Chapter 2: Legislation Relevant to IT

You were engaged as a consultant by a client that just started doing business. Some of the services your client provides include storing, processing, and/or transmitting credit card data. Your client is unaware of any laws or regulations related to the aforementioned services. You know right from the start that your client must comply with PCI DSS standards. Using a memo format, prepare communication to your client including the following:

a. Summarize what PCI DSS are and why are they relevant to your client. You are highly encouraged to look for outside sources.

b. Using the six goals and requirements (bullet points) of PCI DSS listed in the chapter as objectives, develop a plan to meet three of those objectives. Your plan must include the specific objective along with a brief explanation of the activity or procedure that you will advise your client to implement in order to comply with the specific objective. For example, for one of the goals or objectives, "Protecting stored cardholder data," you should explain how specifically will the cardholder data be protected and what encryption techniques should be put in place (you may want to elaborate here since your client had expressed to you that she is not well-familiarized with technology). Ultimately, your communication should bring comfort to your client and ensure that all transmissions of cardholder data are indeed safeguarded.