Regulation: Payment Card Industry Data Security Standard (PCI DSS)

Question 1

If a company suffers from a breach of customer credit card records, under the terms of PCI DSS, what organization may choose to purse an investigation of this matter?

Answer 1

• bank
• PCI is enforced through contractual relationships between merchants and their banks
• law enforcement can be used for criminal investigations

Question 2

How often does PCI DSS require application vulnerability scans?

Answer 2

at least annually and after any change in the application

Question 3

What technology may be put in place that eliminates the PCI DSS requirement for recurring web vulnerability scans?

Answer 3

PCI DSS allows organizations to choose between performing annual web vulnerability assessment tests or installing a web application firewall

Question 4

What are the 6 major objectives of PCI/DSS?

Answer 4

1. a secure network must be maintained in which transactions can be conducted
2. cardholder information must be protected wherever it is stored
3. systems should be protected against the activities of malicious hackers
4. cardholder data should be protected physically as well as electronically
5. networks must be constantly monitored and regularly tested
6. a formal information security policy must be defined, maintained and followed