In this project you will look up the PCI-DSS control objectives on the Internet

Question

In this project you will look up the PCI-DSS control objectives on the Internet and see which ones TJX did not comply with. Source: https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml Build and Maintain a Secure Network Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data Requirement 3: Protect stored cardholder data Requirement 4: Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program Requirement 5: Use and regularly update antivirus software Requirement 6: Develop and maintain secure systems and applications Implement Strong Access Control Measures Requirement 7: Restrict access to cardholder data by business need-to-know Requirement 8: Assign a unique ID to each person with computer access Requirement 9: Restrict physical access to cardholder data Regularly Monitor and Test Networks Requirement 10: Track and monitor all access to network resources and cardholder data Requirement 11: Regularly test security systems and processes Maintain an Information Security Policy Requirement 12: Maintain a policy that addresses information security Your answer should total between 600-800 words, in a Word compatible document, and have proper attention to formatting, spelling, grammar, and punctuation.

Explanation / Answer

PCI DSS is the worldwide information security standard embraced by the payment card brands for all substances that procedure, store or transmit cardholder information or potentially delicate verification information. It comprises of steps that mirror security best practices. It provides six controle objectives which are as follows:

1. Build and maintain a secure network

2. Protect cardholder data

3. Maintain a vulnerability management program

I4. mplement strong access control measures

5. Regularly monitor and test networks

6. Maintain an information security policy

Retail monster TJX, the parent organisation of T.J. Maxx, Marshalls and a few different retailers, affirmed Wednesday that credit-and platinum card data on no less than 45.7 million of its clients was stolen in 2003.

In spite of the fact that TJX said 75 percent of the cards had either terminated or had conceal attractive stripe information at the season of the burglary, the episode speaks to the biggest Visa robbery in history and, by and by, features the results for organisations that don't do what's necessary to secure cardholder information.

The 45.7 million number alludes to cards that were traded off from January 2003 to November of that year, and TJX didn't give appraisals to the ensuing half year time frame, which proposes that the genuine number of bargained cards could be higher.

"Generously all stolen information from these periods were erased in the conventional course of business consequent to the trusted burglary however before disclosure of PC interruption," as indicated by the documenting.

TJX conceded that it might never know the full extent of the break as a result of the advanced methods that the programmers used to cover their tracks.

While TJX had introduced concealing and encryption innovation on its Framingham framework, the criminals could steal Mastercard data amid the exchange endorsement process, in which information is transmitted to installment card backers without encryption, as indicated by the recording.

Aggressors additionally approached the decoding device for the encryption programming that TJX had introduced to ensure the Framingham framework, the organization said. "Because of the innovation used by the interloper, we can't decide the nature or degree of data incorporated into these documents," as per the recording.

TJX said it doesn't know the degree of misrepresentation identified with the break, in spite of the fact that Florida specialists not long ago charged six individuals regarding utilizing Visa numbers from the TJX rupture to falsely purchase more than $8 million in products from Wal-Mart stores in that state.

TJX likewise uncovered that it's being sued by a few banks and different people regarding the rupture, and the organization proposed that installment card organizations and affiliations -, for example, Visa and MasterCard - may try to impose fines because of the robbery.

Since the rupture was declared in January, specialists have estimated that TJX could confront substantial fines from card organizations for shamefully putting away client information on its systems, infringing upon the Payment Card Industry Data Security Standard (PCI DSS).

Be that as it may, regardless of the possibility that information is encoded and assailants approach the disentangling instrument, at that point PCI won't help, said Barry Johnson, chief of hazard moderation at igxglobal, a Rocky Hill, Conn.- based arrangement supplier.

PCI would become an integral factor in the TJX occurrence as far as what get to controls TJX had set up to confine access to the information, as indicated by Johnson. "It's awesome that they had encryption on the framework, however there's no reason somebody ought to have possessed the capacity to get to that database in any case," he said.

TJX found that its frameworks had been traded off by obscure aggressors on Dec. 18, 2006, and the organization promptly employed occurrence reaction groups from General Dynamics and IBM to help with the examination.

The examination found that gatecrashers initially softened into TJX's frameworks up July 2005 and did as such again from mid-May 2006 to mid-January 2007. Be that as it may, TJX said no client information was stolen after the rupture was found on Dec. 18, 2006.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.