Lab #3 – Assessment Worksheet
Case Study on PCI DSS Noncompliance: CardSystems Solutions
Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________
Instructor Name: ______________________________________________________________
Lab Due Date: ________________________________________________________________
In this lab, you reviewed a real-world case study that involved a PCI DSS noncompliance
scenario, and you recommended mitigation remedies to prevent the loss of private data for
Lab Assessment Questions & Answers
1. Did CardSystems Solutions break any federal or state laws?
2. In June 2004, an external auditor certified CardSystems Solutions as Payment Card Industry Data
Security Standard-(PCI DSS-) compliant. What is your assessment of the auditor’s findings?
3. Can CardSystems Solutions sue the auditor for not performing his or her tasks and deliverables
with accuracy? Do you recommend that CardSystems Solutions pursue this avenue?
4. Who do you think is negligent in this case study and why?
5. Do the actions of CardSystems Solutions warrant an “unfair trade practice” designation as stated
by the Federal Trade Commission (FTC)?
26| LAB #3 Case Study on PCI DSS Noncompliance: CardSystems Solutions
6. What security policies do you recommend to help with monitoring, enforcing, and ensuring PCI
7. What security controls and security countermeasures do you recommend for CardSystems
Solutions to be in compliance with PCI DSS requirements?
8. What was the end result of the attack and security breach to CardSystems Solutions and its
9. What are the possible consequences associated with the data loss?
10. Who do you think is ultimately responsible for CardSystems Solutions’ lack of PCI DSS
11. What should CardSystems Solutions have done to mitigate possible SQL injections and data
breaches on its credit card transaction-processing engine?
12. True or false: Although CardSystems Solutions had proper security controls and security
countermeasures, it was not 100 percent PCI DSS-compliant because the company failed to
properly implement ongoing monitoring and testing on its development and production systems.
We value our customers and so we ensure that what we do is 100% original..
With us you are guaranteed of quality work done by our qualified experts.Your information and everything that you do with us is kept completely confidential.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
The Product ordered is guaranteed to be original. Orders are checked by the most advanced anti-plagiarism software in the market to assure that the Product is 100% original. The Company has a zero tolerance policy for plagiarism.Read more
The Free Revision policy is a courtesy service that the Company provides to help ensure Customer’s total satisfaction with the completed Order. To receive free revision the Company requires that the Customer provide the request within fourteen (14) days from the first completion date and within a period of thirty (30) days for dissertations.Read more
The Company is committed to protect the privacy of the Customer and it will never resell or share any of Customer’s personal information, including credit card data, with any third party. All the online transactions are processed through the secure and reliable online payment systems.Read more
By placing an order with us, you agree to the service we provide. We will endear to do all that it takes to deliver a comprehensive paper as per your requirements. We also count on your cooperation to ensure that we deliver on this mandate.Read more