Payment Card Industry Data Security Standard v3.2

Payment Card Industry Data Security Standard v3.2 (PCI DSS v3.2) Name Business Information System Assignment 2 BISM7213 Date PCI-DSS Overview The Payment Card Industry Data Security Standard (PCI DSS ) was first created in 2006 by a committee formed by the five main companies dedicated to preparing bank cards (American Express, Discover Financial Services, JCB International, MasterCard and VISA ), and has been updated through different versions, up to version 3.2, which is required application as of February 1, 2018. The security standard is applicable to companies that manage process and / or store data related to bank cards, and its main objective is to guarantee the security of operations and transactions carried out through bank card information, thus avoiding fraud and fraud. Updates on version 3.2 are necessary as they are considered good practices and recommendations to improve bank card security. Companies handling bank card data including storing and transmitting data must comply with the requirements set by the PCI DSS standard, and these standards are reviewed (Security Standards Councils, 2016). Compliance with the standard helps to safeguard the data of cardholders and prevent fraud. If there is no need for storing card authentication data within the web , e-commerce platforms and the logs of the system, then these transactions would have been outsourced to third parties, which guarantee the PCI-DSS standards are met. PCI DSS standard helps the entity improve security operations, but this also adds additional layer of complexity to and there is a need to have knowledge on the standards and information system. Aligning the changes with the environment also needs to be undertaken when there is consideration on impact on the operation and coverage of the affected environments (LECTURE-4, 2019, p. 12). Different entities are affected and how to improve security, while improving the maintenance of the controls of the standard is prioritized even as this may require that the IT staff spend more time finding about how the system works and how best to implement the standards. Configuring and keeping an updated, firewall will help to protect the users’ data and the web server proxy will also enhance security. Non-compliance attracts fines and is factored into the decision making process when adopting the standards. Firewalls, Proxies, IDS Since there is likely to be vulnerable servers and workstations that share card information across a network, firewalls, proxies and IDS are important to improve security. When there is a firewall this improves security to an appropriate level while allowing access to vital internet services. A firewall is a system or a group of systems that implement an access control policy between two or more network, which allows and blocks access depending on the source. However, this type of access control is not always effective to enhance company's security policy, as there are still risks, threats and vulnerabilities to the computer system. Adding a firewall between the ethernet and the servers will improve security as well as ethernet and the PCs is necessary to improve outcomes. It impossible to analyse all the packets that pass through the firewall and people using proxies, but det...