Main Goals of Payment Card Industry Data Security Standard
Order ID:89JHGSJE83839 Style:APA/MLA/Harvard/Chicago Pages:5-10 Instructions:
Main Goals of Payment Card Industry Data Security Standard
Main Goals of Payment Card Industry Data Security Standard (PCI DSS) Main Goals of PCI DSS
- Build and maintain a secure network that is PCI compliant.
- Protect cardholder data.
- Maintain a vulnerability management program.
- Implement strong access control measures.
- Regularly monitor and test networks.
- Maintain an information security policy.
GOAL 1: Build and maintain a secure network that is PCI DSS compliant
All merchants must protect cardholder information by installing a firewall and a router system.
- Install, configure, and maintain a firewall system to maintain control over an organization’s network; use a router device to connect networks that will make you a PCI compliant merchant.
- Next, execute the following steps:
- Perform testing when configurations change.
- Identify all connections to cardholder information.
- Review configuration rules every six months.
- Change all default passwords. Default passwords are provided when software is installed; they are discernible and can be easily discovered by hackers.
GOAL 2: Protect cardholder data
- Cardholder data is any personal information about the cardholder that is found on the payment card and can never be saved by a merchant.
- Merchants can only display the maximum of the first six and last four digits of the primary account number.
- All information must be encrypted when transmitting data across public networks, such as the Internet, to prevent criminals from stealing the personal information during the process.
GOAL 3: Maintain a vulnerability management program
- Computer viruses make their way onto computers in many ways, but mainly through e-mail and other online activities.
- Viruses compromise the security of personal cardholder information on a merchant’s computer, and therefore antivirus software must be present on all computers associated with the network.
- In addition to antivirus software, computers are also susceptible to a breach in the applications and systems installed on the computer.
- Merchants must install vendor-provided security patches within a month of their release to avoid exposing cardholder data.
GOAL 4: Implement strong access control measures
- As a merchant, you must limit the accessibility of cardholder information.
- Install passwords and other security measurements to limit employee’s access to cardholder data.
- In order to trace employee’s activities when accessing sensitive information, assign each user an unreadable password used to access the cardholder data.
- Monitor the physical access to cardholder data; do not allow unauthorized persons the opportunity to retrieve the information by securing printed information as well as digital.
- Maintain a visitor log and save the log for at least three months.
GOAL 5: Regularly monitor and test networks
- Keep system activity logs that trace all activity; review the log daily for security breaches.
- The information stored in the logs is useful in the event of a security breach to trace employee activities and locate the source of the violation.
- Each quarter, use a wireless analyzer to check for wireless access points to prevent unauthorized access.
- Also, scan internal and external networks to identify any possible vulnerable areas in the system.
- Install software to recognize any modification by unauthorized personnel.
GOAL 6: Maintain an information security policy
- Establish a security policy that covers all PCI DSS compliance requirements and includes annual procedures to recognize any security breaches and day-to-day security policies.
- Perform background checks on potential employees and educate new and current employees about the compliance regulations.
Additional Information
- To become PCI compliant, you need to complete a questionnaire. This questionnaire consists of yes-or-no questions about your current processing service practices.
- Insure all of your personal identification number (PIN) entry devices are PCI compliant.
- Merchants must install certified PCI compliant payment software on their terminal.
RUBRIC
Excellent Quality
95-100%
Introduction 45-41 points
The background and significance of the problem and a clear statement of the research purpose is provided. The search history is mentioned.
Literature Support
91-84 points
The background and significance of the problem and a clear statement of the research purpose is provided. The search history is mentioned.
Methodology
58-53 points
Content is well-organized with headings for each slide and bulleted lists to group related material as needed. Use of font, color, graphics, effects, etc. to enhance readability and presentation content is excellent. Length requirements of 10 slides/pages or less is met.
Average Score
50-85%
40-38 points
More depth/detail for the background and significance is needed, or the research detail is not clear. No search history information is provided.
83-76 points
Review of relevant theoretical literature is evident, but there is little integration of studies into concepts related to problem. Review is partially focused and organized. Supporting and opposing research are included. Summary of information presented is included. Conclusion may not contain a biblical integration.
52-49 points
Content is somewhat organized, but no structure is apparent. The use of font, color, graphics, effects, etc. is occasionally detracting to the presentation content. Length requirements may not be met.
Poor Quality
0-45%
37-1 points
The background and/or significance are missing. No search history information is provided.
75-1 points
Review of relevant theoretical literature is evident, but there is no integration of studies into concepts related to problem. Review is partially focused and organized. Supporting and opposing research are not included in the summary of information presented. Conclusion does not contain a biblical integration.
48-1 points
There is no clear or logical organizational structure. No logical sequence is apparent. The use of font, color, graphics, effects etc. is often detracting to the presentation content. Length requirements may not be met
You Can Also Place the Order at www.collegepaper.us/orders/ordernow or www.crucialessay.com/orders/ordernow Main Goals of Payment Card Industry Data Security Standard