Unit 4 Technical Assessment Questions
1. For your State’s Privacy Data Law, cut and paste the language that identified what data elements are considered privacy data (i.e., First and Last Name, Address, SS#, etc.).
Answer: CIME 2013 Proceedings of The 4th International Conference on IS Management and Evaluation. The International Conference on IS Management and Evaluation (ICIME) provides a forum for both researchers and practitioners to come together to develop their understanding of both theory and practice in all aspects of IT/IS management and evaluation. The wide scope of ICIME reflects the increased use of technology to manage information in and between organizations of all types and sizes across the globe. ICIME 2013 will provide opportunities for people working and researching in the field to come together both formally and informally to share their knowledge and expertise.
2. If the State Government accepts citizen credit card payments for various services and Agency payments, would the State Government be required to maintain PCI DSS compliance?
Answer: Nearly all states and localities process credit card payments from citizens, making them unambiguously subject to the Payment Card Industry Data Security Standard (PCI DSS) and its 12 core requirements. Most of these are basic IT security measures that every organization should already have in place; but in truth, many still struggle to achieve and sustain compliance. Whether PCI DSS represents the minimal floor or the aspirational ceiling for protecting cardholder data can be answered only from your organization's perspective. Few would seriously advocate a checkbox approach to compliance. But in the absence of more mature security programs, checking the boxes is better than doing nothing at all. The age-old problem remains that knowing the right things to do, and then doing them, is not always easy or convenient.