Back to books home

Volume 4 - Hypothetical Case Studies - From Jane’s Flower Attic to Jane’s Flower Emporium

  • 4.1 Volume Introduction
    • 4.1.1 Assumptions
  • 4.2 Jane’s journey - Step 1 - A small side business
    • 4.2.1 Jane’s Flower Attic (JFA) business
    • 4.2.2 Applying SAQ-B-IP using a cellular network connection to the payment device
      • 4.2.2.1 JFA Information Security Policy (simplified example)
  • 4.3 - Step 2 - Jane’s Flower Boutique (JFB)
    • 4.3.1 JFB Network Security Control (NSC, e.g. firewall) standard
  • 4.4 Step 3 - Jane’s Flower Chain (JFC)
    • 4.4.1 Network level controls
    • 4.4.2 Identification and Authentication controls
    • 4.4.3 Physical security controls
    • 4.4.4 System level controls
    • 4.4.5 Application level controls
    • 4.4.6 Logging and Monitoring
    • 4.4.7 Testing
    • 4.4.8 Governance, Policies, Procedures
    • 4.4.9 Incident Response
  • 4.5 - Step 4 - Jane’s Flower Emporium (JFE)
    • 4.5.1 JFE Organizational Structure
    • 4.5.2 Best-practice in information security governance - Information security separate from IT
    • 4.5.3 Payment transactions
    • 4.5.4 Card present payments in stores and at delivery
    • 4.5.5 Customer Service and MOTO transactions
    • 4.5.6 eCommerce
    • 4.5.7 The Information Security Program (based on ISO 27002)
    • 4.5.8 JFE’s Risk Assessment
      • 4.5.8.1 Step 1 (PREPARE / Establish a risk context)
      • 4.5.8.2 Step 2 (CONDUCT / Assess Risk)
      • 4.5.8.3 Step 3 (COMMUNICATE / Respond to Risk)
      • 4.5.8.4 Step 4 (MAINTAIN / Monitor Risk over time)
  • End Notes - Volume 4