Payment Card Industry Data Security Standard Paper
In Module Three, you became familiar with the various laws related to IT governance and compliance. In addition to these laws, several industry standards and guidelines exist that outline specific security controls. Most of these standards are optional, but some are mandatory for certain sectors.
A standard described in the course textbook, Managing Risk in Information Systems, is the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS is mandatory for businesses processing and storing credit card transactions. The PCI DSS was implemented to strengthen the security controls and data protection standards of credit card data. It was developed with input from the major credit card companies, such as American Express, Visa, and MasterCard, and the banking industry.
The main objective of PCI DSS is to secure the following key credit card data:
Credit card number
In Module Two, you were introduced to Fertilizer Plus and its IT environment. The company’s senior management has recently decided to accept credit card payments from its customers, both from store locations and online transactions. This decision makes meeting PCI DSS objectives and requirements a necessary consideration in order to validate compliance for enforcement organizations. As an IT professional at the company, you are asked to identify appropriate best practices for PCI DSS, specific to the company’s IT environment, and make recommendations to IT management.
Here are your tasks:
Identify the interactions between the objectives and requirements of PCI DSS and Fertilizer Plus’s IT environment.
Determine appropriate best practices to implement when taking steps to meet PCI DSS objectives and requirements.
Prepare a brief report of your findings for IT management to review.