The PCI DSS statements programming assignment help
The PCI DSS statements below apply to all Red Clay Renovation employees at Baltimore MD, Philadelphia PA, Wilmington DE, and Owings Mills locations.
PCI DSS Regulatory Requirements
PCI is not a law, but an international standard for handling transactions involving payment cards. Any organization using American Express, Discover Financial Services, Japan Credit Bureau, MasterCard Worldwide, and VISA International as a part of their payment system must comply with PCI DSS v2.0 standards. The standards include requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures (Solomon & Kim, 2014). E-commerce systems and applications demand strict confidentiality, Integrity, and Availability (C-I-A) security control.
Management of PCI DSS
PCI regulated systems that support the businessâ€™s processing of credit cards and other payment mechanisms and are subject to the regulations of the payment card industry (PCI). These systems must be protected and their security audited according to PCI guidelines (Donaldson, Siegel, Williams, & Aslam, 2015). Red Clay Renovations should want their Cybersecurity Audit Objective to state that their systems are protected as required by Payment Card Industry (PCI) standards. The audit should indicate that customer data is not being inappropriately accessed. The integrity of financial transactions in their system is being maintained and the availability of their web-applications is not being impaired (Donaldson, Siegel, Williams, & Aslam, 2015).
PCI DSS Compliance
PCI DSS compliance is a prerequisite for doing business with any of the credit card organizations. If Red Clay Renovations violates PCI DSS standards, it could lose its ability to process payment cards. Non-compliance usually results in fines and revocation of privileges (Solomon & Kim, 2014).
PCI DSS Objectives
Red Clay Renovations must build and maintain a secure network; protect and encrypt all credit card transmission data across public networks. Maintain a Vulnerability Management Program, implement and monitor strong access control measures and maintain an Information Security Policy (Solomon & Kim, 2014).
The Rules for PCI DSS
Depend on the number of payment card transactions the organization processes. Organizations that handle large volumes of transactions must have their compliance assessed by an independent Qualified Security Assessor (QSA). Organizations that handle smaller volumes of transactions can choose to self-certify using a PCI DSS Self-Assessment Questionnaire (SAQ). There are 12 requirements organized into 6 groups (Kim & Solomon, 2014).
Donaldson, S. E., Siegel, S. G., Williams, C. K., & Aslam, A. (2015). Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats. New York: Apress.
Kim, D., & Solomon, M. G. (2014). Fundamentals of Information Systems Security 2nd ed.Burlington: Jones & Bartlett Learning.
Solomon, M. G., & Kim, D. (2014). Fundamentals of Information Systems Security 2nd ed.Burlington: Jones & Bartlett.