...Compliments of ersion 2.0 ! ated for PCI DSS V Upd pliance PCI Com ition Qualys Limited Ed Secure and protect cardholder data Sumedh Thakar Terry Ramos PCI Compliance FOR DUMmIES ‰ by Sumedh Thakar and Terry Ramos A John Wiley and Sons, Ltd, Publication PCI Compliance For Dummies® Published by John Wiley & Sons, Ltd The Atrium Southern Gate Chichester West Sussex PO19 8SQ England Email (for orders and customer service enquires): cs-books@wiley.co.uk Visit our Home Page on www.wiley.com Copyright © 2011 by John Wiley & Sons Ltd, Chichester, West Sussex, England All Rights Reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except under the terms of the Copyright, Designs and Patents Act 1988 or under the terms of a licence issued by the Copyright Licensing Agency Ltd, 90 Tottenham Court Road, London, W1T 4LP, UK, without the permission in writing of the Publisher. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Ltd, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, England, or emailed to permreq@wiley.com, or faxed to (44) 1243 770620. Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com and...
Words: 15012 - Pages: 61
...Card Industry (PCI) Data Security Standard Requirements and Security Assessment Procedures Version 3.2 April 2016 Document Changes Date October 2008 Version 1.2 Description Pages To introduce PCI DSS v1.2 as “PCI DSS Requirements and Security Assessment Procedures,” eliminating redundancy between documents, and make both general and specific changes from PCI DSS Security Audit Procedures v1.1. For complete information, see PCI Data Security Standard Summary of Changes from PCI DSS Version 1.1 to 1.2. Add sentence that was incorrectly deleted between PCI DSS v1.1 and v1.2. Correct “then” to “than” in testing procedures 6.3.7.a and 6.3.7.b. 1.2.1 32 Remove grayed-out marking for “in place” and “not in place” columns in testing procedure 6.5.b. 33 For Compensating Controls Worksheet – Completed Example, correct wording at top of page to say “Use this worksheet to define compensating controls for any requirement noted as ‘in place’ via compensating controls.” July 2009 5 64 October 2010 2.0 Update and implement changes from v1.2.1. See PCI DSS – Summary of Changes from PCI DSS Version 1.2.1 to 2.0. November 2013 3.0 Update from v2.0. See PCI DSS – Summary of Changes from PCI DSS Version 2.0 to 3.0. April 2015 3.1 Update from PCI DSS v3.0. See PCI DSS – Summary of Changes from PCI DSS Version 3.0 to 3.1 for details of changes. April 2016 3.2 Update from PCI DSS v3.1. See PCI DSS – Summary...
Words: 57566 - Pages: 231
...RUNNING HEAD: ONLINE THERAPY Online Therapy Technology in Human Service The value of online therapy varies because of specific reasons and treatments therapy is utilized and type of services needed for particular clients. Online therapy can be very beneficial to those who cannot access transportation or might be homebound. This makes online therapy convenient and opens flexible scheduling but if you are not disabled or homebound it may be difficult to resolve issues faced due to non face to face interaction. Sometimes it is better to be face to face with someone to sort out obstacles because the therapist can read body language, facial expression, and vocal signals. These are very important to understand what the therapist is working with and how they can help you. Face to face encounter also gives the client a preview of what potential the therapist has and what kind of relationship bonding will take place. While evaluating online therapy three sites where reviewed; the content of each site and the site interaction for therapy will be discussed. During this discussion the view of state regulatory boards and advantages and disadvantages of online therapy will be analyzed. People are capable of genuine change because there is always an explanation of human thought and motivation. Online therapy seems to provide motivation to those who prefer to be in the comfort of their home for a number of...
Words: 973 - Pages: 4
...QUALYSGUARD® ROLLOUT GUIDE July 12, 2012 Copyright 2011-2012 by Qualys, Inc. All Rights Reserved. Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys, Inc. All other trademarks are the property of their respective owners. Qualys, Inc. 1600 Bridge Parkway Redwood Shores, CA 94065 1 (650) 801 6100 Preface Chapter 1 Introduction Operationalizing Security and Policy Compliance..................................................... 10 QualysGuard Best Practices ........................................................................................... 11 Chapter 2 Rollout First Steps First Login......................................................................................................................... Complete the User Registration.......................................................................... Your Home Page................................................................................................... View Host Assets .................................................................................................. Add Hosts .............................................................................................................. Remove IPs from the Subscription..................................................................... Add Virtual Hosts ................................................................................................ Check Network Access to Scanners .....................................
Words: 38236 - Pages: 153
...clerical/administrative skills and experience * Great personality and professional manner toward others * Flexibility to work effectively in a changing environment * Extensive customer service/data entry * Obtained forklift certifications in all areas COMPUTER LITERACY * Operating Systems: Windows 98/00/XP/07/8/8.1, UNIX, Linux, Oracle VB, VMware * Databases: MS SQL Server 05/08/12, MS-Access, SCRT Database Linux. * Languages: HTML, ASP, XML, DHTML, CSS, PL/SQL, JavaScript, C, C++. EDUCATION Strayer University of Huntsville 7/2013 – Present Bachelor’s Degree – Cyber security Management Expected Graduation – 9/2016 ITT Technical Institute of Madison 12/2009 - 6/2013 Associate Degree - Computer Networking Systems 6 Honor Awards: 3.5- 4.0 GPA Davidson Technologies Inc. 04/2013 – Present System Administrator * Experience with Configuration Win XP, Vista, 7 Pro, 8, 2008 R2, 2012 R2, VMware, and Linux OSs * Security wipes on HDD and reloads on HDD with new OSs for workstations....
Words: 710 - Pages: 3
...information that is proprietary, confidential, sensitive or otherwise restricted from disclosure. If you are not an authorized recipient, please return this document to WATERWORLD WATERPARKS, Attention: IT Director. Dissemination, distribution, copying or use of this document in whole or in part by anyone other than the intended recipient is strictly prohibited without prior written permission of WATERWORLD WATERPARKS Executive Management. Revision History Changes | Approved By | Date | Initial Publication | John Smothson | 3-23-2011 | | | | | | | | | | | | | | | | | | | | | | | | | | | | Table of Contents 1 Introduction and Scope 8 1.1 Introduction 8 1.2 Payment Card Industry (PCI) Compliance 8 1.3 Scope of Compliance 8 2 Policy Roles and Responsibilities 10 2.1 Policy Applicability 10 2.2 Information Technology Manager 10 2.3 Information Technology Department 11 2.4 System Administrators 12 2.5 Users – Employees, Contractors, and Vendors 12 2.6 Human Resource Responsibilities 12 2.6.1 Information Security Policy Distribution 13 2.6.2 Information Security Awareness Training 13 2.6.3 Background Checks 13 3 IT Change Control Policy 15 3.1 Policy Applicability and Overview 15 3.2 Change Request Submittal 15 3.2.1 Requests 15 3.2.2 Request Approval 15 3.2.3 Request Management 17 3.2.4 Projects 17 3.3 Change Request Approval 18 3.4 Project Approval 18 3.5 Change Testing 19 3.6 Change Implementation 19 3.6.1 Release 19 3.6.2 Release Approval...
Words: 28277 - Pages: 114
...than 20% of enterprises will rely only on firewalls or intrusion prevention systems to protect their Web applications — down from 40% today. By year-end 2020, more than 50% of public Web applications protected by a WAF will use WAFs delivered as a cloud service or Internet-hosted virtual appliance — up from less than 10% today. Market Definition/Description The Web application firewall (WAF) market is defined by a customer's need to protect internal and public Web applications when they are deployed locally (on-premises) or remotely (hosted, "cloud" or "as a service"). WAFs are deployed in front of Web servers to protect Web applications against hackers' attacks, to monitor access to Web applications, and to collect access logs for compliance/auditing and analytics. WAFs are most often deployed in-line, as a reverse proxy, because historically it was the only way to perform some in-depth inspections. Other deployment modes exist, such as transparent proxy, bridge mode, or the WAF being positioned out of band (OOB) and, therefore, working on a copy of the network traffic. The primary WAF benefit is providing protection for custom Web applications that would otherwise go unprotected by other technologies that guard only against known exploits and prevent vulnerabilities in off-the-shelf Web application software...
Words: 10448 - Pages: 42
...Student Lab Manual © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Student Lab Manual © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Auditing IT Infrastructures for Compliance © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION IS4680 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett©Learning, LLC Learning, LLC, an Ascend Learning Company Bartlett Current Version Date: 11/21/2011 © Jones & Learning, LLC Copyright 2013 by Jones & Bartlett www.jblearning.com! NOT FOR SALE OR DISTRIBUTION ...
Words: 30948 - Pages: 124
...AIRCRAFT SOLUTIONS SE571 Principles of Information Security and Privacy Phase II Course Project Company Overview Aircraft Solutions (AS) is a recognized leader in the design and fabrication of component products and services for companies in the electronics, commercial, defense, and aerospace industry. Located in Southern California, AS has a dedicated, trained workforce and maintains a large capacity plant and extensive equipment to meet customer requirements. Much of the equipment is automated to increase production while reducing costs. The company's workforce has a large skill base: design engineers, programmers, machinists, and assembly personnel to work its highly-automated production systems. The mission of AS is to provide customer success through machined products and related services, and to meet cost, quality, and schedule requirements. The company strategy is to offer low-cost design and computer-aided modeling packages to customers to reduce their development expenses. AS will help the customer through all phases of new product deployment, from initial prototypes through final large-volume production and assembly. By involving itself in all phases of customer product development, AS hopes to establish long-term relationships and secure repeated follow-on business with its customers. In addition, AS continues to invest heavily in workforce education and training, so as to improve capability to serve its customers. Security Vulnerabilities Overall...
Words: 1895 - Pages: 8
...Aircraft Solution (AS) Company Ali Hassan Submitted to: John Michalek SEC571 Principles of Information Security and Privacy Keller Graduate School of Management Submitted: April 21, 2013 Table of Contents Company Overview ……………………………………………1 Company Assets ………………………………………………..1 Vulnerabilities ………………………………………………….2 Hardware Vulnerability………………………………….......2 Policy Vulnerability …………………………..……………..3 Recommended Solutions…………………………………….... 5 Hardware Solutions ……………………...………………..…5 Policy Solutions ……………………………...……………...10 Budget ………………………………………………………….12 Summary ………………………………………………………13 References……………………………………………………...14 Company Overview Aircraft Solutions (AS) company located in Southern California design and fabricates component products and provide services for companies in the electronics, commercial, defense, and aerospace industry. The mission of AS is to provide customer success through machined products and related services, and to meet cost, quality, and schedule requirements. AS uses Business Process Management (BPM) to handle end-to-end processes. BPM system is designed to connect customers, vendors, and suppliers. Security Weakness In the communication between AS’s headquarter and its two departments make the AS’s headquarter assets are targeted, I will discuss here about the vulnerabilities in software and the policy. Company’s Assets The assets for AS are the Business Process Management, BPM, system and the...
Words: 4091 - Pages: 17
...The Necessity of Information Assurance 1 The Necessity of Information Assurance Adam Smith Student ID: Western Governors University The Necessity of Information Assurance 2 Table of Contents Abstract ........................................................................................................................................... 5 Introduction ..................................................................................................................................... 6 Project Scope .............................................................................................................................. 6 Defense of the Solution ............................................................................................................... 6 Methodology Justification .......................................................................................................... 6 Explanation of the Organization of the Capstone Report ........................................................... 7 Security Defined ............................................................................................................................. 8 Systems and Process Audit ............................................................................................................. 9 Company Background ................................................................................................................ 9 Audit Details ...........................
Words: 12729 - Pages: 51
...Risk Assessment in Information Technology Risk Assessment in Information Technology This paper will address risk assessment in Information Technology and discuss factors used to identify all kinds of risks in company network diagram. It will also assess the risk factors that are inclusive for the Company and give the assumptions related to the security data as well as regulatory issues surrounding risk assessment. In addressing the global implications, the paper will propose network security vulnerabilities and recommend the mitigation measures for the vulnerabilities. Cryptography recommendations based on data driven decision-making will be assessed, and develop risk assessment methodologies. Risk assessment in Information Technology Risk assessment is one of the mitigation methods for the Networks design. The scanners or vulnerability tools are used to identify the risks or vulnerabilities within the network design. The risks can be identified by these tools as they extend beyond software detects to incorporate other easily vulnerabilities including mis-configurations (Rouse, 2010). The shareware assessment tools are accessible online and can be used to supplement commercial scanners. Framework of risk assessment * Step 1 – categorizing information and information systems. Here unique department traits are highlighted and assigned impact levels (high, medium or low) in line with the security FISMA’s security objectives (confidentiality, integrity and availability)...
Words: 3240 - Pages: 13
... About the Exam Candidates are encouraged to use this document to help prepare for CompTIA A+ 220-901. In order to receive the CompTIA A+ certification, you must pass two exams: 220-901 and 220-902. CompTIA A+ 220-901 measures the necessary skills for an entry-level IT professional. Successful candidates will have the knowledge required to: • Assemble components based on customer requirements • Install, configure and maintain devices, PCs and software for end users • Understand the basics of networking and security/forensics • Properly and safely diagnose, resolve and document common hardware and software issues • Apply troubleshooting skills • Provide appropriate customer support • Understand the basics of virtualization, desktop imaging and deployment These content examples are meant to clarify the test objectives and should not be construed as a comprehensive listing of all the content of this examination. EXAM ACCREDITATION CompTIA A+ is accredited by ANSI to show compliance with the ISO 17024 Standard and, as such, undergoes regular reviews and updates to the exam objectives. EXAM DEVELOPMENT CompTIA exams result from subject matter expert workshops and industry-wide survey results regarding the skills and knowledge required of an entry-level IT professional. CompTIA AUTHORIZED MATERIALS USE POLICY CompTIA Certifications, LLC is not affiliated with and does not authorize, endorse or condone utilizing any content provided by unauthorized third-party training...
Words: 4474 - Pages: 18
...13 1.2 Explain motherboard components, types and features Form Factor 9 ATX / BTX, 9 micro ATX 9 NLX 9 I/O interfaces 3, 18, 20, 22, 23, 25 Sound 3, 20 Video 3 1219 AppA.indd 1219 12/9/09 5:58:26 PM All-In-One / CompTIA Network+ All-in-One Exam Guide / Meyers & Jernigan / 170133-8 / Appendix A CompTIA A+Certification All-in-One Exam Guide 1220 Topic Chapter(s) USB 1.1 and 2.0 3, 18 Serial 3, 18 IEEE 1394 / Firewire 3, 18 Parallel 3, 22 NIC 3, 23 Modem 3, 25 PS/2 18 Memory slots 3, 6 RIMM 6 DIMM 3, 6 SODIMM 6 SIMM 6 Processor sockets 3, 5, 9 Bus architecture 5, 8 Bus slots 8, 9, 21 PCI 8, 9 AGP 8, 9 PCIe 8, 9 AMR 9 CNR 9 PCMCIA 21 PATA 11 IDE 11 EIDE 11 SATA, eSATA 3, 11 Contrast RAID (levels 0, 1, 5) 11, 12 Chipsets 5, 7, 9 BIOS / CMOS / Firmware 7 POST 7 CMOS battery 7 Riser card / daughterboard 9 1.3 Classify power supplies types and characteristics AC adapter ATX proprietary 10 Voltage, wattage and capacity AppA.indd 1220 10 10 12/9/09 5:58:26 PM All-In-One / CompTIA Network+...
Words: 4550 - Pages: 19
...only way to reach it is over the Internet or WAN connection. I do believe like we covered in class a lot of companies are now offering services over the Cloud. They prefer to have control over their product and prevent copyright infringement and piracy. Plus it’s very beneficial for a company to offer additional services when they already have you hooked. The “Holy Grail” of the internet has always been the ability of a Website to drive traffic toward it and maintain their presence for prolonged periods. But what about businesses, how do we drive business traffic toward our website? Yes a company can have a Facebook page or a twitter account but I don’t think many mangers want their employees surfing Facebook under the guise of social networking for the company. So what can we do to drive business traffic to a site and yet have employees be productive and most importantly charge them a fee? Enter; Cloud offerings but before we get into that let’s take a look at a little history. What made the cloud possible? You have to be a big player to offer cloud offering to millions of people simultaneously but more than just a backend sever with some useful software you also need infrastructure. This would not have been possible 10 years ago when the...
Words: 2200 - Pages: 9
