Unit 2 Assignment 2
1- the touch point between objectives and requirements is to build and maintain a secure network for customers, protect all card holder data, maintain a vulnerability management program, and implement strong access control measures.
2- The best practices I deem appropriate for these requirements are to install and maintain a firewall, no use of defaults and default passwords. Also protection of stored data is of highest importance along with encrypted transmissions. Use and update antivirus software regularly with developing and maintaining secure systems at all times. Restricting access to data by using unique logons for each user with out using sharing any and all information pertained to those. Track and monitor all access and systems that hold data, regularly test security systems and modify and fix as needed. Hold and maintain a strict security policy.
3- My reasoning for these practices is not only to follow and use the principals and requirements from the PCIDSS organization. Their guidelines and standards are very meticulously thought out and are always updated and changed through the ever-changing real world situations. I believe that with standards set and followed we can securely accept credit card payments.
4- IT management I have done much research into PCI DSS, and I have concluded that with following certain goals and objectives that we can receive credit card payments from our customers with great confidence and security. Our main goals are as follows maintain a secure network that is compliant, protect all card holder data, maintain a vulnerability management program, implement strong access control measures, monitor and test networks regularly, maintain a stringent security policy. Through these goals and followed in detail with each procedure we will have a high security protocol to protect financial data.