Lab 3 Lab Questions |
1. Did CardSystems Solutions break any federal or state laws
Federal Trade Commision presented a decision order on CardSystems Solutions and its predecessors as a result of negligence and violation of FTC Act 15, U.S.C. 41-58
2. CardSystems Solutions claim to have a hired an auditor to assess compliance with PCI DSS and other best practices for ensuring the C-I-A of privacy data for credit card transaction processing. Assuming the auditor did indeed perform a PCI DSS security compliance assessment, what is your assessment of the auditor’s findings
If compliant they would have implemented proper IP stateful ...view middle of the document...
What security controls and security countermeasures do you recommend for CardSystems Solutions to be in compliance with PCI DSS requirements
Regularly test security systems and processes, Encrypt transmission of cardholder data across open, public networks, Use and regularly update antivirus software, update to dual firewall methods
8. What was the end result of the attack and security breach to CardSystems and its valuation
The FTC presented a decision order on CardSystems Solutions and its predecessors as a result of negligent and violation of the FTC Act 15, U.S.C. 41-58
9. What are the possible consequences associated with the data loss?
Identity theft, Data theft…credit/debit card info stolen.
10. Who do you think is ultimately responsible for CardSystem Solutions lack of PCI DSS compliance
11. What should CardSystem have done to mitigate possible SQL injections and data breachers on their credit card transaction processing engine?
Keep their antivirus date up to date, install patches when necessary, web application...