| Summary: | 碩士 === 國立雲林科技大學 === 會計系 === 105 === Internet is playing a vital role our daily life, but the cybersecurity threat has also been increasing. Therefore, companies will follow cybersecurity standards for maintaining their information security. PCI DSS (The Payment Card Industry Data Security Standard) is an example of a security standard which has specific requirements and implementation rules. However, the rules are for various reason difficult for the user to implement. Based on the approach presented, the purpose of this paper is to create a review methodology of security configuration for firewalls. When the IT security department, organization and auditor needs to set security configuration settings consistent with PCI DSS firewall security configuration settings.
The design science research methodology was used in this research. The firewall security requirements of PCI DSS were discussed to define the goals of our solution. Next, several program folders are designed and they include a solution procedure, preparation items and building a reusable table. This includes a firewall review tracking table that are for long term use and a reusable table. Using the auditing procedure and security model and Juniper firewall security settings to run a simulation test, to determine the feasibility of the solution.
The contribution of this study is about showing prepare item before review, establishing a tracking mechanism, deciding the security configuration of firewall from PCI DSS and creating the review flow of firewall security configuration. All of them offer both people in charge and auditor the same standard for improve objectivity, quality control, and effective resource allocation.
|
|---|
