ISOL 633 Cumberlands Build and maintain a secure network and systems

timer Asked: Mar 9th, 2019
account_balance_wallet $60

Question Description

With some background and context coupled to the challenges that are evident, it is time to explore the PCI DSS requirements. When you carefully and fully learn the next six Groups’ work you will be able to understand the guidelines and compliance therewith.

Group Three: This Group will research and discuss the first “control objective” and its numerous requirements: 1. Build and Maintain a Secure Network and Systems a. Install and maintain a firewall configuration to protect cardholder data b. Do not use vendor-supplied defaults for system passwords and other security parameters

Unformatted Attachment Preview

ISOL 633 Spring MAIN 2019 Residency Project – PCI DSS The Project This team-based Residency Project is comprised of two components: a research paper, which accounts for 20% of the overall course grade, and a presentation which accounts for 10% of the overall course grade. The challenge of this Project includes demonstrating that the team acquired a sophisticated level of knowledge about one of the mains components of the system of PCI DSS. Each team’s efforts should be able to be successfully applied to the knowledge gained by its fellow student teams toward an overall, comprehensive understanding of these crucial governing principles collectively known as the Payment Card Industry Data Security Standard. Unless logically inapplicable, such as when writing about historical facts, use the current version of the guidelines: PCI DSS 3.2. Each team is charged with researching, discussing, and presenting results about one of eight components of the PCI DSS system: Group One: Historical background of PCI DSS, such as the history of payments in the U.S., the introduction of the Payment Card Industry Security Standards Council, and other general points of knowledge that help to set the tone for the Project. We need the context from this Group. Group Two: Just as our textbook chapters typically begin, Group One’s history lesson is expanded here by describing some of the challenges that the three main stakeholders of payment card systems—i.e., payment card companies (Visa, MasterCard, et al), merchants and vendors (small, large, online, brick-and-mortar), and consumers—face vis-à-vis technologies, business challenges, and legal challenges within the PCI domain. With some background and context coupled to the challenges that are evident, it is time to explore the PCI DSS requirements. When you carefully and fully learn the next six Groups’ work you will be able to understand the guidelines and compliance therewith. Group Three: This Group will research and discuss the first “control objective” and its numerous requirements: 1. Build and Maintain a Secure Network and Systems a. Install and maintain a firewall configuration to protect cardholder data b. Do not use vendor-supplied defaults for system passwords and other security parameters Group Four: This Group will research and discuss the second “control objective” and its numerous requirements: 2. Protect Cardholder Data a. Protect stored cardholder data b. Encrypt transmission of cardholder data across open, public networks 1 Group Five: This Group will research and discuss the third “control objective” and its numerous requirements: 3. Maintain a Vulnerability Management Program a. Protect all systems against malware and regularly update anti-virus software or programs b. Develop and maintain secure systems and applications Group Six: This Group will research and discuss the fourth “control objective” and its numerous requirements: 4. Implement Strong Access Control Measures a. Restrict access to cardholder data by business need-to-know b. Identify and authenticate access to system components c. Restrict physical access to cardholder data Group Seven: This Group will research and discuss the fifth “control objective” and its numerous requirements: 5. Regularly Monitor and Test Networks a. Track and monitor all access to network resources and cardholder data b. Regularly test security systems and processes Group Eight: This Group will research and discuss the sixth and final “control objective” and its numerous requirement: 6. Maintain an Information Security Policy a. Maintain a policy that addresses information security for all personnel After learning about the history and context, and having Groups Three through Eight discuss the PCI substantively, we now can become thoughtful analysts. The last section of the work will compare, contrast, and opine about PCI DSS. Group Nine: There are fewer better ways to help understand these complex guidelines, from a practical perspective, than to learn about how “real world” stakeholders have dealt with them. Thus, the audience needs to learn about some case studies. Research and discuss at least three actual scenarios in which a PCI stakeholder has dealt with, or failed to comply with, PCI DSS. Tell us some stories. Make sure to include at least three subjects: (1) an online retailer; (2) a small, local business (such as a barber shop, bookstore, or restaurant); and (3) a law firm, large or small. You may choose more than three subjects, but do not expand so much so that you are unable to tell a full story about your chosen subjects. Group Ten: Next comes some analysis. This Group examine and discuss PCI DSS in a limited, albeit complementary, way. Look specifically at Kentucky’s laws, regulations, and business practices in order to examine PCI DSS from a state-level perspective. Are there other Kentucky laws that govern payment cards? What Kentucky laws implicate PCI DSS? What are some things that Kentucky business leaders need to be aware of when they accept payment cards at their establishments? 2 Group Eleven: In further analyzing PCI DSS, and without necessarily homing in on Kentucky stakeholders, what other American laws or regulations might relate to, implicate, or otherwise find a nexus with PCI DSS? Here, the audience needs to understand, as you will, that PCI DSS does not operate in a vacuum. Rather, like most of what we’ll learn in ISOL 633, there are numerous laws, regulations, and other governing principles that interact with PCI DSS to form an overall governance model. Group Twelve: This enviable Group gets the opportunity to examine and explain two PCI DSS concepts. First, tell us what’s wrong with PCI DSS. Has it become outdated or irrelevant in some way, or is it lagging behind modern technologies? Secondly, what is on the horizon for PCI DSS stakeholders, especially for the merchants and vendors? The Research Please utilize the University’s wealth of library resources, as well as alternative scholarly or legal resources as appropriate. While it is not prohibited to use other, non-scholarly resources, the key to compiling a cogent, informed Residency Project in our course is to focus on peer-reviewed, scholarly articles and the laws, regulations, and legal cases that surround PCI DSS. The balance should weigh heavily toward those resources, although some other magazine, newspaper, or website sources may help you. • • • • • • Peer-reviewed sources Law Review Scientific journals Scholarly Journals EBSCO ProQuest UC Library IS Guide • • • • • • Acceptable Sources Court cases Legal Restatements News articles News magazines Professional magazines Articles from experts in the field of study • • • • • Unacceptable Sources Wikipedia Open Source General blogs Vendor White papers Social Media Posts The Writing The research paper that you produce must be in APA style, as discussed. Style affects all components of the paper from margins and font choice to overall structure to references citations, including proper citation of laws and court cases. In addition to using the APA style to guide your work, your team should also keep in mind the scoring rubric that is provided at iLearn. The more that your work answers the call of that rubric, the higher your score will be. It is important to write well both in academia and in your professional lives. This is not only because communicating well is part of being a professional, but also because poorly written work detracts from the value of the work. Readers, intentionally or not, equate badly grammar, pore speling, and other English righting mistakes with incomplete research or unpersuasive 3 arguments. Perhaps that is in error—i.e., it is not actually the case that all poorly written work is dispensable—though that effect cannot be ignored. The paper should be written according to APA rules, and is to be between five and 10 total pages. Fewer than five pages will result in proportionate deductions, and pages beyond 10 will not be considered. Your team must submit both the paper and the PPT in iLearn no later than Sunday, March 10, by 2:00 p.m. Residency Project scores will be recorded no later than Wednesday, March 20. The Presentation On Sunday, March 10, your team will conduct a presentation of your research to the class. All team members must participate. Each team will have approximately 15 minutes. It is highly recommended that a rehearsal or practice run is accomplished before the formal presentation. As you know, when a presenter begins by fumbling with the technology, or otherwise appearing unprofessional, much like poor writing, the message loses its value. Your team should reflect your subject matter expertise about the PCI DSS component assigned, and be prepared to answer questions. 4 ...
Purchase answer to see full attachment

Tutor Answer

School: Rice University



Student’s Name



Building and Maintaining a Secure Network and Systems
The payment card industry (PCI) works in ensuring client data is kept private and
confidential. It is a security concern to ensure sensitive data and other details about clients to any
organization or company are kept secrets only revealed to the owner individuals that can
manipulate their information and mess with their finances, for example, as part of materials
where fraudsters and cyberbullying gets room to frustrate the public. Therefore, user passwords
and other login details such as usernames should be kept a secret to the vendor company of any
other service provision industry. The use of card payment systems ruled by the payment card
industry (PCI) regulations demands for a secretive manner of handling issues of customers. The
company offering such services should not be aware of such information such as the personal
identification number (PIN) for clients (Domingues, Carreira, Vieira, & Kastner, 2016). Many
commercial banks generate personal identification numbers to the client but the staff does not
have the opportunity of knowing the PIN details contained in the printed documents or the short
messages (SMS) sent to clients. Whenever such information is demanded by any servicing
officer, an alarm should be raised and such a victim to requesting for personal information must
face the law. Since such activities can be done by external experts in the field of hacking,
firewalls must be set as the alternative was of securing user information and creating confidence
among clients. The concern should extend to regular checks that can help in handling fraud
cases. All available security measures must be issued and guided to cardholders to help protect
their funds.



Firewall Installation Configuration
Firewalls are partitions of a web network or route where penetration is only allowed to
certain approved commands from specific people. Taking an example of a salesperson, they only
have access to stock levels but have no power of the modification of such information. Despite
wanting to have an updated list of available stocks, the installation of firewalls to such systems
helps in the protection of user information. For example, fraudulent activities are undertaken by
criminals where they can make a trace of a person’s card number and password without making a
request from the owner (Zawoad, Dutta, & Hasan, 2016). The firewall configuration should
ensure non-una...

flag Report DMCA

Tutor went the extra mile to help me with this essay. Citations were a bit shaky but I appreciated how well he handled APA styles and how ok he was to change them even though I didnt specify. Got a B+ which is believable and acceptable.

Similar Questions
Hot Questions
Related Tags
Study Guides

Brown University

1271 Tutors

California Institute of Technology

2131 Tutors

Carnegie Mellon University

982 Tutors

Columbia University

1256 Tutors

Dartmouth University

2113 Tutors

Emory University

2279 Tutors

Harvard University

599 Tutors

Massachusetts Institute of Technology

2319 Tutors

New York University

1645 Tutors

Notre Dam University

1911 Tutors

Oklahoma University

2122 Tutors

Pennsylvania State University

932 Tutors

Princeton University

1211 Tutors

Stanford University

983 Tutors

University of California

1282 Tutors

Oxford University

123 Tutors

Yale University

2325 Tutors