Java Reference
In-Depth Information
4.1.3.2 Security Compliance and Regulation
Panthera, being a large merchant, is required to comply with the Payment Card Industry Data
Security Standard ( PCI-DSS). Panthera's acquiring
bank, AmericoBanc, has instructed Panthera
to get compliant and certiied on the Payment Card Industry standards. Panthera's current appli-
cation does not support PCI compliance. For instance, the application does not support encryp-
tion for stored credit card information, strong passwords, and logging requirements, which are a
part of the PCI-DSS. Panthera must adhere to the PCI standards or it risks heavy ines levied by
the acquiring bank and the payment brands like Visa and MasterCard. It does not provide sev-
eral features and functionality like secure data storage, password management capabilities, input
validation, and several other security requirements, which are necessary for PCI compliance. he
vendor will be able to add a few of the required features in the application, but most of the security
requirements will not be supported in the current e-commerce application. PCI is one of the most
important compliance requirements for merchants; therefore, Panthera is quite concerned about
the state of their PCI compliance efort with the current e-commerce application.
4.1.4 Panthera's Plan for Information Security
Panthera's management has decided to ensure that the information security practices across the
organization are of a world-class quality. hey have appointed a new chief information security
oicer, Shaun Woolworth, who will be responsible for instilling the culture of information secu-
rity in the organization in general.
Security, is not a one-of event or a one-time activity. It is a continuous activity that requires
a dedicated and disciplined efort to ensure that the myriad security risks, which are part of every
operating environment, are treated appropriately and on merit. Risk management plays a critical
role in the efective implementation of security, because it helps the organization in understand-
ing what the critical information assets are and what kind of threats may attack those critical
assets, which results in the implementation of appropriate security controls on the merit of the
risk. Accordingly, Mr. Woolworth has outlined a plan that has taken the entire organization into
consideration. Panthera's operations are spread across the West Coast, and security is an important
requirement at every one of their locations, as they come in contact with sensitive data across all
these locations. Some of the broad plans outlined by Mr. Woolworth are as follows:
◾
Physical security
◾
Network security
◾
Application security
Host security
◾
4.1.4.1 Physical Security
Physical security is an important consideration, even for a merchant outlet like Panthera. Each
Panthera store has an active processing environment as their point-of-sale (POS) solution has been
deployed store-wide, which is then synchronized to Panthera's central server in their headquarters.
Physical access control systems for employees need to be deployed to ensure that only authorized
employees are allowed to access sensitive areas like the processing environments in these stores.
As Panthera heavily relies on wireless networks in the stores, wireless access points need to be pro-
tected against physical abuse and malpractice. Other physical security controls include cameras
Search WWH ::
Custom Search