lab #3 case study on pci dss noncompliance: cardsystems solutions

Lab #3 – Assessment Worksheet

Case Study on PCI DSS Noncompliance: CardSystems Solutions

Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________

Instructor Name: ______________________________________________________________

Lab Due Date: ________________________________________________________________

Overview

In this lab, you reviewed a real-world case study that involved a PCI DSS noncompliance

scenario, and you recommended mitigation remedies to prevent the loss of private data for

similar organizations.

Lab Assessment Questions & Answers

1. Did CardSystems Solutions break any federal or state laws?

2. In June 2004, an external auditor certified CardSystems Solutions as Payment Card Industry Data

Security Standard-(PCI DSS-) compliant. What is your assessment of the auditor’s findings?

3. Can CardSystems Solutions sue the auditor for not performing his or her tasks and deliverables

with accuracy? Do you recommend that CardSystems Solutions pursue this avenue?

4. Who do you think is negligent in this case study and why?

5. Do the actions of CardSystems Solutions warrant an “unfair trade practice” designation as stated

by the Federal Trade Commission (FTC)?

26| LAB #3 Case Study on PCI DSS Noncompliance: CardSystems Solutions

6. What security policies do you recommend to help with monitoring, enforcing, and ensuring PCI

DSS compliance?

7. What security controls and security countermeasures do you recommend for CardSystems

Solutions to be in compliance with PCI DSS requirements?

8. What was the end result of the attack and security breach to CardSystems Solutions and its

valuation?

9. What are the possible consequences associated with the data loss?

10. Who do you think is ultimately responsible for CardSystems Solutions’ lack of PCI DSS

compliance?

11. What should CardSystems Solutions have done to mitigate possible SQL injections and data

breaches on its credit card transaction-processing engine?

12. True or false: Although CardSystems Solutions had proper security controls and security

countermeasures, it was not 100 percent PCI DSS-compliant because the company failed to

properly implement ongoing monitoring and testing on its development and production systems.

Continue to order Manage Your Orders

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.