitive data stored locally in computer databases.
A 1,048,576-bit message is used to generate 10-bit hash. One average, how many other messages could be expected to generate same hash value?
It can be shown that 5 is a primitive root for the prime 1223. You want to solve the discrete logarithm problem 5^x = 3 (mod 1223). Given that 3^611 = 1 (mod 1223), determine
War driving is a wireless attack. Describe at least four war driving tools and the purpose of each. Name and describe the four major access control models, and list the restri
Define the principles of risk management that apply to the retail industry. Define steps for a retail loss-prevention program. Explain the security systems you incorporated in
Discuss procedures for configuring and using Encrypting File System (EFS). Discuss procedures for configuring and implementing Advanced Audit Policies. Discuss DNS and procedu
If Bob receives M and S, describe process Bob will use to verify signature. Illustrate that in this case signature verification will succeed.