Go over the Spark Project Group doc and Spark Topology thoroughly; then write a one page summary of the following bullet points while addressing each of the needed suggestions below (#1-5)

-Restrict access to cardholder data by business need to know

1. Identify security-related threats to the organization.
2. Identify vulnerabilities within the organization’s architecture.
3. Identify threat/vulnerability pairs to determine threat actions that could pose risks to the organization.
4. Estimate the likelihood of occurrence and the potential negative impact for each threat action.
5. Justify your reasoning for each identified threat highlighting qualitative and quantitative data.

-Identify and authenticate access to system components

1. Identify security-related threats to the organization.
2. Identify vulnerabilities within the organization’s architecture.
3. Identify threat/vulnerability pairs to determine threat actions that could pose risks to the organization.
4. Estimate the likelihood of occurrence and the potential negative impact for each threat action.
5. Justify your reasoning for each identified threat highlighting qualitative and quantitative data.

-Restrict physical access to cardholder data

1. Identify security-related threats to the organization.
2. Identify vulnerabilities within the organization’s architecture.
3. Identify threat/vulnerability pairs to determine threat actions that could pose risks to the organization.
4. Estimate the likelihood of occurrence and the potential negative impact for each threat action.
5. Justify your reasoning for each identified threat highlighting qualitative and quantitative data.

***Use the PCI_DSS PDF for reference to construct summary***

Leave a Comment

Your email address will not be published. Required fields are marked *