Part 2A: Major Events Documentation
Scenario: You visit a retail establishment, shop around, and finally carry several products to one of the point of sale (POS) terminals visible around the store. You produce a credit card and the salesclerk processes the transaction, bags your goods, and hands you the receipt. On your way to the exit, a store employee asks to see your receipt and inspects the contents of the store bag. Document each of the major events just described and then describe the events in terms of the PCI compliance standard. Include this report in your assignment.
Part 2B: PCI Compliance
This part will cover PCI. Please refer to Figure B-1A in your responses.
Respond to and address the following:
- Suppose HGA’s data server, depicted in Figure B-1, stored cardholder data in the private databases. What steps should be taken to protect that data in order to be PCI compliant?
- HGA’s data server has network connectivity. Assuming that cardholder data is transmitted across these networks, describe how data should be protected in transmission.
- Users are located at various sites connected to the HGA network. Suggest appropriate access controls to restrict unauthorized users from looking at cardholder data.
- The PCI specification notes that all systems and network devices connected to a system that stores, transmits, or processes cardholder data is in scope and must comply with PCI specifications. To avoid having the whole network subject to PCI specifications, how would you partition the network to reduce the scope of compliance?
Submit the usual double-spaced APA-styled report. At least four pages of material are expected beyond the title page, table of contents, abstract, and references page.