Expert answer:Paper on Payment Standards

  

Solved by verified expert:You are requested to write a paper on PCI DSS to discuss the following:- What is PCI DSS- Importance of PCI DSS, hence, charts and graphs of growth and transactions. – Security risk for non compliance- Challenges of PCI DSSIncluded some references to help in the subject, please feel free to add extra but related contest to the above.The project deliverable has to meet the template standard in the attached file called (Project Template) with total pages not to exceed 7 inclusive of reference. in addition to ppt presentation that summerizes the content with headlines, charts and graphs.
project_template.docx

ch9.pdf

Don't use plagiarized sources. Get Your Custom Essay on
Expert answer:Paper on Payment Standards
Just from $10/Page
Order Essay

cost_of_non_compliance_with_pci_dss.pdf

security_and_payment_card_industry_regulation.pdf

tackling_pci_challenges.pdf

Unformatted Attachment Preview

Type the title of your article, only capitalize first word and proper nouns
First-name Surname1*, Second-name Surname2 and Third-name Surname3
Affiliation 1, Email address, University, City, Country
Affiliation 1, Email address, University, City, Country
3
Affiliation 1, Email address, University, City, Country
1
2
*Corresponding Author
ABSTRACT
An Abstract is required for every article; it should succinctly summarize the reason for the work, the main findings, and the
conclusions of the study. The abstract should be no longer than 250 words. Do not include artwork, tables, elaborate equations or
references to other parts of the article or to the reference listing at the end. The reason is that the Abstract should be
understandable in itself to be suitable for storage in textual information retrieval systems.
Keywords: Keyword_1; Keyword_2; Keyword_3; Keyword_4; Keyword_5
1. Introduction
We believe a template should help you, not hinder you, in
authoring your article. It should follow you in how you want
to write your article, not force you to fill in bits and pieces of
text. It should allow you to type any text, copy from previous
versions, or load an already existing plain text to be
formatted. You will therefore find no fill-in screens; you will
not need to remember shortcut keys, to use lists of styles,
bother about alignment, indents, fonts and point sizes. Just a
mouse-click at one of the menu options will give you the style
that you want.
The objective of this template is to enable you in an easy
way to style your article attractively. It should be emphasized,
however, that the final appearance of your article in print and
in electronic media will very likely vary to greater or lesser
extent from the presentation achieved in this Word®
document.
2.1. Article Size
The Manuscript should be prepared in English language by
using MS Word. Article can be up to 7 pages inclusive
references and abstract.
Supply some 3–5 keywords, separated with semicolons,
e.g., Azomethine ylide; Claisen rearrangement; Diels-Alder
cycloaddition; Enantioselective catalysis; Ionic liquid;
Metathesis; Microwave-assisted synthesis.
3. The main text
You will usually want to divide your article into
(numbered) sections. Headings should reflect the relative
importance of the sections. Your article can go beyond 4th
order heading.
Ensure that all tables, figures and schemes are cited in the
text in numerical order. Trade names should have an initial
capital letter, and trademark protection should be
acknowledged in the standard fashion, using the superscripted
characters for trademarks and registered trademarks
respectively. All measurements and data should be given in SI
(System International) units where possible, or other
internationally accepted units. Abbreviations should be used
consistently throughout the text, and all nonstandard
abbreviations should be defined on first usage. The
experimental information should be as concise as possible,
while containing all the information necessary to guarantee
reproducibility.
2. The first page
Naturally, your article should start with a concise and
informative title. Do not use abbreviations in title. Next, list
all authors with their first names or initials and surnames (in
that order). Indicate the author for correspondence. After
having listed all authors’ names, you should list their
respective affiliations. Link authors and affiliations using
superscript lower-case letters from the ‘Author Footnote
Symbols’ menu in the toolbar.
1
Figure 1. (a) Fairness index, (b) Average Fairness Index
Table 1. Table, version 1
Parameter
Slot time
ACK size
RTS size
CTS size
Data packet size
DIFS interval
SIFS interval
CWmin
CWmax
Bandwidth
Transport protocol
Value
20 μs
20 bytes
25 bytes
20 bytes
1000 bytes
40 μs
10 μs
31
1023
2 Mbps
UDP
Parameter
Slot time
ACK size
RTS size
CTS size
Data packet size
DIFS interval
SIFS interval
CWmin
CWmax
Bandwidth
Transport protocol
Value
20 μs
20 bytes
25 bytes
20 bytes
1000 bytes
40 μs
10 μs
31
1023
2 Mbps
UDP
3.1. Tables, figures and schemes
All citations of figure and tables in text must be in
numerical order. Citations to figures in text always carry the
word “Figure.”, “Table.” followed by the figure/table number.
You can choose to display figure/table through one column
(see Table 1, Figure 1) or across the page (see Table 2, Figure
2). Remember that we will always also need high-resolution
versions of your figures for printing in (i.e. TIFF) format.
Table 2. Table, version 2
Parameter
Slot time
ACK size
RTS size
CTS size
Data packet size
DIFS interval
Bandwidth
Transport protocol
Figure 2. Overload on GV and IV vehicles
Value
20 μs
20 bytes
25 bytes
20 bytes
1000 bytes
40 μs
2 Mbps
UDP
3.2. Lists
For tabular summations that do not deserve to be presented
as a table, lists are often used. Lists may be either numbered
or bulleted. Below you see examples of both.
1. The first entry in the list
2. The second entry
3. A subentry
4. The last entry


2
A bulleted list item
Another one
[4]
You can use the Bullets and Numbering options in the
‘Formatting’ toolbar of Word® to create lists. Note that you
should first block the whole list. A sublisting is coded using
the ‘Increase Indent’ (go to a sublevel of numbering) and
‘Decrease Indent’ (go to a higher level of numbering) buttons.
Basic format for journals:
[5] J. K. Author, “Name of article,” Abbrev. Title of Periodical, vol. x, no.
x, pp. xxx-xxx, Abbrev. Month, year.
Examples:
[6] J. U. Duncombe, “Infrared navigation—Part I: An assessment
of feasibility,” IEEE Trans. Electron Devices, vol. ED-11, no. 1, pp.
34–39, Jan. 1959.
[7] E. P. Wigner, “Theory of traveling-wave optical laser,” Phys. Rev.,
vol. 134, pp. A635–A646, Dec. 1965.
[8] E. H. Miller, “A note on reflector arrays,” IEEE Trans. Antennas
Propagat., to be published.
3.3. Equations
Equations within an article are numbered consecutively
from the beginning of the article to the end. All variables are
italic. (e.g., x, y, n). Function names and abbreviations are
Roman (sin, cos, sinc, sinh), as are units or unit abbreviations
(e.g., deg, Hz,) complete words (e.g., in, out), and
abbreviations of words (e.g., max, min), or acronyms (e.g.,
SNR).
You can type your equations and use the symbols in the
Word® equation editor or in MathType™. Using the ‘Insert
Equation’ option, you can create equations in the Word®
equation editor, or if the MathType™ equation editor is
installed on your computer.
    (empir,1.388Å) (theor,1.388Å) 
  (theor) cos 
W.-K. Chen, Linear Networks and Systems. Belmont, CA:
Wadsworth, 1993, pp. 123–135.
Basic format for reports:
[9] J. K. Author, “Title of report,” Abbrev. Name of Co., City of Co.,
Abbrev. State, Rep. xxx, year.
Examples:
[10] E. E. Reber, R. L. Michell, and C. J. Carter, “Oxygen absorption in the
earth’s atmosphere,” Aerospace Corp., Los Angeles, CA, Tech. Rep.
TR-0200 (4230-46)-3, Nov. 1988.
[11] J. H. Davis and J. R. Cogdell, “Calibration program for the 16-foot
antenna,” Elect. Eng. Res. Lab., Univ. Texas, Austin, Tech. Memo.
NGL-006-69-3, Nov. 15, 1987.
Basic format for handbooks:
[12] Name of Manual/Handbook, x ed., Abbrev. Name of Co., City of Co.,
Abbrev. State, year, pp. xxx-xxx.
Examples:
[13] Transmission Systems for Communications, 3rd ed., Western Electric
Co., Winston-Salem, NC, 1985, pp. 44–60.
[14] Motorola Semiconductor Data Manual, Motorola Semiconductor
Products Inc., Phoenix, AZ, 1989.
(1)
Acknowledgments
Acknowledgments should be inserted at the end of the article,
before the references. When citing names within the
Acknowledgment, do not use Mr., Mrs., Ms., or Miss. List
first initial and last name only. Use the Dr. or Prof. title with
each name separately; do not use plural Drs. or Profs. with
lists of names.
Basic format for books (when available online):
[15] Author. (year, month day). Title. (edition) [Type of medium].
volume (issue). Available: site/path/file
Example:
[16] J. Jones. (1991, May 10). Networks. (2nd ed.) [Online]. Available:
http://www.atm.com
References
Basic format for journals (when available online):
[17] Author. (year, month). Title. Journal. [Type of medium]. volume
(issue), pages. Available: site/path/file
Example:
[18] R. J. Vidmar. (1992, Aug.). On the use of atmospheric plasmas as
electromagnetic reflectors. IEEE Trans. Plasma Sci. [Online].
21(3),
pp.
876–880.
Available:
http://www.halcyon.com/pub/journals/21ps03-vidmar
The journal uses the IEEE Template for references
formatting. References in the text should be indicated by
Arabic numerals that run consecutively through the article and
appear inside punctuation.
Authors should ensure that all references are cited in the
text and vice versa. Authors are expected to check the original
source reference for accuracy. See examples shown in the
References section. In text, refer simply to the reference
number. Do not use “Ref.”, “reference” or “Reference [3]
shows ….” use as demonstrated in [3], according to [4] and [69]. Please do not use automatic endnotes in Word, rather, type
the reference list at the end of the article using the
“References” style. The authors encourage using the
“EndNote” software to format and insert the references into
the article (http://endnote.com/). IEEE EndNote template can
be
downloaded
from
(http://endnote.com/downloads/template/ieee). Below is the
references formatting:
Basic format for articles presented at conferences (when available online):
[19] Author. (year, month). Title. Presented at Conference title. [Type
of Medium]. Available: site/path/file
Example:
[20] PROCESS Corp., MA. Intranets: Internet technologies deployed
behind the firewall for corporate productivity. Presented at
INET96
Annual
Meeting.
[Online].
Available:
http://home.process.com/Intranets/wp2.htp
Basic format for reports and handbooks (when available online):
[21] Author. (year, month). Title. Comp an y . C ity, State or
Country. [Type of Medium].Available: site/path/file
Example:
[22] S . L . T a l l e e n . ( 1 9 9 6 , A p r . ) . T h e I n t r a n e t A r c h i te c tu r e : M a n a g i n g i n f o r m a t i o n i n t h e n e w paradigm.
Amdahl
Corp.,
CA.
[Online].
Available:
http://www.amdahl.com/doc/products/bsg/intra/infra/html
Basic format for computer programs and electronic documents (when
available online).
Example:
[23] A. Harriman. (1993, June). Compendium of genealogical
software.
Humanist.
[Online].
Available
e-mail:
HUMANIST@NYVM.ORG Message: get GENEALOGY REPORT
Basic format for books:
[1] J. K. Author, “Title of chapter in the book,” in Title of His Published
Book, xth ed. City of Publisher, Country if not
[2] USA: Abbrev. of Publisher, year, ch. x, sec. x, pp. xxx–xxx.
Examples:
[3] G. O. Young, “Synthetic structure of industrial plastics,” in Plastics,
2nd ed., vol. 3, J. Peters, Ed. New York: McGraw-Hill, 1964,
pp. 15–64.
Basic format for patents (when available online):
3
[24] Name of the invention, by inventor’s name. (year, month day). Patent
Number [Type of medium]. Available: site/path/file
Example:
[25] Musical toothbrush with adjustable neck and mirror, by L.M.R. Brooks.
(1992, May 19). Patent D 326 189
[Online]. Available: NEXIS Library: LEXPAT File: DESIGN
Basic format for conference proceedings (published):
[26] J. K. Author, “Title of article,” in Abbreviated Name of Conf., City of
Conf., Abbrev. State (if given), year, pp. xxxxxx.
Example:
[27] D. B. Payne and J. R. Stern, “Wavelength-switched pas- sively coupled
single-mode optical network,” in Proc. IOOC-ECOC, 1985,
pp. 585–590.
Example for articles presented at conferences (unpublished):
[28] D. Ebehard and E. Voges, “Digital single sideband detection for
interferometric sensors,” presented at the 2nd Int. Conf. Optical Fiber
Sensors, Stuttgart, Germany, Jan. 2-5, 1984.
Basic format for patents:
[29] J. K. Author, “Title of patent,” U.S. Patent x xxx xxx, Abbrev. Month,
day, year.
Example:
[30] G. Brandli and M. Dick, “Alternating current fed power supply,”
U.S. Patent 4 084 217, Nov. 4, 1978.
Basic format for theses (M.S.) and dissertations (Ph.D.):
[31] J. K. Author, “Title of thesis,” M.S. thesis, Abbrev. Dept., Abbrev.
Univ., City of Univ., Abbrev. State, year.
[32] J. K. Author, “Title of dissertation,” Ph.D. dissertation, Abbrev. Dept.,
Abbrev. Univ., City of Univ., Abbrev. State, year.
Examples:
[33] J. O. Williams, “Narrow-band analyzer,” Ph.D. dissertation, Dept. Elect.
Eng., Harvard Univ., Cambridge, MA, 1993.
[34] N. Kawasaki, “Parametric study of thermal and chemical
nonequilibrium nozzle flow,” M.S. thesis, Dept. Electron. Eng., Osaka
Univ., Osaka, Japan, 1993.
Basic format for the most common types of unpublished references:
[35] J. K. Author, private communication, Abbrev. Month, year.
[36] J. K. Author, “Title of article,” unpublished.
[37] J. K. Author, “Title of article,” to be published.
Examples:
[38] A. Harrison, private communication, May 1995.
[39] B. Smith, “An approach to graphs of linear forms,” unpublished.
[40] A. Brahms, “Representation error for real numbers in binary computer
arithmetic,” IEEE Computer Group Repository, Article R-67-85.
Basic format for standards:
[41] Title of Standard, Standard number, date.
Examples:
[42] IEEE Criteria for Class IE Electric Systems, IEEE Standard 308, 1969.
[43] Letter Symbols for Quantities, ANSI Standard Y10.5-1968.
4
PCI DATA SECURITY
Counting the cost of
non-compliance with PCI DSS
Robert Kidd, general manager EMEA, Tripwire
With penalties ranging from fines to the ultimate sanction of issuers removing the right to accept cards, organisations across every vertical market are now
aware of the business risk linked to non-compliance with the Payment Card
Industry Data Security Standard (PCI DSS). Add in the negative publicity associated with a breach in credit card security, and failure to address PCI requirements could become a business-threatening oversight.
Serious misconceptions still exist, however, about the processes required to
achieve compliance. Many organisations
are under the misapprehension that
compliance requires little more than
completing the PCI DSS self-assessment
questionnaire. This is far from the truth.
In reality this questionnaire – which has
to be completed quarterly – has been
designed to simplify reporting, not compliance.
Many organisations blithely believe
they have achieved compliance after
having followed the processes laid out
in the questionnaire. Yet the questionnaire makes no mention of, for example,
encryption key management, to which
ten sub-requirements are dedicated in
Section 3 of the PCI DSS. An organisation may well ignore these key management requirements if it is basing its
compliance activity on the questionnaire,
only to face an uncomfortable reality
if and when a compromise occurs, and
when an assessor turns up to conduct an
audit.
Newer versions of the questionnaire
have been released that follow the PCI
standard more closely. Nonetheless, this
questionnaire is a supporting document
of the standard and it does not, in any
way, drive compliance requirements.
Second time around
The arrival of the PCI assessor is now
creating significant issues for even those
organisations that achieved compliance
November 2008
first time around. These organisations
are discovering that during re-compliance assessors are looking for in-depth
validation of processes and policies.
While initial compliance required organisations to demonstrate the existence of
appropriate policies and procedures, the
need one year on is for a detailed audit
trail to provide evidence that all policies
and procedures have been diligently followed. Companies often get caught out
and have to pay out during the second
audit.
In addition, this evidence is becoming an area of major corporate pain.
Although credit card associations themselves are unwilling to provide information on non-compliance, there is
growing anecdotal evidence that many
previously compliant organisations are
struggling with the re-compliance process. These organisations are spending
months to painstakingly collect and collate key audit trail information in order
to demonstrate that the right processes
have been followed – time and resources
that few can afford in the current economic and regulatory climate.
“The arrival of the PCI
assessor is now creating
significant issues for even
those organisations that
achieved compliance first
time around”
More worryingly for these organisations, there is also a growing awareness
– and associated fear – that achieving
annual compliance is not enough. As
Hannaford grocery chain in North
America recently discovered, PCI DSS
compliance is no guarantee against
system compromise. An estimated four
million of its customers’ credit card and
debit card records were accessed just
months after the company passed its
PCI DSS audit.
The problem is that system changes
can very quickly take an organisation
out of its compliant state and create
security vulnerability. Without continuous system monitoring it is impossible
for an organisation to keep track of its
compliance status between audits.
Yet, with growing pressure across every
market to improve the management
of customer information, compliance
with PCI DSS is becoming increasingly
important. How can organisations manage this key compliance requirement
without needing excessive resources or
facing the continual fear of slipping out
of a state of compliance as a result of
system change?
Simplified process
Validating compliance can be fundamentally simplified through two basic
steps. The first step to achieving compliance is to assess the current infrastructure stack’s level of compliance
with the elements of the PCI DSS. This
assessment will either confirm compliance or provide a gap analysis, highlighting current areas of potential risk
and enabling organisations to effectively
allocate resources.
Once these issues have been addressed
to achieve a known and trusted compliant state the organisation can put in
Computer Fraud & Security
13
RBAC
place system infrastructure monitoring
with change auditing to ensure compliance is sustained. Changes are assessed,
both against those logged in the change
management database and the compliance requirements, and IT staff are
immediately alerted to any unauthorised
changes. This not only raises an alert if
the organisation slips out of compliance
but also ensures that potential security
weaknesses are flagged before a customer
data compromise can occur.
To date the PCI DSS assessors have
not mandated this level of continuous monitoring to ensure year-round
compliance but there is a growing
awareness that such activity is key to
sustaining compliance and minimising
business risk.
Broad appeal
Behind closed doors, 2007 saw a record
level of fines issued for non-compliance
and data breaches. Companies are struggling to collate information in order
to demonstrate a robust audit trail of
PCI DSS-compliant processes and still
maintain compliance between audits.
Without automation through continuous monitoring and reporting, the
process is both resource intensive and
potentially valueless. Why spend months
achieving PCI DSS compliance only to
slip out of compliance within weeks of
achieving it, due to a system change?
Organisations within the insurance,
financial services, and hospitality industries that are increasingly looking to
achieve PCI DSS compliance in order to
protect customer information would do
well to look at the experiences of retail
organisations that have embarked upon
compliance and re-compliance activity in
recent months. It is possible to simplify
and automate the compliance process but
failure to understand the true compliance
requirements and continually monitor for
non- …
Purchase answer to see full
attachment

Place your order
(550 words)

Approximate price: $22

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more

Order your essay today and save 30% with the discount code ESSAYSHELP