Module 03 Network Security Controls -Administrative Controls Flashcards
PCS-DSS Requirement: “A formal process for approving and testing all network connections and changes to the firewall and router configurations.”
Provision for detecting all unauthorized network connections to/from an organization’s IT assets
PCI-DSS Requirement No 1.1.1
PCI-DSS Requirement: “Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment, and specifically deny all other traffic.”
Provision for detecting all unauthorized network connections to/from an organization’s IT assets
PCI-DSS Requirement No 1.2.1
PCS-DSS Requirement: “Documentation and business justification for use of all services, protocols, and ports allowed, including documentation of security features implemented for those protocols considered to be insecure.”
Provision for looking insecure protocols and services running on systems
PCI-DSS requirement no 1.1.6
PCI-DSS Requirement: “Implement a DMZ to limit inbound traffic to only system components that provide authorized publicly accessible services, protocols, and ports”
Provision for checking how traffic is flowing across the DMZ to/from the internal network
PCI-DSS requirement no 1.3.1
PCI-DSS Requirement: “Limit inbound internet traffic to IP addresses within the DMZ.”
Provision for checking how traffic is flowing across the DMZ to/from the internal network
PCI-DSS requirement no 1.3.2
PCI-DSS Requirement: “Deploy anti-virus software on all systems commonly affected by malicious software/ particularly personal computers and servers.)”
Provision for detecting malware infection when anti-virus protection is disabled on the machines.
PCI-DSS requirement no 5.1
PCI-DSS Requirement: “Ensure that anti-virus mechanism are actively running and cannot be disabled or altered by users, unless specifically authorized by management on a case-by-case basis for a limited time period.
Provision for detecting malware infection when anti-virus protection is disabled on the machines.
PCI-DSS requirement no 5.3
Electronic Transaction and Code Set Standards:
Transactions are electronic exchanges involving the transfer of information between two parties for specific purposes.
Health Insurance Portability and Accountability Act (HIPPA)
Privacy Rule:
Establishes national standards to protect people’s medical records and other personal health information and applies to health plans, health care clearinghouses, and health care providers that conduct certain health care transactions electronically.
Health Insurance Portability and Accountability Act (HIPPA)
Security Rule:
Establishes national standards to protect individual’s electronic personal health information that is created, received, used, or maintained by a covered entity.
Health Insurance Portability and Accountability Act (HIPPA)
Employer Identifier Standard:
Requires that each employer has a standard national number that identifies them on standard transactions.
Health Insurance Portability and Accountability Act (HIPPA)
National Provider Identifier Standard (NPI):
A unique identification number assigned to covered health care providers.
Health Insurance Portability and Accountability Act (HIPPA)
Enforcement Rule
Contains provisions relating to compliance and investigation, as well as the imposition of civil monetary penalties for violations of the HIPPA Administrative Simplification Rules and procedures for hearings.
Health Insurance Portability and Accountability Act (HIPPA)
Enacted in 2002, is designed to protect investors and the public by increasing the accuracy and reliability of corporate disclosures.
Sarbanes Oxley Act (Sox)
