IS 3350 Week 3 Lab Case Study on PCI DSS Non-Compliance- CardSystems Solutions (ITT Tech)
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<str<strong>on</strong>g>IS</str<strong>on</strong>g> <str<strong>on</strong>g>3350</str<strong>on</strong>g> <str<strong>on</strong>g>Week</str<strong>on</strong>g> 3 <str<strong>on</strong>g>Lab</str<strong>on</strong>g> <str<strong>on</strong>g>Case</str<strong>on</strong>g> <str<strong>on</strong>g>Study</str<strong>on</strong>g> <strong>on</strong><br />
<strong>PCI</strong> <strong>DSS</strong> N<strong>on</strong>-<strong>Compliance</strong>:<br />
<strong>CardSystems</strong> Soluti<strong>on</strong>s (<strong>ITT</strong> <strong>Tech</strong>)<br />
BUY HERE⬊<br />
https://www.homeworkmade.com/is-<br />
<str<strong>on</strong>g>3350</str<strong>on</strong>g>-week-3-lab-case-study-<strong>on</strong>-pcidss-n<strong>on</strong>-compliance-cardsystemssoluti<strong>on</strong>s-itt-tech/<br />
<str<strong>on</strong>g>IS</str<strong>on</strong>g> <str<strong>on</strong>g>3350</str<strong>on</strong>g> <str<strong>on</strong>g>Week</str<strong>on</strong>g> 3 <str<strong>on</strong>g>Lab</str<strong>on</strong>g> <str<strong>on</strong>g>Case</str<strong>on</strong>g> <str<strong>on</strong>g>Study</str<strong>on</strong>g> <strong>on</strong> <strong>PCI</strong> <strong>DSS</strong> N<strong>on</strong>-<strong>Compliance</strong>: <strong>CardSystems</strong> Soluti<strong>on</strong>s (<strong>ITT</strong> <strong>Tech</strong>)<br />
<str<strong>on</strong>g>Lab</str<strong>on</strong>g> #3 - <str<strong>on</strong>g>Case</str<strong>on</strong>g> <str<strong>on</strong>g>Study</str<strong>on</strong>g> <strong>on</strong> <strong>PCI</strong> <strong>DSS</strong> N<strong>on</strong>-<strong>Compliance</strong>:<br />
<strong>CardSystems</strong> Soluti<strong>on</strong>s<br />
<str<strong>on</strong>g>Lab</str<strong>on</strong>g> Assessment Questi<strong>on</strong>s<br />
Answer the following questi<strong>on</strong>s pertinent to the <strong>CardSystems</strong> Soluti<strong>on</strong>s privacy data loss and n<strong>on</strong>compliance with the <strong>PCI</strong> <strong>DSS</strong><br />
standard.<br />
1. Did <strong>CardSystems</strong> Soluti<strong>on</strong>s break any federal or state laws?<br />
2. <strong>CardSystems</strong> Soluti<strong>on</strong>s claims to have hired an auditor to assess compliance with <strong>PCI</strong> <strong>DSS</strong> and other best practices for<br />
ensuring the C-I-A of privacy data for credit card transacti<strong>on</strong> processing. Assuming the auditor did indeed perform a <strong>PCI</strong> <strong>DSS</strong><br />
security compliance assessment, what is your assessment of the auditor’s findings?<br />
3. Can <strong>CardSystems</strong> Soluti<strong>on</strong>s sue the auditor for not performing his or her tasks and deliverables with accuracy? Do you<br />
recommend that <strong>CardSystems</strong> Soluti<strong>on</strong>s pursue this avenue?<br />
4. Who do you think is negligent in this case study and why?<br />
5. Do the acti<strong>on</strong>s of <strong>CardSystems</strong> Soluti<strong>on</strong>s warrant an “unfair trade practice” designati<strong>on</strong> as stated by the Federal Trade<br />
Commissi<strong>on</strong> (FTC)?<br />
6. What security policies do you recommend to help with m<strong>on</strong>itoring, enforcing, and ensuring <strong>PCI</strong> <strong>DSS</strong> compliance?<br />
7. What security c<strong>on</strong>trols and security countermeasures do you recommend for <strong>CardSystems</strong> Soluti<strong>on</strong>s to be in compliance with<br />
<strong>PCI</strong> <strong>DSS</strong> requirements?<br />
8. What was the end result of the attack and security breach to <strong>CardSystems</strong> Soluti<strong>on</strong>s and its valuati<strong>on</strong>?<br />
9. What are the possible c<strong>on</strong>sequences associated with the data loss?<br />
10. Who do you think is ultimately resp<strong>on</strong>sible for CardSystem Soluti<strong>on</strong>s lack of <strong>PCI</strong> <strong>DSS</strong> compliance?<br />
11. What should CardSystem have d<strong>on</strong>e to mitigate possible SQL injecti<strong>on</strong>s and data breaches <strong>on</strong> their credit card transacti<strong>on</strong><br />
processing engine?<br />
12. Which requirement definiti<strong>on</strong> within the <strong>PCI</strong> <strong>DSS</strong> standard would penetrati<strong>on</strong> testing and SQL injecti<strong>on</strong> attacks be part of?<br />
13. Which requirement definiti<strong>on</strong> within the <strong>PCI</strong> <strong>DSS</strong> standard would require the creati<strong>on</strong> and implementati<strong>on</strong> of informati<strong>on</strong><br />
system security policies?<br />
14. True or False. <strong>CardSystems</strong> while having proper security c<strong>on</strong>trols and security countermeasures, because they failed to<br />
properly implement <strong>on</strong>-going m<strong>on</strong>itoring and testing <strong>on</strong> their development and producti<strong>on</strong> systems, was not 100% <strong>PCI</strong> <strong>DSS</strong><br />
compliant.
15. True or False. Although the <strong>PCI</strong> <strong>DSS</strong> standard does not specifically menti<strong>on</strong> web applicati<strong>on</strong> testing and penetrati<strong>on</strong> testing<br />
with a back-end SQL database, this is implied in the Regularly M<strong>on</strong>itor & Test Networks secti<strong>on</strong> of the standard with<br />
Requirements 10 & 11 and is c<strong>on</strong>sidered a best practice when implementing a new public facing credit card transacti<strong>on</strong><br />
processing system.