1. What advantages does the use of an MSSP offer a small retailer such as Fairplay? Can you think of any potential drawbacks of this approach? Is there a danger in placing too much trust in an MSSP? Explain. 2. Data breaches at major retailers, such as Neiman Marcus, Target, and others, in recent years have shown that compliance with the PCI DSS is no guarantee against an intrusion (see Jaikumar Vijayan, "After Target, Neiman Marcus Breaches, Does PCI Compliance Mean Anything?," Computerworld, January 24, 2014). If you were a member of Fairplay's management team, what additional actions would you take to protect your customer's credit card data? 3. Do research online to gain insight into the evolution of the PCI DSS standard. What major changes were made in moving from PCI 2.0 to PCI 3.0? What changes are being suggested for future versions of the PCI standard?
1. What advantages does the use of an MSSP offer a small retailer such as Fairplay? Can you think of any potential drawbacks of this approach? Is there a danger in placing too much trust in an MSSP? Explain. 2. Data breaches at major retailers, such as Neiman Marcus, Target, and others, in recent years have shown that compliance with the PCI DSS is no guarantee against an intrusion (see Jaikumar Vijayan, "After Target, Neiman Marcus Breaches, Does PCI Compliance Mean Anything?," Computerworld, January 24, 2014). If you were a member of Fairplay's management team, what additional actions would you take to protect your customer's credit card data? 3. Do research online to gain insight into the evolution of the PCI DSS standard. What major changes were made in moving from PCI 2.0 to PCI 3.0? What changes are being suggested for future versions of the PCI standard?
Chapter1: Taking Risks And Making Profits Within The Dynamic Business Environment
Section: Chapter Questions
Problem 1CE
Related questions
Question
Fairplay Turns to a Managed Security Service Provider
Fairplay Finer Foods is an independent grocery retailer that operates in the greater Chicago area. From its beginning, Fairplay's mission has been to provide quality foods at an affordable price along with exceptional customer service. Starting with a single store in 1975, Fairplay has since grown to seven locations. The opening of each new store led to increased sales and attracted new customers; however, expansion also raised new information system needs as well as information security risks.
Due to its size, it was not practical for Fairplay to create and run its own information technology organization, so it contracted with KCS Computer Technology, Inc., to provide these services along with the necessary computer hardware and systems. One of KCS's key accomplishments for Fairplay was to implement and manage a corporate network that the grocery chain uses to run applications and communicate across all of its stores.
Another important area of focus for KCS involved helping Fairplay manage issues related to the Payment Card Industry Data Security Standard (PCI DSS). Retailers accepting credit cards and other forms of electronic payment are required to comply with the PCI DSS. The PCI DSS standard ensures that businesses follow best practices for protecting their customers' payment card information. The necessity to comply with the PCI DSS standard along with concern over potential network security issues led Fairplay and KCS to seek out a managed security service provider (MSSP).
After a thorough investigation, Fairplay and KCS selected ControlScan, an MSSP headquartered in Atlanta. This choice was based on ControlScan's simple pricing model, stable of certified security experts, advanced technology, and solid reputation. As part of its contract with Fairplay, ControlScan agreed to serve as an extension of KCS, delivering cloud-based security technologies and related security support services, including:
Installing, configuring, and monitoring a system of next-generation firewalls
Investigating, responding to, and reporting on security-related events
Providing network usage reports for insights into company resource utilization
Upgrading the network on an ongoing basis by implementing the latest security
Enhancements
Providing expertise to reduce network complexity and contain network-related costs
ControlScan's initial project was installing next-generation firewall appliances to protect each of Fairplay's locations. This work was completed overnight in a single night to minimize business disruption. ControlScan then conducted a thorough PCI gap analysis to compare current Fairplay security controls with those required by the PCI DSS. ControlScan developed a detailed set of recommendations and options for eliminating the gaps, giving Fairplay management a roadmap to achieve full PCI DSS compliance. Finally, ControlScan did a full review of all of Fairplay's existing information systems and security policies, working with the chain's IT staff to tweak and customize policies where necessary.
Critical Thinking Questions
1. What advantages does the use of an MSSP offer a small retailer such as Fairplay? Can you think of any potential drawbacks of this approach? Is there a danger in placing too much trust in an MSSP? Explain.
2. Data breaches at major retailers, such as Neiman Marcus, Target, and others, in recent years have shown that compliance with the PCI DSS is no guarantee against an intrusion (see Jaikumar Vijayan, "After Target, Neiman Marcus Breaches, Does PCI Compliance Mean Anything?," Computerworld, January 24, 2014). If you were a member of Fairplay's management team, what additional actions would you take to protect your customer's credit card data?
3. Do research online to gain insight into the evolution of the PCI DSS standard. What major changes were made in moving from PCI 2.0 to PCI 3.0? What changes are being suggested for future versions of the PCI standard?
Expert Solution
This question has been solved!
Explore an expertly crafted, step-by-step solution for a thorough understanding of key concepts.
Step by step
Solved in 4 steps
Recommended textbooks for you
Understanding Business
Management
ISBN:
9781259929434
Author:
William Nickels
Publisher:
McGraw-Hill Education
Management (14th Edition)
Management
ISBN:
9780134527604
Author:
Stephen P. Robbins, Mary A. Coulter
Publisher:
PEARSON
Spreadsheet Modeling & Decision Analysis: A Pract…
Management
ISBN:
9781305947412
Author:
Cliff Ragsdale
Publisher:
Cengage Learning
Understanding Business
Management
ISBN:
9781259929434
Author:
William Nickels
Publisher:
McGraw-Hill Education
Management (14th Edition)
Management
ISBN:
9780134527604
Author:
Stephen P. Robbins, Mary A. Coulter
Publisher:
PEARSON
Spreadsheet Modeling & Decision Analysis: A Pract…
Management
ISBN:
9781305947412
Author:
Cliff Ragsdale
Publisher:
Cengage Learning
Management Information Systems: Managing The Digi…
Management
ISBN:
9780135191798
Author:
Kenneth C. Laudon, Jane P. Laudon
Publisher:
PEARSON
Business Essentials (12th Edition) (What's New in…
Management
ISBN:
9780134728391
Author:
Ronald J. Ebert, Ricky W. Griffin
Publisher:
PEARSON
Fundamentals of Management (10th Edition)
Management
ISBN:
9780134237473
Author:
Stephen P. Robbins, Mary A. Coulter, David A. De Cenzo
Publisher:
PEARSON