Assess computer networks for regulatory compliance.
Part 1: Major Events Documentation
Scenario: You visit a retail establishment, shop around, and finally carry several products to one of the point of sale (POS) terminals distributed openly around the store. You produce a credit card, the salesclerk processes the transaction, bags your goods, and hands you the receipt. On your way to the exit, a store employee asks to see your receipt and checks the contents of the store bag. Document each of the major events just described and explain them in terms of the PCI compliance standard. Include this report in your assignment.
Part 2: PCI Compliance
This part of the assignment will cover PCI. Please refer to Figure B1 in your responses.
Respond to and address the following in essay style:
Suppose HGAs mainframe, depicted in Figure B-1, stored cardholder data in the private databases. What steps should be taken to protect that data in order to be PCI compliant?
HGAs mainframe has network connectivity. Assuming that cardholder data is transmitted across these networks, describe how data should be protected in transmission.
Users are located at various sites connected to the HGA network. Suggest appropriate access controls to restrict unauthorized users from looking at cardholder data.
The PCI specification notes that all systems and network devices connected to a system that stores, transmits, or processes cardholder data is in scope and must comply with PCI specifications. To avoid having the whole network subject to PCI specifications, how would you segment the network to reduce the scope of compliance?