Answered step by step
Verified Expert Solution
Question
1 Approved Answer
possible. The Council lays down several security standards that organizations in different industry segments must implement: for instance, PCI PTS covers manufacturers of PIN-based devices,
possible. The Council lays down several security standards that organizations in different industry segments must implement: for instance, PCI PTS covers manufacturers of PIN-based devices, and PCI PA-DSS governs software developers writing code that manages cardhoider data. PCl DSS is the most wide-ranging of the Councir's standards. It applies to "any entity that store-5, processes, andlor transmits cardholder data," which means that any organization that accepts credit card payments - which is to say, any virtually any organization that sells anything or accopts donations - must adhere to the standard. (Frulinger, d, (2020, July 17). PCI DSS explained: Requarements, fines, and stops to complance. cso Online. plance.himl) Project Submission Steps Read the scenario below and perform the required task. Scenario You are the cybersecurity analyst for a retailer that is considered a Tier 1 merchant (the highest) under PCI DSS. Your company wants to migrate to the cloud, specifically Amazon Web Services (AWS). However, they aren't sure how to maintain their PCl compliance once they do that. They know that AWS operates on a Shared Responsibility Model, but they are fuzzy on the details. The link explaining this model is below. AWs: Sbared Responsibility Model There are twelve requirements within the standard, with each requirement having multiple sub-requirements, so this project is daunting. Given the work involved, they have hired an outside consultant to perform this effort, and he has gone through the first six requirements. However, he has fallen ill, so your boss has asked you to go ahead and research the seventh and eighth requirements. Requirement 7 is "Restrict access to cardholder data to business need to know' and Requirement 8 is "Assign a unique 10 to each person with computer access." Your task is to locate the PCI DSS 3.2.1 on AWS Compliance Guide on the AWS web site, go down to Requirements 7 and B, and look at each sub-point to determine who is responsible for what. Document what AWS is responsible for, what your company is responsible for, and what options exist within AWS (Ike the AWS Marketplace) to help your company be compliant
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started