Need help with Assignment

profileadithyarao3663
Lab3AssessmentWorksheet1.pdf
Home>Computer Science homework help>Need help with Assignment

25

Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual

Lab #3 - Assessment Worksheet

Case Study on PCI DSS Noncompliance: CardSystems Solutions Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________

Overview

In this lab, you reviewed a real-world case study that involved a PCI DSS noncompliance scenario, and you recommended mitigation remedies to prevent the loss of private data for similar organizations.

Lab Assessment Questions & Answers

1. Did CardSystems Solutions break any federal or state laws?

2. In June 2004, an external auditor certified CardSystems Solutions as Payment Card Industry Data Security Standard- (PCI DSS-) compliant. What is your assessment of the auditor’s findings?

3. Can CardSystems Solutions sue the auditor for not performing his or her tasks and deliverables with accuracy? Do you recommend that CardSystems Solutions pursue this avenue?

4. Who do you think is negligent in this case study and why?

5. Do the actions of CardSystems Solutions warrant an “unfair trade practice” designation as stated by the Federal Trade Commission (FTC)?

26 | LAB #3 Case Study on PCI DSS Noncompliance: CardSystems Solutions

6. What security policies do you recommend to help with monitoring, enforcing, and ensuring PCI DSS compliance?

7. What security controls and security countermeasures do you recommend for CardSystems Solutions to be in compliance with PCI DSS requirements?

8. What was the end result of the attack and security breach to CardSystems Solutions and its valuation?

9. What are the possible consequences associated with the data loss?

10. Who do you think is ultimately responsible for CardSystems Solutions’ lack of PCI DSS compliance?

11. What should CardSystems Solutions have done to mitigate possible SQL injections and data breaches on its credit card transaction-processing engine?

12. True or false: Although CardSystems Solutions had proper security controls and security countermeasures, it was not 100 percent PCI DSS-compliant because the company failed to properly implement ongoing monitoring and testing on its development and production systems.

  1. Course Name and Number:
  2. Student Name:
  3. Instructor Name:
  4. Lab Due Date:
  5. Question1:
  6. Question2:
  7. Question3:
  8. Question4:
  9. Question5:
  10. Question7:
  11. Question8:
  12. Question9:
  13. Question10:
  14. Question11:
  15. Question6:
  16. Question 12: