Description
This is Group 8 project ( please read the attached document fully and then scroll down to group 8 section)
This Group will research and discuss the sixth and final “control objective” and its numerous requirement:
6. Maintain an Information Security Policy
a. Maintain a policy that addresses information security for all personnel
Add additional information and address the above questions related to PCI DSS in general words.
In general scenario, please explain information security policy related to PCI DSS
After learning about the history and context, and having Groups Three through Eight discuss
the PCI substantively, we now can become thoughtful analysts. The last section of the work
will compare, contrast, and opine about PCI DSS.
We need to cover how merchant/small business maintain information security under the Payment Card Industry Data Security Standard (PCI DSS).
Few Real-time examples.
8 to 10 pages (No plagiarism)
Proper APA with citation (5 to 6) in alphabetic order.
PPT 8 slides.
Unformatted Attachment Preview
Purchase answer to see full attachment
Explanation & Answer
Payment Card Industry Data Security Standard (PCI DSS) Outline
1. Information Security Policy Relation to PCI DSS
2. Policy That Addresses Information Security for All Personnel
3. Intellectual Property Law
4. Black’s Law Definition
5. IP Examination
6. Patents
7. Trademarks
8. Trade Secrets
9. Copyrights
10. Conclusion
PAYMENT CARD
INDUSTRY DATA
SECURITY
STANDARD (PCI
DSS)
Name
INFORMATION SECURITY POLICY
RELATION TO PCI DSS
Payment Card Industry Data Security Standard (PCI DSS) is an information
security standard.
The aim of PCI DSS is increasing control of data related to the cardholders as
a way of reducing credit card fraud.
PCI DSS has been faced with various security breaches resulting in the need
to improve the information technology standards.
The construction and maintenance of a secure network and system are done
due to various requirements, for security purposes.
POLICY THAT ADDRESSES
INFORMATION SECURITY FOR ALL
PERSONNEL
The PCI program is a safety policy which covers the way an organization
addresses the Payment Card Industry Data Security Standard (PCI DSS)
requirements.
An organization is expected to create the procedures that the policy will
follow in addressing the concerns of PCI DSS.
The company has to conduct security awareness, where PCI DSS requires a
security awareness program to be made.
INTELLECTUAL PROPERTY LAW
The council in charge of PCI DSS has adopted the Intellectual Rights Policy
which helps in minimization of the possibility of inadvertent infringement of
the intellectual property rights by third parties or the implementation of any
Council Standards.
It applies to the organizations joining the Council, where an agreement is
made so that every participant is bound by the policy.
The members have to be controlled by one member, and everything has to
conform to the established rules.
Licensing commitment has to be done by all participants with the provision
of a license and making a covenant where no Necessary Claims shall be
asserted.
BLACK’S LAW DEFINITION
The service provider is required to comply with certain laws, regulation,
specifications, and guidelines related to the business process.
When regulatory compliance has been violated, the results include legal
punishment such as federal fines.
Payment Card Industry Data Security Standard regulatory compliance law is
used by the organizations dealing with cardholders data.
These rules and guidelines in companies dealing with cardholder data are
essential in the provision of guidance to help the organizations in achieving
their business goals.
IP EXAMINATION
One of the requirements of Payment Card Industry Data Security Standard is
ensuring that the IP address of the company is protected to make sure that it
cannot be tracked or accessed by unauthorized people.
Cybersecurity technology has advanced allowing people with malicious people
to access the IP address of people from different places, thus accessing
personal information.
Payment Card Industry is facing the same issue with fraudsters being able to
hack the companies’ information despite their physical location.
Government initiatives and regulation implemented cannot be able to achieve
data protection for the cards.
PATENTS
Patent rights are achieved after a legal agreement known as the License
Agreement is made with the PCI Security Standards Council.
The patent is awarded to the copyright owner as stated under the Agreement,
thus making the person liable.
When the license has been provided, the owner is not allowed to modify or
sublicense the material.
When someone decides to implement the license, they have to define the
element that is required to be changed, the necessary claims necessary
infringement and end user.
TRADEMARKS
Trademarks are logos used by companies for recognition purposes.
The trademarks are unique as there are no two companies that can be
recognized with the same sign.
The different cards are made in a way that they can be recognized with their
logo.
The sign used by the MasterCard is different from that for a visa.
TRADE SECRETS
PCI DSS requires service providers and merchants to maintain their trade
secrets.
It means that all sensitive data has to be protected at all cost.
Hackers aim at the attacking the systems which are poorly protected so that
they can access payment data, make fraud cases card payment and with the
current technologies it has been made easier.
There are penalties of not maintaining trade secrets such as liability to foreign
investigations.
COPYRIGHTS
Copyright described the legal rights that have been assigned for some years by
the original owner for application purposes.
The Payment Card Industry has been allowed to use the data security
standards.
It means that the service providers have the right to use the security policies
to ensure that all requirements of protecting the card data are done.
CONCLUSION
Fraud involving cards has been on the rise.
It is due to the sophistication in technologies allowing the hackers to access
the sites that are not secure and accessing personal information. Payment Card
Industry Data Security Standard has however helped to reduce the issue.
It has resulted in the formation of compliance that service providers should
follow to ensure securing of cardholders as well as securing the network sites
to avoid external attacks.
REFERE...