Background: This is an assignment of an IT Security course. In this assignment,

Background:
This is an assignment of an IT Security course. In this assignment, an information system has suffered a breach of cardholder data. Someone made a fradulent purchase with a credit card PAN. After a breach, we need to complete a PCI-DSS ROC for the system as assurance that the risk of future breaches is minimized.
NOTE: The project only covers some parts of the PCI-DSS ROC (as described below in DELIVERABLE REQUIREMENTS), It is not a full ROC.
The guideline of the project can be referred to the document “PCI-DSS Term Project.docx”
Page 6 – 13 of the document mention the deliverable expected (DELIVEREABLE REQUIREMENTS).
Page 15-23 of the document is an INCOMPLETE project example provided by the instructor .
The project hasn’t specified the system we need to work on. In other words we can model any system.
I have an to model on STEAM software. STEAM is a software for user to connect to a virtual software library, and allow user to purchase PC games from the store to his local computer. If you go to the software you will notice it gives you the option to store your credit card for future purchase. If you have no idea what STEAM is, you may check the link below:
https://store.steampowered.com/
In addition, I have uploaded the lecture materials for the course, please use them as your reference.
For PCI-DSS Requirements, please refer to PCI_DSS_v3-2.pdf