(I’ve attached the PCI and Figure)
Please answer these 4 questions in a short essay style
1 – Suppose HGA’s mainframe (Figure B-1 in doc sharing) stored cardholder data in the private databases.
What steps should be taken to protect that data in order to be PCI compliant?
2 – HGA’s mainframe has network connectivity. Assuming that cardholder data is transmitted across these
networks, describe how it should be protected in transmission.
3 – Users are located at various sites connected to the HGA network. Suggest appropriate access controls to
restrict unauthorized users from looking at cardholder data.
4 – The PCI specification notes that all systems and network devices connected to a system that stores,
transmits or processes cardholder data is in scope and must comply with PCI specifications. To avoid having
the whole network subject to PCI specifications, how would you segment the network to reduce the scope of