You are opening an online store in a cloud environment. What are three security controls you might use to protect customers' credit card information? Assume that the information will need to be stored
What will be an ideal response?
Students
should
make
the
leap
to
assume
that
the
online
store
is
hosted
on
a
web
server,
and
that
the
information
will
be
stored
in
a
database.
Here
are
some
possible
answers:
Isolate
information
storage
from
the
web
application
by
putting
it
on
a
database
server
that
cannot
be
directly
accessed
from
the
Internet.
Salt
the
credit
card
information
and
encrypt
it
using
an
adequate
symmetric
algorithm
(e.g.,
AES-?
256).
Use
access
controls
to
limit
the
users
who
can
access
the
web
server
and
database
server.
Use
stored
procedures
and
other
database
best
practices
to
limit
potentially
dangerous
queries.
Use
program
security
best
practices
to
limit
the
vulnerabilities
in
the
web
application.
You might also like to view...
A document containing an embedded object will be smaller than one containing the same object as a link
Indicate whether the statement is true or false
What determines the physical size of a power supply and the placement of screw holes?
A. Wattage rating B. Manufacturer C. Form Factor D. Number of connectors