Assignment 9 — Cyberlaw and Data Privacy

Order Description
Assume that you are the Director of Data Security for a new internet service provider (ISP Inc.) that plans to provide web hosting services to ecommerce companies that accept customer credit card information online. ISP Inc. must receive PCI Compliance because credit card information will be transmitted through its networks.

1. Review the PCI Data Security Standards Quick Reference Guide (attached):

2. Fill out the PCI Data Security Standards Attestation of Compliance for Services Providers (attached)

As noted in the instructor’s comments throughout the form in red, students should only complete Part 4 (the last page) of the form.
In filling out Part 4, assume that ISP Inc. was not compliant with any of the 12 PCI Data Security Requirements.
For each of the 12 PCI Requirements, list “remediation actions” that the PCI Council may consider a step in the right direction toward partial or full compliance with the requirement (based on information in the Quick Reference Guide).

For more information on the PCI Council, if interested, please visit www.pcisecuritystandards.org