Security and Development

Sarah Viele

Case Study 5

When working for a multi-international corporation, security needs to be one of the top most concern. There could be a number of security breaches that happen but employees need to be trained on how to handle different situations. One big security breach could be when credit card information is compromised and another situation where people on the inside steal information that they don’t have access to. There could be different ways to implement a risk management policy that would address these two concerns.

There are a few different ways that companies can make sure credit card information stays secure such as using only approved equipment, software, and service providers. Companies should never store any personal data such as electronic track data and card security number. If companies should store credit card data than it needs to be encrypted when it’s a computer and stored under lock and key if paper. When using any equipment or software dealing with credit card information, companies need to make sure that the equipment and software is PCI compliant, if it’s not PCI compliant then it shouldn’t be used. When using service providers make sure they are all tested out and also are PCI compliant. While making sure everything is PCI compliant it will be harder for people to hack into the system and get personal credit card information for different people. Card security numbers are not allowed to be stored in any type of format. After the transaction is processed, if stored electronically the security number needs to be wiped from the computer and if stored on paper the security number needs to blacked out so nobody can ever obtain that information. When a company has to keep credit card information then the company needs to make sure that the information is encrypted using a “robust encryption algorithm”. There are companies whose soul job is to make sure that the company with the credit card information can only access it...