Task – A Small Business Security Project
Task:
Your part of developing the solution is to produce a report on the underlying information and security technologies – systems and networks, – other aspects, and their compliance with PCIDSS, CIS CSCs best practices, and GDPR.
This will then feed back into a larger study, including costings, that GFS will produce internally to be used to further pursue the business opportunity.
Complete a report that comprises the following parts:
1. Design Outline (20%)
Assessment Brief 4
2. Threat (10%)
3. Compliance with PCI-DSS Requirements (30%)
4. CIS Critical Security Controls (v8) (20%)
5. Compliance with GDPR (10%)
6. Conclusions and Recommendations (10%)
Each part may have subsections, which should be suitably named. Numbering of sections and subsections is encouraged for better navigation and in-document referencing.
Do not repeat. Use forward and backward references within your document where appropriate to indicate where related matters are covered.
Consider throughout, best practices relating to:
– Intrusion Detection and Prevention, including firewalls
– Access Control and Management
– Security in transit and in storage
– Backups and Business Continuity planning
– Key management and access
…this list is not exhaustive.
Design Outline (20%)
Design and architect a payment system for GFS to cover the 3 sites.
List and detail the technologies and solutions that you would choose.
Present a logical connectivity/network diagram that covers the 3 sites and detail how it would operate. More than one diagram might be useful to show different aspects without crowding one diagram.
Threat (10%)
What are the main threats against this solution, including the risk to information? Reference external sources which indicate the most likely threats against this sort of business. Compliance with PCI-DSS (30%)
Detail what is required, technically and non-technically (each where there is an appropriate response) for each of the 12 PCI-DSS requirements. Where useful, use of diagrams and/or figures is encouraged.
CIS Critical Security Controls (20%)
There are 56 Safeguards (‘Sub-Controls’) for CIS CSC Implementation Group 1 (IG1) which are known as providing basic cyber hygiene against the most common attacks.
For each CIS Critical Security Control which has a IG1 Safeguard, briefly detail a solution. Address at least one IG1 Safeguard per control.
Assessment Brief 5
Notes: Use CIS Controls version 8. Only 15 of the 18 CSCs have an IG1 Safeguard.
Compliance with GDPR (10%)
Identify and detail how the solution will be compliant with GDPR.
