You are opening an online store in a cloud environment. What are three security controls you might use to protect customers’ credit card information? Assume that the information will need to be stored.

What will be an ideal response?

Students should make the leap to assume that the online store is hosted on a web server, and that the information will be stored in a database. Here are some possible answers: Isolate information storage from the web application byputting it on a database server that cannot be directly accessed from the Internet. Salt the credit card information and encrypt it using an adequate symmetric algorithm (e.g., AES-­? 256). Use access controls to limit the users who can access the web serverand database server. Use stored procedures and other database best practices to limit potentially dangerous queries. Use program security best practices to limit the vulnerabilities in the web application.