Your employer is preparing their Self-Assessment Questionnaire to ensure compliance with a security standard designed to protect payment cardholder data. You have been asked to take a lead role in the effort. What is the security standard you need to be familiar with in order to contribute? FISMA ISO 27001 PCI DSS HIPAA
Added by Tyler G.
Step 1
Step 1: Identify the context of the Self-Assessment Questionnaire, which is focused on protecting payment cardholder data. Show more…
Show all steps
Your feedback will help us improve your experience
Akash M and 57 other AP CS educators are ready to help you.
Ask a new question
Labs
Want to see this concept in action?
Explore this concept interactively to see how it behaves as you change inputs.
Key Concepts
Recommended Videos
Option 1 The Department of Defense Directive (DoDD) 8140 (formerly 8570) provides guidance and procedures for training, certification, and management of all government employees who conduct information assurance functions in assigned duty positions. In some career positions, DoDD 8140 impacts those with access to DoD information systems performing assurance (security) functions. As an independent contractor considering a move into the DoD contract arena, discuss additional considerations you would add to your compliance plan to meet DoD requirements. Assess the pros and cons of adding DoD contracts to your portfolio. Option 2 Research the NIST Special Publications website and provide a list of 800-series publications that address the following regulatory and compliance requirements: 1. PCI DSS Compliance 2. HIPAA Compliance 3. Cloud Security Compliance Note: There may be more than one 800-series publication associated with each. From the perspective of a CISO, provide a strategy you would use to ensure your company complies with all three regulations.
Akash M.
Text: Your account has to undergo PCI DSS certification in order to reduce the scope and cost of assessment. Which of the following measures will you adopt?
You are the cybersecurity analyst for a retailer that is considered a Tier 1 merchant (the highest) under PCI DSS. Your company wants to migrate to the cloud, specifically Amazon Web Services (AWS). However, they aren't sure how to maintain their PCI compliance once they do that. They know that AWS operates on a Shared Responsibility Model, but they are fuzzy on the details. The link explaining this model is below. There are twelve requirements within the standard, with each requirement having multiple sub-requirements, so this project is daunting. Given the work involved, they have hired an outside consultant to perform this effort, and he has gone through the first six requirements. However, he has fallen ill, so your boss has asked you to go ahead and research the seventh and eighth requirements. Requirement 7 is "Restrict access to cardholder data to business need to know" and Requirement 8 is "Assign a unique ID to each person with computer access." Your task is to locate the PCI DSS 3.2.1 on AWS Compliance Guide on the AWS website, go down to Requirements 7 and 8, and look at each sub-point to determine who is responsible for what. Document what AWS is responsible for, what your company is responsible for, and what options exist within AWS (like the AWS Marketplace) to help your company be compliant. - Answer includes AWS Cognito. - Answer includes Amazon RDS Identity Federation. - Answer includes IAM Federation Services. - Answer includes IAM roles. - Answer includes AWS Directory Service.
Recommended Textbooks
Computer Science and Information Technology
Introduction to Programming Using Python
Computer Science - An Overview
Transcript
18,000,000+
Students on Numerade
Trusted by students at 8,000+ universities
Watch the video solution with this free unlock.
EMAIL
PASSWORD