Identify and authenticate access to system components.

By
Responsive Centered Red Button

Need Help with this Question or something similar to this? We got you! Just fill out the order form (follow the link below), and your paper will be assigned to an expert to help you ASAP.

Order Form

Learning Goal: I’m working on a cyber security multi-part question and need support to help me learn.Part 1: Research Risk Assessment Standards (0/1 completed)Note: In this part of the lab, you will review the access control requirements created by two different regulatory standards. The Payment Card Industry Data Security Standard (PCI DSS) is a self-regulatory standard imposed upon all businesses involved in the processing of credit card transactions. It contains over 10 pages of detailed requirements for access control systems. The HIPAA Security Rule is a higher-level standard that provides implementation guidance for securing systems that process electronic protected health information.**At least 270-300 words or as much as needed to fully answer the questionsIn your browser, navigate to https://www.pcisecuritystandards.org/ and retrieve a copy of the current version of the Payment Card Industry Data Security Standard (PCI DSS) from the website’s document library.PCI DSS is a regulatory framework for organizations involved in the storage, processing, and transmission of credit card information. The standard is quite lengthy and covers many aspects of cybersecurity. The 12 major requirements in this standard are often described as the “Digital Dozen” of credit card security.
Review the “Implement Strong Access Control Measures” section of the PCI DSS document.This section includes three requirements, each of which has several pages of detail:
Requirement 7: Restrict access to cardholder data by business need to know.
Requirement 8: Identify and authenticate access to system components.
Requirement 9: Restrict physical access to cardholder data.
In your browser, navigate to https://www.hhs.gov/sites/default/files/ocr/privac… and review Section 164.312 of the HIPAA Security Rule on pages 66-67.This section provides the technical safeguards required for operating a HIPAA-compliant system, including the standards for access control.
QUESTION 1: Compare the requirements for access control systems in the PCI DSS to those in the HIPAA Security Rule. Describe the level of detail found in each standard and how each standard might be easier and more challenging to meet compared with the other.Part 2: Conduct a Risk Assessment (0/2 completed)Note: In this part of the lab, you will review an access control system against the PCI DSS risk assessment framework. Your task is to identify any gaps that might exist between the existing system and the requirements in the standard.You are the security administrator for Ricky’s Fried Chicken, a franchised fried chicken restaurant. The restaurant accepts credit cards and, as such, is subject to the provisions of PCI DSS. You are conducting a risk assessment of the point-of-sale (POS) system used by the chain against the access control provisions of PCI DSS.The POS uses the architecture shown below:POS ArchitectureThe links between the data center and the stores are all over strongly encrypted VPN connections. Currently, each cashier has the ability to log on to the POS system at any store. Managers have the ability to log on to the POS systems, as well as the back-end servers. Cashiers use generic “cashier1,” “cashier2,” and “cashier3” accounts while managers each have personal accounts.All users log on using a strong password. The organization has the following password requirements:Passwords must be at least eight characters long and must be changed every 180 days.
Users are locked out for one hour after 10 unsuccessful login attempts.
Users are logged out after 10 minutes of inactivity.
The organization has written cardholder security policies and managers and IT staff review them on an annual basis, signing logs to document their review. IT staff conduct a semiannual review to remove the accounts of any managers who have left the organization.Question 3: Conduct a risk analysis of this environment using the version of PCI DSS that you downloaded in Part 1 of this lab. Document at least five control gaps that exist in the environment. You may make assumptions about information not provided in this scenario, if necessary.Question 4: Identify controls that will mitigate each of the five deficiencies you identified in the previous step. Create a prioritized list of these actions.ATTACHMENTSpart_2___conduct_a_risk_assessment_image.png
Requirements: 270-300 or as much as needed

How to create Testimonial Carousel using Bootstrap5

Clients' Reviews about Our Services