pls do not plagiarize this case is from lecture Whereas Case Study One concentrated on developing the essence of a security program for Maxistar, Case Study Two will have you focus on a compliance plan. You will convert some compliance regulations from the Payment Card Data Security Standard into controls of the format that we saw in NIST 800-53a. You can begin by reading these case study notes. Maxistar, having both online and bricks and mortar stores, receives payments for its products using credit cards from the four major card brands. These payments are received by Maxistar, but passed onto a third party processor for payments. Under the rules of the Payment Card Industry Data Security Standard (PCI DSS), Maxistar is subject to that standard for compliance. On the Payment Card Industry (PCI) website (www.pcisecuritystandards.org), locate the PCI DSS standard. Once you read through the entire standard, you will notice that there are twelve multi-part requirements that need to be meet in order to meet the standard. For the purposes of the case study, I want you to assume that all of the standard’s requirements are in scope for an assessment of their compliance. Using what we learned about setting up the effectiveness testing of controls in NIST 800-53a, pick out eight (8) different controls (such as 6.2) that need to be met and build a compliance assessment procedure for each of those controls (see example below). Everyone must do 3.2.1 in the PCI DSS standard. Submit these to the appropriate submission folder by 11:59 PM of the date indicated in the syllabus. ASSESSMENT PROCEDURE CP-2.1 ASSESSMENT OBJECTIVE: Determine if: (i) the organization develops a contingency plan for the information system that: -identifies essential missions and business functions and associated contingency requirements; -provides recovery objectives, restoration priorities, and metrics; -addresses contingency roles, responsibilities, assigned individuals with contact information; -addresses maintaining essential missions and business functions despite an information system disruption, compromise, or failure; and -addresses eventual, full information system restoration without deterioration of the security measures originally planned and implemented; and -is reviewed and approved by designated officials within the organization; (ii) the organization defines key contingency personnel (identified by name and/or by role) and organizational elements designated to receive copies of the contingency plan; and (iii) the organization distributes copies of the contingency plan to organization-defined key contingency personnel and organizational elements. POTENTIAL ASSESSMENT METHODS AND OBJECTS: Examine: [SELECT FROM: Contingency planning policy; procedures addressing contingency operations for the information system; contingency plan; security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with contingency planning and plan implementation responsibilities].
The post essence of a security program for Maxistar appeared first on My Assignment Online.