Assignment Instructions
Part 1: Major Events Documentation
Scenario: You visit a retail establishment, shop around, and finally carry several products to
one of the point of sale (POS) terminals distributed openly around the store. You produce a
credit card, the salesclerk processes the transaction, bags your goods, and hands you the
receipt. On your way to the exit, a store employee asks to see your receipt and checks the
contents of the store bag. Document each of the major events just described and explain
them in terms of the PCI compliance standard. Include this report in your assignment.
Part 2: PCI Compliance
This part of the assignment will cover PCI. Please refer to Figure B1 in your responses.
Respond to and address the following in essay style:
- Suppose HGA’s mainframe, depicted in Figure B-1, stored cardholder data in the
private databases. What steps should be taken to protect that data in order to be PCI
compliant? - HGA’s mainframe has network connectivity. Assuming that cardholder data is
transmitted across these networks, describe how data should be protected in
transmission. - Users are located at various sites connected to the HGA network. Suggest
appropriate access controls to restrict unauthorized users from looking at cardholder
data. - The PCI specification notes that all systems and network devices connected to a
system that stores, transmits, or processes cardholder data is in scope and must
comply with PCI specifications. To avoid having the whole network subject to PCI
specifications, how would you segment the network to reduce the scope of
compliance?
Assignment Requirements:
Submit your assignment in the usual double-spaced APA-styled report. At least four pages
of material are expected beyond the title page, table of contents, abstract, and references
page.
Answers contain sufficient information to adequately answer the questions
No spelling errors
No grammar errors
*Two points will be deducted from grade for each occurrence of not meeting these
requirements.