Premium Essay

Lab #3: Case Study on Pci Dss Non-Compliance: Cardsystems Solutions

In: Computers and Technology

Submitted By paulsbarnes88
Words 559
Pages 3
1. Did CardSystems Solutions break any federal or state laws? Yes they did because they did follw the compliance of the pci dss. 2. CardSystems Solutions claims to have hired an auditor to assess compliance with PCI DSS and other best practices for ensuring the C-I-A of privacy data for credit card transaction processing. Assuming the auditor did indeed perform a PCI DSS security compliance assessment, what is your assessment of the auditor’s findings? That he either did not do a full audit of the company just showed him part of what he needed to see to pass them so they could operate without prying eyes 3. Can CardSystems Solutions sue the auditor for not performing his or her tasks and deliverables with accuracy? Do you recommend that CardSystems Solutions pursue this avenue? No they did not and if they had credibility then yes they should sue but if they are at fault then they will be brought to trial in civil court 4. Who do you think is negligent in this case study and why? The company and the auditor because neither one did their job to the fullest extent and it cost the company 5. Do the actions of CardSystems Solutions warrant an “unfair trade practice” designation as stated by the Federal Trade Commission (FTC)? Yes it does because they did not comply with the standards that were put before them 6. What security policies do you recommend to help with monitoring, enforcing, and ensuring PCI DSS compliance? They should have had the firewalls in place that had monitoring built in to it, their website should have watched much more closely, and antivirus that would have protected their servers. Also they should have blocked all ftp ports 7. What security controls and security countermeasures do you recommend for CardSystems Solutions to be in compliance with PCI DSS requirements? See 6 8. What was the end result of the…...

Similar Documents

Free Essay

The Pci-Dss Framework: Protecting Stored Cardholder Data

...The PCI-DSS Framework: Protecting Stored Cardholder Data Wednesday, November 25th 2009 Contents The PCI-DSS Framework: Protecting Stored Cardholder Data 3 Introduction 3 PCI-DSS Compliance 4 Solutions for Encrypting Data at Rest 4 Data Classification, an Alternative to Encryption 8 Building Policies and Procedures 12 Conclusion 12 References 14 The PCI-DSS Framework: Protecting Stored Cardholder Data Introduction Payment cards, whether they are debit or credit cards are an essential component of modern commerce. EMV-based cards have already helped improve the security of millions of bank cards throughout the world, giving even more people the confidence to make payments. But there are other security concerns associated with bank cards. (Card Technology Today, 2009) Globally, debit and credit cards are used for a wide variety of payments with Internet card payments increasingly significantly in recent years. However, with this growth in Internet-based transactions has come an increase in stories related to Card Not Present (CNP) fraud via Internet channels. (Laredo, 2008) The proliferation of fraud and identity theft cases has put the Payment Card Industry (PCI) on the offensive frontlines. (Morse and Raval, 2008) American Express, Discover, JCB, MasterCard, and Visa have joined forces and formed the PCI Security Standards Council, an......

Words: 3961 - Pages: 16

Premium Essay

Pci Case Study

...INTRODUCTION This case discusses issues on purchasing system in a manufacturing companya, Penda Cable Industries Berhad (PCI). The issue started on February 2008 when the new appointed Managing Director of PCI Sdn Bhd, En Ghani reviewed 2007 Financial Report and found out there were recent increases in costs of goods sold and inventories. The rate of increase in costs of goods sold had been disproportionate with growth of sales. En Ghani was informed that one of the reasons for the increase in cost was because of the current purchasing system that contributes to redundant purchasing and high inventory holding costs. Siti Aminah, the Chief of Financial Officer was asked to review the current purchasing system and suggested the need to implement a new computerized purchasing system that would help relieve some of its manual operations and at the same time would ensure it has the proper controls in place. En Ghani requested a formal report on current purchasing system and suggestion for a new system before the next management meeting which would be in two weeks’ time. En Ghani assigned Siti Aminah on the special task instead of the senior Chief Production Officer and she did not have any experience in system and technology. The new system must be able to reduce costs, enhance control and provide easy management of users and services in qualitative and quantitative ways. CHARACTER 1. ENCIK GHANI The new appointed Managing Director of Penda Cable Industry Berhad, who......

Words: 722 - Pages: 3

Free Essay

Pci Case Study

...1. Introduction Chicken run This case is about small and medium sized enterprise (SME), Excel Poultry & Meat Sdn Bhd (EPM). Since 2005, EPM is a subsidiary of PCK Holding. Encik Selamat, a Certified Public Accountant (CPA), had been the General Manager of this company that located in Kluang, Johor. This case shows that EPM face management, production, financial and internal control problems. Besides that, this case also shown the conflict of General Manager with the main debtors of the company. Since 2008, this company faces bad financial performances because of lack of internal control. Other than that, this case also shows the external factors for the production process that cause "chicken run" crisis. Excel Poultry & Meat Sdn Bhd (EPM) was establish in 1998 as Small and medium sized enterprise (SME). EPM was started their business with an initial capital of RM 3.6 million and starting with twenty (20) employees. Their Core business is chicken farming and supplying to various outlets in Malaysia such as hypermarkets, restaurants, hospitals, hotels as well as university colleges. Currently EPM had more than two hundreds (200) employees within the organization and started positioning itself amongst the top five (5) chicken suppliers, in the mid-tier producers in the country. SMEs is the most important for Malaysian economic growth, so for that purpose we need make sure our SMEs had the excellent management in their financial and internal......

Words: 2992 - Pages: 12

Premium Essay

Pci Case Study

...Pci, case study, mia case study INTRODUCTION The issue started on February 2008 when the new appointed Managing Director of PCI Sdn Bhd, En Ghani reviewed 2007 Financial Report and found out there were recent increases in costs of goods sold and inventories. The rate of increase in costs of goods sold had been disproportionate with growth of sales. En Ghani was informed that one of the reasons for the increase in cost was because of the current purchasing system that contributes to redundant purchasing and high inventory holding costs. Siti Aminah, the Chief of Financial Officer was asked to review the current purchasing system and suggested the need to implement a new computerized purchasing system that would help relieve some of its manual operations and at the same time would ensure it has the proper controls in place. En Ghani requested a formal report on current purchasing system and suggestion for a new system before the next management meeting which would be in two weeks time. En Ghani assigned Siti Aminah on the special task instead of the senior Chief Production Officer and she did not have any experience in system and technology. The new system must be able to reduce costs, enhance control and provide easy management of users and services in qualitative and quantitative ways.  CHARACTERS En Ghani : as the new appointed Managing Director of Penda Cable Industry Berhad, who  reviewed past year Financial Report and asked for formal report from Siti......

Words: 1018 - Pages: 5

Free Essay

Pci for Dummies

...Compliments of ersion 2.0 ! ated for PCI DSS V Upd pliance PCI Com ition Qualys Limited Ed Secure and protect cardholder data Sumedh Thakar Terry Ramos PCI Compliance FOR DUMmIES ‰ by Sumedh Thakar and Terry Ramos A John Wiley and Sons, Ltd, Publication PCI Compliance For Dummies® Published by John Wiley & Sons, Ltd The Atrium Southern Gate Chichester West Sussex PO19 8SQ England Email (for orders and customer service enquires): cs-books@wiley.co.uk Visit our Home Page on www.wiley.com Copyright © 2011 by John Wiley & Sons Ltd, Chichester, West Sussex, England All Rights Reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except under the terms of the Copyright, Designs and Patents Act 1988 or under the terms of a licence issued by the Copyright Licensing Agency Ltd, 90 Tottenham Court Road, London, W1T 4LP, UK, without the permission in writing of the Publisher. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Ltd, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, England, or emailed to permreq@wiley.com, or faxed to (44) 1243 770620. Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com......

Words: 15012 - Pages: 61

Premium Essay

Pci Dss

...PCI DSS and the Seven Domains As a business that is entering into the web business and having the ability to receive payment from Credit Cards negates that the business now complies with some standards that secures all of the customers information from misuse and inappropriate access from unauthorized persons.. To do this some logical approaches and best practices have been proven to facilitate a business meeting the PCI DSS standards. These best practices start with a simple install of a firewall that isolates the business' network from unauthorized outside access to the customer's information. Also, make sure that all defaults setting on the network are changed as the default information is a generally known value and easy to bypass security if not changed. (Gibson, 2011) These are generally good practices for security on any network anyway, but definitely a good start to achieving the PCI DSS standard. Once these measures are taken, it is now important to protect the data that you are using from the customer to complete a purchases. The best way is to setup access control measure within the LAN and that the LAN to WAN interface is protected by a firewall. When using the information to authorize outside of the LAN environment it is important to protect the information by encrypting the data being sent to the authorizing entity. By doing this you can further protect the information stored at your business from unwanted access and viewing. Within the business......

Words: 504 - Pages: 3

Free Essay

Pci-Dss

...Compliance Law and Regulations Related to IT Any establishment that sells food and alcohol requires strict compliance with several federal, state, and local laws; however, this section relates to Information Technology (IT) specific compliance and regulations. Because Beachside Bytes Bar and Grill will be accessing and storing sensitive information from customers and employees, guidelines, laws, and policies have been established to insure the privacy of such information is secure. Only those authorized to view, change, or remove such data must be fully authenticated through proper procedures. In addition, established protocols and encryption methods must be use to access database information via the Internet. This section of the report will address these and other challenges related to IT privacy and security. PCI DSS (Payment Card Industry Data Security Standard) is an information security standard that was created from a joint effort of major credit card companies in 2004. Its purpose is to create controls that would reduce credit card fraud. This standard is built around 6 principles and 12 requirements. It is assumed that Beachside Bytes intends to credit cards as a form of payment and must therefore comply with the following principles set forth. The first principle, "Build and Maintain a Secure Network", is enforced through 2 requirements: (1) Install and maintain a firewall, and (2) do not use defaults (IE. passwords). Firewalls create a single point of......

Words: 1244 - Pages: 5

Premium Essay

Lab 3 Assessment Questions Is3350

...1. Did CardSystems Solutions break any federal or state laws? • Federal Trade Commission presented a decision order on CardSystems Solutions and its predecessors as a result of negligence and violation of FTC Act 15, U.S.C. 41-58. 2. CardSystems Solutions claim to have a hired an auditor to assess compliance with PCI DSS and other best practices for ensuring the C-I-A of privacy data for credit card transaction processing. Assuming the auditor did indeed perform a PCI DSS security compliance assessment, what is your assessment of the auditor’s findings? • If compliant they would have implemented proper IP s firewalls or maintained their anti-virus program definitions. Also they were required to encrypt all stored sensitive privacy data for research. 3. Can CardSystems sue the auditor for not performing his or her tasks and deliverables with accuracy? Do you recommend that CardSystems Solutions pursue this avenue? • No because they were PCI DSS compliant in 2004 but was not certifiably compliant at the time of attack in June of 2005. 4. Who do you think is negligent in this case study and why? • CardSystems. Given their high profile, they were expected to be in compliance for properly storing and protecting all privacy data including gathered transactions and credit card information of their cliental in an encrypted manner. 5. Do the actions of the CardSystems warrant an “unfair trade practice” designation as stated by the Federal Trade Commission (FTC)? • Yes,...

Words: 649 - Pages: 3

Free Essay

Cis 554 Case Study 1 Week 3 Solution – a Graded Work

...CIS 554 Case Study 1 Week 3 Solution – A Graded Work Follow www.hwmojo.com link below to purchase solution http://www.hwmojo.com/products/cis554-case-study-1 Email us if you need help with anything else. Support@hwmojo.com CIS 554 Case Study 1: Reaching Success through Best Project Management Practices Due Week 3 and worth 80 points Read the following articles: 1. •“OPM3® Case Study: OPM3 in Action: Pinellas County IT Turns Around Performance and Customer Confidence”. Note: The article in PDF format can be found in the online course shell. 2. •“IT project management and virtual teams”. SIGMIS CPR '04 Proceedings of the 2004 SIGMIS conference on Computer personnel research: Careers, culture, and ethics in a networked environment, pages 129-133. Note: This article can be found in the ACM Digital Library 
Please follow the steps below to access ACM Digital Library: Login to iCampus at http://icampus.strayer.edu/login: From iCampus: Click STUDENT SERVICES>> Learning Resources Center >> Databases Scroll down to "Information Systems/Computing" The ACM Digital Library is below the heading. 3. Write a two to three (2-3) page paper in which you: Identify the common challenges that exist within IT projects based on the first article. Highlight the best practices that could be linked to the successful performance of IT project teams. Determine at least three (3) challenges that exist when working with virtual teams based on the...

Words: 536 - Pages: 3

Premium Essay

Abott Labs Case Study

...     Executive summary………..………………………………………..3 ·      Introduction…………………………………………….…………...5         ·     Section 1- Environment/ Industry analysis….................…………....5 ·      Section 2- Company Description………….....……………………..7 ·      Section 3- Financial analysis………………...………………….…..8 ·      Section 4- Marketing Strategy………………………...……...…...10 ·      Section 5- Use of Information Technology………..………...…….11 ·      Section 6- Ethical/ Environmental Issues….....………….………..12 ·      Conclusion…………………………................................................13 Executive Summary In 2001 Abbott was assessed by Jim Collins in his book “Good to Great” and deemed a worthy investment. Eleven years later Abbott has sustained that high level of performance as a producer in the healthcare and pharmaceutical industry. This performance can be attributed to their consistent financial growth over its competitors. The company competes among the healthcare industry producing pharmaceuticals, medical devices and nutritional products. Abbott is among several large companies that have dominated the industry for about half a century. Abbott has experienced a consistent increase in revenue over the past five years. Due to recent acquisitions, the company has had increasing operating costs, but stable profits. Notable financial risks of the company are their smaller product pipeline and smaller cash cushion compared to competitors.           Abbott Labs marketing branch is what......

Words: 4430 - Pages: 18

Free Essay

Pci Dss Compliance

...PCI DSS compliance is providing a safe place for your customers to do business with us either online or within our brick and motor location. Providing this compliance will ensure that your network has a chance to avoid the publicity nightmare that has effected so many other organizations, like Home Depot and J.P. Morgan Chase. As part of being PCI DSS compliant, organizations must adhere to risk analysis. In order for any organization to handle their network security risk it is important to understand the three important areas of a risk analysis and they are confidentiality, integrity, and availability. Confidentiality is all about letting only the allowed personal have access to that sensitive information and keeping private information private. Unsecure networks, malware, and even social engineering are all types of attacks that can compromise that important data. But intruders or the use of stolen credentials are topping the charts and have been a top ten issue for several years now. It also has been increasing in the number of case in recent years and this attack has accounted for 422 cases in 2013. Whether it comes from a Point of Sale (POS) interaction or a Web application attack the best defense is a strong password. A password should not be written down or can be found in a dictionary, but consist of upper and lower case letters with numbers and special characters mixed throughout (Verizon DBIR, 2014). Integrity is insuring that the information and......

Words: 623 - Pages: 3

Free Essay

Pci Dss

...INTRODUCTION TO PCI-DSS COMPLIANCE Author: Nicholas Henry April 2016 Table of Contents 1. Abstract 2. History 3. PCI-DSS Overview 4. Understanding PCI-DSS Compliance 5. Achieving PCI-DSS Compliance 6. PCI-DSS in the IT Department 7. Negatives of PCI-DSS 8. Positives of PCI-DSS Abstract Around the world, consumer migration from traditional cash and check payments to electronic payment methods such as credit, debit or bank transfers continue to grow. In 2009 a survey discovered that less than 37% of all payments are now made using cash or check. While there are many benefits to this, there are also significant new issues introduced as a result. As customers use electronic payment methods, there is an expectation of security for the cardholder’s identity and payment information. With all the recent data theft and security breaches, this is becoming a significant issue. To ensure the protection of consumer information, the Payment Card Industry, or PCI, developed a set of data security standards (DSS) that merchants and financial service providers must maintain to be able to process debit and credit cards. While PCI does not manage compliance or impose consequences for non-compliance, individual card associations may initiate financial/operational penalties to businesses that are non-compliant.......

Words: 4052 - Pages: 17

Premium Essay

Case Study 3

...Case study 3 Procurement is a part of supply chain management. The main duty of procurement can include managing resources in productive firms which might be complexity. It is not all about purchasing, but also ordering and storage (Tumuhairwe and Ahimbisibwe 2016). However, it may not possible if the companies have no customers or partners to do a business with. The key factor that can keep the business to be insistent is to make contract to customers or business partners. The essay will analysis the case study and provide suitable solutions to solve all issues. Contract in business may be significant to keep relationship between firms and partners to the position that it should be. Contract management can be defined as the control of contracts which involved a company and its customers or partners (Lee, Lin and Pasari 2014). In order to create the business contract, all participants might be considering some relevant factors such as creation, negotiation, adherence, service level agreement, managing changes, documenting and analysing (Tumuhairwe and Ahimbisibwe 2016). According to the case study, there are two contractors such as police and Maybury Security Ltd (MSL) as well as there are serval sub-contractors in different part including facilities management, building construction, software development, data Centre management and systems integration. The issue was occurred by a failure of MSL’ s contract, the reason is because contractual performance was not attained......

Words: 753 - Pages: 4

Free Essay

Pci Dss Security Policy Template

...P01 - Information Security Policy Document Reference Date Document Status Version Revision History P01 - IS Policy Final 1.0 Table of Contents 1. 2. 3. 4. 5. 5.1. 5.2. 5.3. 5.4. 5.5. 5.6. 5.6.1. 5.6.2. 5.6.3. 5.6.4. 6. 6.1. 6.2. Policy Statement ....................................................................................................................... 3 Review and Update of the Policy Statement .......................................................................... 3 Purpose ...................................................................................................................................... 3 Scope.......................................................................................................................................... 3 Information Security Framework ........................................................................................... 3 Reporting Structure for the Business .......................................................................................... 3 Associated Teams....................................................................................................................... 4 Annual Policy Review................................................................................................................ 4 Policy Breaches .......................................................................................................................... 4 Individual Policies ......................

Words: 1892 - Pages: 8

Free Essay

Overview of Pci Compliance Methodology

...Metodología PCI DSS Identificación de la Realidad Fase 1 • Objetivo: – Identificar los elementos con los que cuenta actualmente la organización, lo cuales fungen como habilitadores para el cumplimiento del estándar PCI. • Requerimientos de Información – Plataforma tecnológica – Normativa – Procesos – Proveedores – Responsables – Organigrama – Información almacenada de tarjetas – Otros. Fase 1 Actividades Análisis de Brechas Fase 2 FASE 2. ANALISIS DE BRECHAS • Objetivo: – Identificación del nivel de cumplimiento actual de los diferentes controles que componen el estándar PCI. • Requerimientos de Información – Identificación de los requerimientos de cumplimiento – Reporte del estado actual del cumplimiento Fase 2 Actividades Definición del Plan de Acción Fase 3 • Objetivo – Establecer las iniciativas priorizadas para cerrar la brecha de cumplimiento, definiendo actividades con sus responsables y fechas de realización. • Requerimientos de Información – Reporte de Brechas de Cumplimiento – Objetivos de cumplimiento – Priorización de acciones de acuerdo a los requerimientos del negocio. Fase 3: Definición del Plan de Acción Actividades Implementación del Plan de Acción Fase 4 • Objetivo – Implementar las iniciativas definidas en el programa en tiempo y forma, asegurando el cierre de las brechas identificadas y la generación de la evidencia de cumplimiento. • Requerimientos de Información – Programa de implementación. – Evidencia......

Words: 255 - Pages: 2