Practical Task

Uploaded by

AAAAAAA

0% found this document useful (0 votes)

10 views3 pages

Original Title

Practical task (1)

Copyright

Available Formats

DOCX, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

10 views3 pages

Practical Task

Uploaded by

AAAAAAA

Copyright:

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 3

Search inside document

Task № 5_1.

PCI DSS standard read and review.

The control objectives are implemented via 12 requirements, as stated at

https://www.pcisecuritystandards.org/pci_security/maintaining_payment_securi
ty:
Please, review this standard and understand this 12 requirements:
1. Install and maintain a firewall configuration to protect cardholder data.
2. Do not use vendor-supplied defaults for system passwords and other security
parameters.
3. Protect stored cardholder data.
4. Encrypt transmission of cardholder data across open, public networks.
5. Use and regularly update anti-virus software or programs.
6. Develop and maintain secure systems and applications.
7. Restrict access to cardholder data by business need to know.
8. Assign a unique ID to each person with computer access.
9. Restrict physical access to cardholder data.
10. Track and monitor all access to network resources and cardholder data.
11. Regularly test security systems and processes.
12. Maintain a policy that addresses information security for employees and
contractors.

Task № 1.
Match each this requirement with appropriate SANS critical control.

The answer:

PCI DSS requirement SANS Critical control

1 Install and maintain a firewall 13 Network monitoring and defense
configuration to protect cardholder
data.
2. Do not use vendor-supplied 5 Account management, 6 access
defaults for system passwords and control management, 4 Secure
other security parameters. configuration of enterprise assets and
software
3. Protect stored cardholder data. 3 Data Protection
4. Encrypt transmission of cardholder 13 Network monitoring and defense
data across open, public networks.
5. Use and regularly update anti-virus 10. Malware Defenses
software or programs.
6. Develop and maintain secure 7 Continuous Vulnerability
systems and applications. management, 8, 10, 11, 13, 17
7. Restrict access to cardholder data 6 Access Control management
by business need to know.
8. Assign a unique ID to each person Audit Log management, account
with computer access. management
9. Restrict physical access to Inventory and control of enterprise
cardholder data. assets
10. Track and monitor all access to Audit log management
network resources and cardholder
data.
11. Regularly test security systems Penetration testing, Data recovery
and processes.
12. Maintain a policy that addresses Security awareness and skills training
information security for employees
and contractors.

GDPR standard review and understand.

https://www.itgovernance.eu/blog/en/the-gdpr-understanding-the-6-data-
protection-principles

Task № 2.
One company providing service of Taxi.
They need to comply with GDPR standard.
Company collects such information: Name, Phone number and geolocation.
Combination of these data – is a personally identifiable information.
GDPR requirements:
1. End user’s information must be encrypted
2. Company must have a function to delete user information after his request.

We have a database in such view:

Name of client Phone number Location
//////////// ////////////// //////////
///////// /////////// ////////////

*//////////// -------- (encrypted form)

Which additional steps are necessary to implement?

The answer:
1. We need to add additional column – user id.
2. It is necessary to build the second database, which will have two
columns: 1 column with user id, the second column with phone number.
Database № 1
User id Name of client Phone number Location
1 ///////////// ////////////// //////////
2 ///////// /////////// ////////////

Database № 2.
User id Phone number
1 +7707777777
2

Combination user id with phone number – it is not a personally identifiable

information. So, we could store this information in clear text.
And we could find and delete person’s information after his request.

PCI-DSS Requirements Vs Security Controls
Document16 pages
PCI-DSS Requirements Vs Security Controls
Sherif_Salamh
No ratings yet
Compilance Details - PCI DSS
Document4 pages
Compilance Details - PCI DSS
Rihana Khatun
No ratings yet
20131119-Bader Security Operating Procedures-U-Logs4 PDF
Document4 pages
20131119-Bader Security Operating Procedures-U-Logs4 PDF
Mati Chala
No ratings yet
PCI Compliance Guide
Document18 pages
PCI Compliance Guide
Husseni Muzkkir
No ratings yet
IT Audit Documents Checklist
Document11 pages
IT Audit Documents Checklist
Ravi Raman
No ratings yet
PCI Data Security Standardv1
Document59 pages
PCI Data Security Standardv1
biolinh
No ratings yet
What You Need To Know About The Payment Card Industry Data Security Standard (PCI DSS)
Document15 pages
What You Need To Know About The Payment Card Industry Data Security Standard (PCI DSS)
abbes benkirane
No ratings yet
Assignement # 1 Project Proposal
Document6 pages
Assignement # 1 Project Proposal
ephert
No ratings yet
PCI DSS Policies and Procedures
Document38 pages
PCI DSS Policies and Procedures
justforfun2009
No ratings yet
Highly Confidential Security System Uml
Document18 pages
Highly Confidential Security System Uml
Vijay Teja
No ratings yet
IT Security and Cyber Security Policy
Document27 pages
IT Security and Cyber Security Policy
PA2 kspl
100% (1)
Pci-Dss Controls: PCI Security Standards Council
Document4 pages
Pci-Dss Controls: PCI Security Standards Council
yawahab
No ratings yet
Network Security Monitoring Procedure
Document3 pages
Network Security Monitoring Procedure
Ghislain Murenzi
No ratings yet
PCI DSS ComplianceWithout The Headache
Document10 pages
PCI DSS ComplianceWithout The Headache
Ahmed A
100% (1)
It Security Procedures and Guidelines: Adrija Sen
Document33 pages
It Security Procedures and Guidelines: Adrija Sen
Saket Agarwal
No ratings yet
Data Security Policy Data Security Policy
Document9 pages
Data Security Policy Data Security Policy
Abbas Ahmad
No ratings yet
List of Familiarization With The Information Security Requirements
Document3 pages
List of Familiarization With The Information Security Requirements
Ahmed Ali Alsubaih
No ratings yet
IT Security Policy
Document13 pages
IT Security Policy
Mohammad Farooq
100% (1)
Practical-2 Aim: Develop The Software Requirements Specifications (SRS) Document For A Specific System
Document4 pages
Practical-2 Aim: Develop The Software Requirements Specifications (SRS) Document For A Specific System
sec
No ratings yet
PCIDSS Compliance Requirement Checklist 2020
Document6 pages
PCIDSS Compliance Requirement Checklist 2020
Shekhar
No ratings yet
Cse Instructor Materials Chapter7
Document26 pages
Cse Instructor Materials Chapter7
api-224615605
No ratings yet
Vbs Sop Its-002 Dv01 04 May 11 Ms
Document14 pages
Vbs Sop Its-002 Dv01 04 May 11 Ms
vimalrajan1985
No ratings yet
3rd Party Outsourcing Information Security Assessment Questionnaire V1.0
Document15 pages
3rd Party Outsourcing Information Security Assessment Questionnaire V1.0
santanujoshi
No ratings yet
Secure Electronic Transaction
Document8 pages
Secure Electronic Transaction
hiral.patel
No ratings yet
Practical: 3: Aim: Determine and Analyze The Functional Non-Functional Requirements For A Given Project
Document12 pages
Practical: 3: Aim: Determine and Analyze The Functional Non-Functional Requirements For A Given Project
Keval Patel
No ratings yet
Achieving PCI DSS Compliance With Thales Data Protection White Paper
Document21 pages
Achieving PCI DSS Compliance With Thales Data Protection White Paper
Minh Quang Intercom Vietnam
No ratings yet
Document 4
Document47 pages
Document 4
Khushi Dwivedi
No ratings yet
SaaS Platform Security 2020
Document12 pages
SaaS Platform Security 2020
GERMAN
No ratings yet
Network security threats and controls
Document6 pages
Network security threats and controls
Kaleeswari
No ratings yet
Security Infrastructure Design Document
Document7 pages
Security Infrastructure Design Document
mostafa
100% (1)
PCI Security Training Essentials
Document18 pages
PCI Security Training Essentials
Tshepo Moletsane
No ratings yet
Chapter - 4 - Iot - Recording - 2
Document16 pages
Chapter - 4 - Iot - Recording - 2
Ravi Biradar
No ratings yet
Highly Confidential Security System
Document6 pages
Highly Confidential Security System
Venkat Chowdary
No ratings yet
Password Based Remote Controlled Door Opening Using Android Application
Document5 pages
Password Based Remote Controlled Door Opening Using Android Application
Makrand Ghag
No ratings yet
UCL-75-1030 - Issue No.2 - Information Security Policy (Extended)
Document12 pages
UCL-75-1030 - Issue No.2 - Information Security Policy (Extended)
Azza Shoukr
No ratings yet
WWW Controlcase Com What Are The 12 Requirements of Pci Dss
Document10 pages
WWW Controlcase Com What Are The 12 Requirements of Pci Dss
Allison Alcindor
No ratings yet
Cybersecurity FCC's Cybersecurity Tips For Small Businesses Criterion 4.1
Document1 page
Cybersecurity FCC's Cybersecurity Tips For Small Businesses Criterion 4.1
Juan Juárez
No ratings yet
Software Requirements Specification (SRS) Online Passport Registration
Document17 pages
Software Requirements Specification (SRS) Online Passport Registration
Maliha
0% (1)
Computer
Document10 pages
Computer
khenoenrile
No ratings yet
PDPA Standards
Document9 pages
PDPA Standards
Jie Han
No ratings yet
SSL VPN : Understanding, evaluating and planning secure, web-based remote access
From Everand
SSL VPN : Understanding, evaluating and planning secure, web-based remote access
Tim Speed
No ratings yet
Software Requirements Specification: 1.1 Purpose of The System
Document5 pages
Software Requirements Specification: 1.1 Purpose of The System
Daisy Wangui
No ratings yet
RAR Information Security Standards Version 2 - Final (ISMS)
Document47 pages
RAR Information Security Standards Version 2 - Final (ISMS)
jose silva
No ratings yet
Projet Network Security
Document25 pages
Projet Network Security
Soufyane Ayanouz
No ratings yet
CISA Class Notes 15 and 16 October 2022
Document7 pages
CISA Class Notes 15 and 16 October 2022
Chitij Chauhan
No ratings yet
Police Staff College Bangladesh
Document6 pages
Police Staff College Bangladesh
Farhan Shawkat
No ratings yet
Cybernetic Protectors: Existing System
Document3 pages
Cybernetic Protectors: Existing System
The Futura Labs
No ratings yet
Unit 4 IoT (1) Highlighted PDF
Document16 pages
Unit 4 IoT (1) Highlighted PDF
kattaanithasri1224
No ratings yet
Assignment 4 (CY) With Solution
Document8 pages
Assignment 4 (CY) With Solution
Muhammad Umar
No ratings yet
Implement Zero Inventory Warehouse Management with Cloud
Document53 pages
Implement Zero Inventory Warehouse Management with Cloud
Harikrishnan Shunmugam
No ratings yet
Vbs Sop Its-001 Dv01 04 May 11 Ms
Document7 pages
Vbs Sop Its-001 Dv01 04 May 11 Ms
vimalrajan1985
No ratings yet
Prevent Unauthorized Access
Document33 pages
Prevent Unauthorized Access
Chandrashekhar Katagi
No ratings yet
3rd Party Outsourcing Information Security Assessment Questionnaire V1.4
Document10 pages
3rd Party Outsourcing Information Security Assessment Questionnaire V1.4
Rupang Shah
No ratings yet
DFT20083 - 2.1 Describe Security Policy
Document26 pages
DFT20083 - 2.1 Describe Security Policy
amin124010
No ratings yet
Security Training
Document14 pages
Security Training
mmeridius
No ratings yet
Wsk2019 Tpfs06 en
Document12 pages
Wsk2019 Tpfs06 en
eli801101
No ratings yet
IMDS Data Privacy
Document7 pages
IMDS Data Privacy
Efrain Perez
No ratings yet
System Requirment Specifications For Electronic Banking: Further Drawbacks of The Existing System
Document16 pages
System Requirment Specifications For Electronic Banking: Further Drawbacks of The Existing System
Movie Lovers
No ratings yet
3.1. Assumptions and Dependencies
Document8 pages
3.1. Assumptions and Dependencies
Arav h
No ratings yet
Unit-Ii 5-Marks Question: Thin
Document16 pages
Unit-Ii 5-Marks Question: Thin
Muttu Ingaleshwar
No ratings yet
Krepak Ivan CS1902 - Preventing Trackers
Document6 pages
Krepak Ivan CS1902 - Preventing Trackers
AAAAAAA
No ratings yet
Assignment 1
Document1 page
Assignment 1
AAAAAAA
No ratings yet
Practical Task # 3
Document6 pages
Practical Task # 3
AAAAAAA
No ratings yet
Krepak Ivan CS1902 - Practical Task 5 - 1
Document3 pages
Krepak Ivan CS1902 - Practical Task 5 - 1
AAAAAAA
No ratings yet
Dell Unity - Additional Procedures-SVC Commands
Document10 pages
Dell Unity - Additional Procedures-SVC Commands
Arman Shaikh
No ratings yet
Analysis of Innovative Aircraft Ground Handling Configurations
Document176 pages
Analysis of Innovative Aircraft Ground Handling Configurations
Dennis Padec Bwochengo
100% (1)
Data Communications Networks Network Types Protocol Layering
Document48 pages
Data Communications Networks Network Types Protocol Layering
iot
No ratings yet
User Guide: TUF Gaming Monitor VG1A Series
Document35 pages
User Guide: TUF Gaming Monitor VG1A Series
Mudiwa Olufunmilola
No ratings yet
Using A Conformity Matrix To Align Processes To ISO 9001 - 2015
Document4 pages
Using A Conformity Matrix To Align Processes To ISO 9001 - 2015
esivaks2000
No ratings yet
M 2 Portable
Document2 pages
M 2 Portable
petervajda123
No ratings yet
Stretchable Wearable MRI Device
Document2 pages
Stretchable Wearable MRI Device
Folk Narongrit
No ratings yet
(Google Ads) Optimization - Creative - Creative For Display - Best Practise
Document42 pages
(Google Ads) Optimization - Creative - Creative For Display - Best Practise
Mohammad Sajjad
No ratings yet
Printable Resume For Mechanical Engineer
Document5 pages
Printable Resume For Mechanical Engineer
Sachin Pinto
No ratings yet
Guideline-For-Regular (Summer) Exam 2021 B. Pharmacy
Document1 page
Guideline-For-Regular (Summer) Exam 2021 B. Pharmacy
BHRUJ PATEL
No ratings yet
Low Power Low Dropout Middle Current Voltage Regulators: General Description Features
Document10 pages
Low Power Low Dropout Middle Current Voltage Regulators: General Description Features
171 171
No ratings yet
Mlacp Server Support
Document26 pages
Mlacp Server Support
toicantien
No ratings yet
Consecutive Calculations!: Consecutive Numbers Follow One After Another, E.G. 5, 6, 7
Document12 pages
Consecutive Calculations!: Consecutive Numbers Follow One After Another, E.G. 5, 6, 7
Nikki Mayor-Ong
No ratings yet
Dummy Image Generator
Document6 pages
Dummy Image Generator
ANKIT
No ratings yet
962 TRAMONTINA (2)
Document2 pages
962 TRAMONTINA (2)
pramod.yadav
No ratings yet
Introto Optimization
Document255 pages
Introto Optimization
Syed Qudratullah
No ratings yet
Eh600 A Series 2
Document92 pages
Eh600 A Series 2
Nguyễn Đình Bảo Khang
No ratings yet
GRE Math Practice Test 17
Document22 pages
GRE Math Practice Test 17
Malik Shahzad
100% (2)
Optimization of UPFC Location and Capacity To Improve The Stability Using ABC and GSA Algorithm
Document7 pages
Optimization of UPFC Location and Capacity To Improve The Stability Using ABC and GSA Algorithm
Xahid Yousaf
No ratings yet
Build Successful Editorial Plan: Managing Editor Skills
Document5 pages
Build Successful Editorial Plan: Managing Editor Skills
Vigniswara Vicky
No ratings yet
Diophantine Equations - PRMO
Document6 pages
Diophantine Equations - PRMO
apocalyptic
No ratings yet
SAP CS - Config - DIP
Document30 pages
SAP CS - Config - DIP
Padma Raju
No ratings yet
Shruti Assignment 2
Document25 pages
Shruti Assignment 2
Shruti Suryawanshi
No ratings yet
Scholars Information Update (Pagurigan)
Document1 page
Scholars Information Update (Pagurigan)
Loki Pagcor
No ratings yet
Before Ulte - Vilmut - BKS
Document171 pages
Before Ulte - Vilmut - BKS
Wahyoe Arya
No ratings yet
Student Survey Insights Blended Course
Document4 pages
Student Survey Insights Blended Course
Tan Chee Sheng
No ratings yet
Vacancies: Mauritius Institute of Training and Development Head Office
Document11 pages
Vacancies: Mauritius Institute of Training and Development Head Office
Maurice
No ratings yet
Introduction to PIC18 Microcontroller Architecture and Instructions
Document44 pages
Introduction to PIC18 Microcontroller Architecture and Instructions
Andy Wo
No ratings yet
Tugas Citra 4
Document23 pages
Tugas Citra 4
Anonymous
No ratings yet
Web ADI Personalization
Document7 pages
Web ADI Personalization
smohammedsaad
No ratings yet