Addressing a New Business’s Compliance Responsibilities

Purpose 

This provides an opportunity for you to apply principles related to auditing to ensure information systems are in compliance with pertinent laws and regulations, as well as industry requirements. 

Don't use plagiarized sources. Get Your Custom Essay on
Addressing a New Business’s Compliance Responsibilities
Just from $13/Page
Order Essay

Required Source Information and Tools 

To complete the project, you will need the following: 

  1. Course textbook
     
  2. Access to the Internet to perform
     
    •   PCI Security Standards Council: https://www.pcisecuritystandards.org
       
    •   Important PCI Compliance Information for Merchants: http://www.pciassessment.org/pci-dss-framework/merchants
       
    •   COSO Internal Control—Integrated Framework Executive Summary (2013): http://www.coso.org/documents/990025P_Executive_Summary_final_may20_e.pdf
       
    •   COSO Internal Control—Integrated Framework PowerPoint (2013): http://www.coso.org/documents/COSOOutreachDeckMay2013.pptx
       
    •   COSO Internal Control—Integrated Framework (2013) whitepaper: http://www.kpmg.com/Ca/en/External%20Documents/Final-New-COSO-2013- Framework-WHITEPAPER-web.pdf
      Learning Objectives and Outcomes
      You will be able to:
       
  •   Explain the purpose of PCI DSS
     
  •   Analyze business factors that influence PCI DSS compliance
     
  •   Describe potential consequences of failing to demonstrate PCI DSS compliance
     
  •   Apply standards and frameworks to the development of information security internal control
    systems
     
  •   Analyze the use of information security controls within IT infrastructure domains
     

Web References: Links to Web references are subject to change without prior notice. These links were last verified on December 28, 2020. 

Page 1 

Project: Addressing a New Business’s Compliance Responsibilities 

Introduction 

Public and private sector companies are expected to comply with many laws and regulations as well as industry requirements to promote information security. Assessments and audits of the information technology (IT) environment help to ensure a company is in compliance. A successful information security professional must be able to assess a business’s needs, evaluate various standards and frameworks, and develop a customized, integrated internal control system that addresses the company’s compliance responsibilities. Furthermore, the professional must be able to communicate with various people—both inside and outside the organization—to facilitate awareness of how control activities mitigate weaknesses or potential losses that could compromise the company’s information security. 

Deliverables 

The project is divided into two parts. Details for each deliverable can be found in this document. Refer to the course syllabus for submission dates. 

 Project Part 1: PCI DSS Compliance Requirements
 Project Part 2: Design of an Integrated Internal Control System 

Page 2 

Project: Addressing a New Business’s Compliance Responsibilities 

Project Part 1: PCI DSS Compliance Requirements 

Scenario 

S&H Aquariums is a new online retailer that is about to begin selling aquariums and other items for aquarium hobbyists. In recent months, many companies have been featured in the news because of information security breaches that have exposed customers’ credit card data. S&H Aquariums’ management team is worried about the negative impact a potential breach could have on the company’s reputation and business standing. 

S&H Aquariums has hired you, an information systems security expert, to ensure that the company is prepared to accept credit card payments for purchases made through the company’s Web site. To kick off the planning phase, the board of directors would like you to write a report explaining what the company will need to do to minimize risks to sensitive data and comply with applicable laws and regulations, as well as industry standards. In preparation, you sit down with the company’s president and discuss the following details: 

  •   Per the company’s strategic plan, the expects to have between 20,000 and 1,000,000 credit card transactions during the first year of operations. However, the board would like to know what differences to anticipate as the volume of credit card transactions grows in the coming years.
     
  •   The company will initially accept payments made with MasterCard and Visa only, but it may decide to accept other credit cards in the future.
     
  •   The board of directors is discussing the possibility of opening a bricks-and-mortar store in the future, and the board would like to consider any compliance-related issues prior to making that decision.
     
  •   The board consists of professionals from a variety of fields. It is unlikely that any of the board members are familiar with complex information security concepts or with PCI DSS, the set of requirements that prescribes operational and technical controls to protect cardholder data.
    Tasks
     
  •   Review the information related to PCI DSS compliance provided in the course textbook and in the Internet resources listed for this project. Consider how this information relates to the description of S&H Aquariums provided in the scenario above.
     
  •   Write a report for S&H Aquariums’ board of directors. Include the following: o Introduction
     

o PCI DSS Overview
 Include a discussion of the six principles, twelve primary requirements, and the sub- 

requirements of PCI DSS. 

Page 3 

Project: Addressing a New Business’s Compliance Responsibilities 

o Rationale
 Explain why the company needs to address the PCI DSS and describe 

potential consequences if the company is not able to demonstrate compliance. o Immediate Considerations for PCI DSS Compliance 

 Analyze factors (including those introduced in the scenario above) that will influence S&H Aquariums’ immediate plans for PCI DSS compliance. Discuss payment brands (credit card companies), transaction volumes, merchant levels (i.e., 1 through 4), and types of reporting required in relation to S&H Aquariums’ business projections. 

o Future Considerations for PCI DSS Compliance
 Analyze contingencies that may influence PCI DSS compliance in the future. Address 

potential questions from the board, including but not limited to: 

  •   What would be expected of the company if credit card volume increases past
    1,000,000 transactions in future years?
     
  •   What should S&H Aquariums do to demonstrate PCI DSS compliance if it begins to
    accept American Express or Discover?
     
  •   How would opening a bricks-and-mortar store affect the company’s responsibilities
    for PCI DSS compliance? o Conclusion
    As a reminder, you may use the textbook for this course and the Internet to conduct research. You are encouraged to respond creatively, but you must cite credible sources to support your work.
    Submission Requirements
     
  •   Format:MicrosoftWord
     
  •   Font: Arial, 12-point, double-space
     
  •   Citation Style: APA (American Psychological Association) https://www.mendeley.com/guides/apa-citation-guide
     
  •   Length: 2–3 pages
    Self-Assessment Checklist
     
  •   I have created a report that uses a professional tone and includes correct terminology.
     
  •   In my report, I have described PCI DSS, provided a sound rationale for addressing PCI DSS
    compliance, and analyzed immediate and future considerations for PCI DSS compliance.
     
  •   I have conducted adequate independent research for this part of the project.
     

Page 4 

Project: Addressing a New Business’s Compliance Responsibilities 

Project Part 2: Design of an Integrated Internal Control System 

Scenario 

S&H Aquariums’ board of directors reviewed the report you submitted on PCI DSS compliance (in Project Part 1), and they were grateful for the background and analysis you provided. After discussing the information, they realized that PCI DSS compliance is but one aspect of the overarching information security system needed to launch and sustain the new business. 

The board would like to understand the bigger picture of how you will develop the control system needed to protect credit card data and document compliance with the PCI DSS requirements. You know this will be a rather complex process. You are planning to use a combination of frameworks and standards to guide the development of the control system. Furthermore, you are making it a priority to design an integrated system so the company can efficiently prepare for multiple types of audits, not just those related to PCI DSS compliance. 

After explaining to the board that, realistically, you and your team will need much more time to research, discuss, plan, and implement the company’s control system, you agree to write a report that highlights some of the key principles and procedures involved in this undertaking. 

Tasks 

  •   Review information about the following frameworks or standards introduced in the textbook: COSO, COBIT, SOC, ISO, and NIST. Consider how you may use some or all of these frameworks/standards to guide the creation of an internal control system at S&H Aquariums. Note the similarities or overlaps among each set of frameworks/standards, as well as the differences.
     
  •   Using the Internet resources listed for this project, examine the specifics of the COSO framework, which outlines five components of internal control and 17 principles.
     
  •   Create a table or other visual aid to map the 17 principles of COSO to the 12 primary PCI DSS requirements. Use your table or visual aid to assess how specific elements of COSO and PCI DSS correspond with one another, as this will inform forthcoming decisions about which controls S&H Aquariums should implement.
     
  •   Write a report for the board of directors. Include the following: o Introduction
     

o Plan for Developing an Integrated Internal Control System 

  •   Explain how and why you will use multiple frameworks and standards to guide your
    development of this control system.
     
  •   Explain how you will ensure the control system can be used to demonstrate PCI DSS and
     

other forms of compliance. 

Page 5 

Project: Addressing a New Business’s Compliance Responsibilities 

o Table (or Visual Aid) Showing COSO – PCI DSS Alignment
 In addition, explain how creating this table/visual aid—as well as other, more complex 

tables with multiple standards/frameworks—would be useful for designing an integrated 

internal control system. o Conclusion 

As a reminder, you may use the textbook for this course and the Internet to conduct research. You are encouraged to respond creatively, but you must cite credible sources to support your work. 

Submission Requirements 

  •   Format:MicrosoftWord
     
  •   Font: Arial, 12-point, double-space
     
  •   Citation Style: APA (American Psychological Association) https://www.mendeley.com/guides/apa-citation-guide
     
  •   Length: 2-3 pages
    Self-Assessment Checklist
     
  •   I have created a report that uses a professional tone and includes correct terminology.
     
  •   In my report, I have explained how and why I would use a combination of standards/frameworks
    to guide the development of an integrated internal control system, and explained how I would
    ensure the control system could be used to demonstrate multiple forms of compliance.
     
  •   In my report, I have included a table or visual aid that shows alignment of COSO and PCI DSS,
    and I have explained how this would be useful for designing an integrated internal control system.
     
  •   I have conducted adequate independent research for this part of the project.

What Will You Get?

We provide professional writing services to help you score straight A’s by submitting custom written assignments that mirror your guidelines.

Premium Quality

Get result-oriented writing and never worry about grades anymore. We follow the highest quality standards to make sure that you get perfect assignments.

Experienced Writers

Our writers have experience in dealing with papers of every educational level. You can surely rely on the expertise of our qualified professionals.

On-Time Delivery

Your deadline is our threshold for success and we take it very seriously. We make sure you receive your papers before your predefined time.

24/7 Customer Support

Someone from our customer support team is always here to respond to your questions. So, hit us up if you have got any ambiguity or concern.

Complete Confidentiality

Sit back and relax while we help you out with writing your papers. We have an ultimate policy for keeping your personal and order-related details a secret.

Authentic Sources

We assure you that your document will be thoroughly checked for plagiarism and grammatical errors as we use highly authentic and licit sources.

Moneyback Guarantee

Still reluctant about placing an order? Our 100% Moneyback Guarantee backs you up on rare occasions where you aren’t satisfied with the writing.

Order Tracking

You don’t have to wait for an update for hours; you can track the progress of your order any time you want. We share the status after each step.

image

Areas of Expertise

Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.

Areas of Expertise

Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.

image

Trusted Partner of 9650+ Students for Writing

From brainstorming your paper's outline to perfecting its grammar, we perform every step carefully to make your paper worthy of A grade.

Preferred Writer

Hire your preferred writer anytime. Simply specify if you want your preferred expert to write your paper and we’ll make that happen.

Grammar Check Report

Get an elaborate and authentic grammar check report with your work to have the grammar goodness sealed in your document.

One Page Summary

You can purchase this feature if you want our writers to sum up your paper in the form of a concise and well-articulated summary.

Plagiarism Report

You don’t have to worry about plagiarism anymore. Get a plagiarism report to certify the uniqueness of your work.

Free Features $66FREE

  • Most Qualified Writer $10FREE
  • Plagiarism Scan Report $10FREE
  • Unlimited Revisions $08FREE
  • Paper Formatting $05FREE
  • Cover Page $05FREE
  • Referencing & Bibliography $10FREE
  • Dedicated User Area $08FREE
  • 24/7 Order Tracking $05FREE
  • Periodic Email Alerts $05FREE
image

Our Services

Join us for the best experience while seeking writing assistance in your college life. A good grade is all you need to boost up your academic excellence and we are all about it.

  • On-time Delivery
  • 24/7 Order Tracking
  • Access to Authentic Sources
Academic Writing

We create perfect papers according to the guidelines.

Professional Editing

We seamlessly edit out errors from your papers.

Thorough Proofreading

We thoroughly read your final draft to identify errors.

image

Delegate Your Challenging Writing Tasks to Experienced Professionals

Work with ultimate peace of mind because we ensure that your academic work is our responsibility and your grades are a top concern for us!

Check Out Our Sample Work

Dedication. Quality. Commitment. Punctuality

It May Not Be Much, but It’s Honest Work!

Here is what we have achieved so far. These numbers are evidence that we go the extra mile to make your college journey successful.

0+

Happy Clients

0+

Words Written This Week

0+

Ongoing Orders

0%

Customer Satisfaction Rate
image

Process as Fine as Brewed Coffee

We have the most intuitive and minimalistic process so that you can easily place an order. Just follow a few steps to unlock success.

See How We Helped 9000+ Students Achieve Success

image

We Analyze Your Problem and Offer Customized Writing

We understand your guidelines first before delivering any writing service. You can discuss your writing needs and we will have them evaluated by our dedicated team.

  • Clear elicitation of your requirements.
  • Customized writing as per your needs.

We Mirror Your Guidelines to Deliver Quality Services

We write your papers in a standardized way. We complete your work in such a way that it turns out to be a perfect description of your guidelines.

  • Proactive analysis of your writing.
  • Active communication to understand requirements.
image
image

We Handle Your Writing Tasks to Ensure Excellent Grades

We promise you excellent grades and academic excellence that you always longed for. Our writers stay in touch with you via email.

  • Thorough research and analysis for every order.
  • Deliverance of reliable writing service to improve your grades.
Place an Order Start Chat Now
image