Information Security

2693 Words11 Pages
Introduction
The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.
Elements of Compliance
PCI DSS
As established by PCI DSS, our company needs to include different aspects to securely handle and store credit cards information. From the perspective of the Information Security Analyst we must to consider the following points:
Build and maintain a secure Network which means apply security countermeasures to prevent a disruptive event or security incident. Never use vendors supplied defaults, such as default passwords and configurations. It is necessary to set up all requirements in order to protect Stored Card data. All data flow has to be encrypted by integrating the system to a PKI (Public Key Infrastructure). First World Bank needs to use Antivirus Softwares to protect the FWB network users and prevent Virus replication. It is crucial to develop and maintain secure systems and applications (PCI-DSS). FWB needs to restrict access to cardholder information. As part of the security policies a unique ID will be assigned to each user through the FWB Domain. All areas where card holder information is stored must reg...

... middle of paper ...

...departments makes it easier to keep a more secure network. Third ACL Layer is focus on allowing and denying access between hosts on networks. ACLs are written on both routers and firewalls. The key on creating strong ACLs is to concentrate on both ingress and egress ACLs.

Works Cited
Bind9. Bind9. 2012. http://www.bind9.net/.
GLBA. GLBA. March 2013. http://business.ftc.gov/privacy-and-security/gramm-leach-bliley-act.
National Institute of Standars and Technology. http://csrc.nist.gov/publications/nistpubs/800-128/sp800-128.pdf. n.d.
PCI Compliance Guide. Guide to PCI Data Security Standards. 2013. http://www.pcicomplianceguide.org/aboutpcicompliance.php.
SANS Institute. SANS Institute. 2003. http://www.sans.org/reading-room/whitepapers/threats/define-responsible-disclosure-932 (accessed 2013).
SQUID. 2013. www.squid-cache.org.
Zabbix. 2014. http://www.zabbix.com/.

More about Information Security

Open Document