Data Breaches Gone Mad. Straight Away! Wednesday September 28 th, 2011
|
|
- Emory Atkinson
- 8 years ago
- Views:
Transcription
1 Data Breaches Gone Mad Learn how to Secure your Data Warehouse Straight Away! Wednesday September 28 th, 2011
2 Martin Willcox Director Product & Solutions Marketing Teradata Europe, Middle East & Africa
3 Ulf Mattsson CTO Protegrity The Tokenization Experts
4 Some of you have already met Yuri. 4 4 Source: protegrity
5 Last year he and his anonymous friends hacked AT&T. 5 5 Source: protegrity
6 Security vulnerability in a Website used by ipad customers 100,000 addresses and ipad identification numbers were exposed, including: New York Mayor FBI and NASA US Departments of Defense Executives from Google, Microsoft, Amazon and Goldman Sachs 6 Source 2010: protegrity
7 This year they hacked Sony and bought BMW M5s. 7 Source: protegrity
8 Data including passwords and personal details were stored in clear text Attacks were not coordinated and not advanced 8 Majority of attacks were SQL Injection dumps and Distributed Denial of Service (DDoS) protegrity
9 Next month Yuri plans to hit a major telco with the keys provided by a disgruntled employee. 9 Source: protegrity
10 Then Yuri is going to buy a private jet. 10 Source: protegrity
11 Hospitality Retail Financial Services Government Tech Services Manufacturing Transportation Media Healthcare Business Services *: Number of breaches % 11 Source: 2011 Data Breach Investigations Report, Verizon Business RISK team and USSS protegrity
12 12 Source: Trustwave Global Security Report 2011 protegrity
13 So how does Yuri do it? 13 Source: protegrity
14 Hacking Malware Physical Error Misuse Social *: Number of records % 14 Source: 2011 Data Breach Investigations Report, Verizon Business RISK team and USSS protegrity
15 Usually, I just need one disgruntled employee. Just one. 15 Source: protegrity
16 Attackers stole information about SecurID two-factor authentication 60 different types of customized malware Advanced Persistent Threat (APT) malware tied to a network in Shanghai A tool written by a Chinese hacker 10 years ago protegrity 16
17 Third party fraud detection Notified by law enforcement Reported by customer/partner Unusual system behavior Reported by employee Internal security audit or scan Internal fraud detection Brag or blackmail by perpetrator Third party monitoring service *: Number of breaches % 17 Source: 2011 Data Breach Investigations Report, Verizon Business RISK team and USSS protegrity
18 Some issues have stayed constant: Threat landscape continues to gain sophistication Attackers will always be a step ahead of the defenders Different motivation, methods and tools today: We are fighting highly organized, well-funded crime syndicates and nations Move from detective to preventative controls needed Source: Forrester and protegrity 18
19 19 Payment card data Personal information Usernames, passwords Intellectual property Bank account data Medical records Classified information System information Sensitive organizational data *: Number of records Source: 2011 Data Breach Investigations Report, Verizon Business RISK team and USSS % protegrity
20 20 Firewalls Encryption/Tokenization for data at Anti-virus & anti-malware solution Encryption for data in motion Access governance systems Identity & access management systems Correlation or event management Web application firewalls (WAF) Endpoint encryption solution Data loss prevention systems (DLP) Intrusion detection or prevention Database scanning and monitoring ID & credentialing system IDS DAM DLP WAF Client encryption % *: Cost effective solutions for PCI DSS. Source: PCI DSS Compliance Survey, Ponemon Institute 20 protegrity
21 21 protegrity
22 Jim Browning Senior Security Engineer Teradata Labs
23 Teradata Protegrity Partnership Strategic partnership since 2004 Advocated solution for data protection on Teradata Databases Design and development of Protegrity data security platform for Teradata Proven parallel and scalable data protection for Teradata MPP platforms Collaboration on forward-looking roadmaps New and advanced data protection options Integration with new Teradata Database features Seamless operation on large data warehouse systems World-class customers 23
24 Teradata Protegrity Customers by Industry Transportation Manufacturing Utilities Telecommunications Retail Government Healthcare Financial 24
25 Types of Data Requiring Protection Credit Card Information Credit Card Numbers (PAN) Service Codes Expiration Dates Personal Identifying Information Social Security Numbers Tax Identifiers Drivers License Numbers Date of Birth Consumer Financial Data Account Numbers PINs Protected Health Information Identifiable Patient Data Medical Record Numbers Corporate Financial Data Non-public Information Human Resources Data Payroll Information Performance Ratings Customer and Prospect Data Trade Secrets and Intellectual Property 25
26 Protegrity Data Protection for Teradata A comprehensive data protection solution for Teradata Databases Provides additional separation of duties through a separate Security Manager interface for creation and maintenance of security policies Includes a patented key management system for secure key generation and protection of keys when stored Supports multiple data protection options including strong encryption and tokenization Supports multiple cryptographic algorithms and key strengths Automates the process of converting clear text data to cipher text 26
27 Protegrity Data Protection for Teradata A comprehensive data protection solution for Teradata Databases Provides additional access controls to protect sensitive information (even DBC can not see unencrypted data unless specifically authorized by the Security Manager) Includes additional auditing separate from database audit logs (such as the Access Log) Designed to fully exploit Teradata Database parallelism and scalability Enterprise-wide solution that works with most major databases and operating systems (not just Teradata) 27
28 Protegrity Data Protection for Teradata Architecture Enterprise Security Administrator (ESA) Policy Management Audit Logs Policy Clique Node Log Proxy Server Deployment Server PEP Server Data Protection Operations AMP AMP AMP AMP Policy Enforcement Agent (UDF / UDT) Protected Data Key Management Node Audit Management PEP Server Data Protection Operations AMP AMP AMP AMP 28
29 Data Protection Methods Strong Encryption AES(128,256) / 3DES DTP2 Data Type Preserving Encryption 2 Hashing HMAC SHA-1 DAM Data Activity Monitoring Masking Tokenization Strong Encryption Symmetric encryption Encrypted value can be used in database for joins, etc. Data Type Preserving Encryption 2 Preserves the data type and length of a protected column Hashing One way can not be decrypted Hashed value can be used in database for joins Data Activity Monitoring (DAM) Monitors access to sensitive columns without encrypting or hashing Can be used as a compensating control Masking Replaces sensitive characters in a string of data to render the data secure Customizable mask patterns Tokenization Provides inert values that can replace sensitive data in databases Can be used as a compensating control 29
30 Data Protection Considerations Performance Storage Security Transparency 30
31 Data Protection Methods Data Protection Methods Performance Storage Security Transparency System without data protection Monitoring + Blocking + Masking Format Controlling Encryption Strong Encryption Tokenization Hashing Best Worst 31
32 Replace Sensitive Data With Fake Data = Random number Data Token 32
33 Replace Sensitive Data with Fake Data Tokenization De-tokenization Applications & Databases : Data Token Unprotected sensitive information: Protected sensitive information: 33
34 What is Tokenization and What is the Benefit? Tokenization Tokenization is process that replaces sensitive data in systems with inert data called tokens which have no value to the thief Tokens resemble the original data in data type and length Benefit Result Greatly improved transparency to systems and processes that need to be protected Reduced remediation Reduced need for key management Reduce the points of attacks Reduce the PCI DSS audit costs for retail scenarios 34
35 Complexity when Using Basic Tokenization Clique Node AMP Large footprint becomes larger Replication becomes more complex Solution may be unmanageable and expensive Token Server Protegrity Agent AMP AMP AMP Node AMP Protegrity Agent AMP AMP AMP Credit Card Number Social Security Number Passport Number 35
36 Protegrity Tokenization for Teradata Architecture Clique Node Small footprint Small static token tables Protegrity Agent Tokenization Operations AMP AMP AMP AMP High availability High scalability High performance No replication required No chance of collisions Node Protegrity Agent Tokenization Operations AMP AMP AMP AMP 36
37 Performance Comparison Basic Tokenization 5 tokens per second (outsourced) 5000 tokens per second (in-house) Protegrity Tokenization 200,000 tokens per second (Protegrity) Single commodity server with 10 connections. Will grow linearly with additional servers and/or connections 9,000,000+ tokenizations per second (Protegrity /Teradata) 37
38 Protegrity Tokenization Differentiators Basic Tokenization Footprint Large, Expanding Small, Static Protegrity Tokenization High Availability, Disaster Recovery Distribution Complex, expensive replication required Practically impossible to distribute geographically No replication required Easy to deploy at different geographically distributed locations Reliability Prone to collisions No collisions Performance, Latency, and Scalability Will adversely impact performance & scalability Little or no latency. Fastest industry tokenization Extendibility Practically impossible Unlimited Tokenization Capability 38
39 Why Tokenization? No masking needed No encryption/decryption when using No key management across enterprise Why Protegrity Tokenization? Better small footprint Faster high performance Lower total cost of ownership 39
40 Flexibility for Different Forms of Data Type of Data Input Token Comment Token Properties Credit Card Numeric Medical ID 29M2009ID 497HF390D Alpha-Numeric Date 10/30/ /25/2034 Date Address Alpha Numeric, delimiters in input preserved SSN Delimiters Numeric, delimiters in input Credit Card Numeric, Last 4 digits exposed 40
41 Tokenization Case Studies Customer 1: Extensive enterprise End-to-End credit card data protection switching to Protegrity Tokenization Performance Challenge: Initial tokenization Vendor Lock-In: What if we want to switch payment processor? Performance Challenge: Operational tokenization (SLAs) Customer 2: Desired single vendor to provide data protection including tokenization Combined use of tokenization and encryption Looking to expand tokens beyond CCN to PII Customer 3: Reduce compliance cost. 50 million Credit Cards, 700 million daily transactions Performance Challenge: Initial tokenization End-to-End Tokens: Started with the EDW and expanding to stores 41
42 Case Study Large Chain Store By segmenting cardholder data with tokenization, a regional chain of 1,500 local convenience stores is reducing its PCI audit from seven to three months We planned on 30 days to tokenize our 30 million card numbers. With Protegrity Tokenization the whole process took about 90 minutes Qualified Security Assessors had no issues with the effective segmentation provided by Tokenization With encryption, implementations can spawn dozens of questions There were no such challenges with tokenization 42
43 Case Study Large Chain Store Faster PCI audit Half that time Lower maintenance cost Do not have to apply all 12 requirements of PCI DSS to every system Better security Ability to eliminate several business processes such as generating daily reports for data requests and access Strong performance Rapid processing rate for initial tokenization Sub-second transaction SLA 43
44 Protegrity in the ETL Process Sources Transformation Targets SQL Server DB2 AS/400 Mainframe ETL Platform Informatica Data Stage Cleansing Integration Transformation Teradata Load Processes Teradata EDW Protegrity Policy Role Based Access Control Original Value No Access Token Mask Hash Test Data Oracle 44
45 Protegrity Data Security Platform in Action Secure Collection POS e-commerce Branch Secure Distribution Policy Audit Log Tokenization Database Protector Security Administrator Application Protector File System Protector 45
46 Why Protegrity? Protegrity s Tokenization allows compliance across: PCI PII PHI Innovative: Pushing data protection with industry leading innovation such as out patented database protection system and the Protegrity Tokenization Proven: Proven platform currently protects the worlds largest companies Experienced: Experienced staff will be there with support along the way to complete data protection 46
47 Q&A Contacts: Protegrity: Teradata:
48 Thank you! Data Breaches Gone Mad Learn how to Secure your Data Warehouse Straight Away!
Securing Data Today. Ulf Mattsson CTO Protegrity ulf.mattsson [at] protegrity.com
Securing Data Today and in the Future Ulf Mattsson CTO Protegrity ulf.mattsson [at] protegrity.com Ulf Mattsson 20 years with IBM Development & Global Services Inventor of 22 patents Encryption and Tokenization
More informationProtegrity Tokenization
Securing Sensitive Data for PCI, HIPAA and Other Data Security Initiatives 2011 Edition Who should read it System architects, security experts, and other IT professionals who are looking to use tokenization
More informationMyths & Realities of Data Security & Compliance: The Risk-based Data. Ulf Mattsson, CTO, Protegrity
Myths & Realities of Data Security & Compliance: The Risk-based Data Protection Solution Ulf Mattsson, CTO, Protegrity Ulf Mattsson 20 years with IBM Development, Manufacturing & Services Inventor of 21
More informationMyths and Realities of Data Security and Compliance: Ulf Mattsson, CTO, Protegrity
Myths and Realities of Data Security and Compliance: The Risk-based Data Protection Solution Ulf Mattsson, CTO, Protegrity Ulf Mattsson 20 years with IBM Development, Manufacturing & Services Inventor
More informationProtegrity Data Security Platform
Protegrity Data Security Platform The Protegrity Data Security Platform design is based on a hub and spoke deployment architecture. The Enterprise Security Administrator (ESA) enables the authorized Security
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationData-Centric security and HP NonStop-centric ecosystems. Andrew Price, XYPRO Technology Corporation Mark Bower, Voltage Security
Title Data-Centric security and HP NonStop-centric ecosystems A breakthrough strategy for neutralizing sensitive data against advanced threats and attacks Andrew Price, XYPRO Technology Corporation Mark
More informationDatabase Security Solutions in Cloud and Outsourced Environments
Database Security Solutions in Cloud and Outsourced Environments Ulf Mat t sson TCO Prot egri t y ul f. mat t sson AT prot egri t y. com Ulf Mattsson 20 years with IBM Development & Global Services Inventor
More informationKey Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking
Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking SUMMARY The Payment Card Industry Data Security Standard (PCI DSS) defines 12 high-level security requirements directed
More informationPayment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.
Payment Card Industry Data Security Standard Training Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. March 27, 2012 Agenda Check-In 9:00-9:30 PCI Intro and History
More information2012 Data Breach Investigations Report
2012 Data Breach Investigations Report A study conducted by the Verizon RISK Team with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting & Information
More informationPassing PCI Compliance How to Address the Application Security Mandates
Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These
More informationWhere Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the Cloud - Practical advice for cloud data security Ulf Mattsson CTO, Protegrity Ulf.Mattsson@protegrity.com Ulf Mattsson, Protegrity CTO Cloud Security Alliance
More informationFighting Today s Cybercrime
SECURELY ENABLING BUSINESS Fighting Today s Cybercrime Ongoing PCI Compliance Using Data-Centric Security Technologies HOUSEKEEPING ITEMS All phone lines have been muted for the duration of the webinar.
More informationRSA SecurID Two-factor Authentication
RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial
More informationJosiah Wilkinson Internal Security Assessor. Nationwide
Josiah Wilkinson Internal Security Assessor Nationwide Payment Card Industry Overview PCI Governance/Enforcement Agenda PCI Data Security Standard Penalties for Non-Compliance Keys to Compliance Challenges
More informationAccelerating PCI Compliance
Accelerating PCI Compliance PCI Compliance for B2B Managed Services March 8, 2016 What s the Issue? Credit Card Data Breaches are Expensive for Everyone The Wall Street Journal OpenText Confidential. 2016
More informationThe SMB Cyber Security Survival Guide
The SMB Cyber Security Survival Guide Stephen Cobb, CISSP Security Evangelist The challenge A data security breach can put a business out of business or create serious unbudgeted costs To survive in today
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationDevice Hardening, Vulnerability Remediation and Mitigation for Security Compliance
Device Hardening, Vulnerability Remediation and Mitigation for Security Compliance Produced on behalf of New Net Technologies by STEVE BROADHEAD BROADBAND TESTING 2010 broadband testing and new net technologies
More informationThe Relationship Between PCI, Encryption and Tokenization: What you need to know
October 2014 The Relationship Between PCI, Encryption and Tokenization: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems,
More informationThe 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance
Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand
More informationData-Centric Security vs. Database-Level Security
TECHNICAL BRIEF Data-Centric Security vs. Database-Level Security Contrasting Voltage SecureData to solutions such as Oracle Advanced Security Transparent Data Encryption Introduction This document provides
More informationInformation Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified
Standard: Data Security Standard (DSS) Requirement: 6.6 Date: February 2008 Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Release date: 2008-04-15 General PCI
More informationHow To Protect A Web Application From Attack From A Trusted Environment
Standard: Version: Date: Requirement: Author: PCI Data Security Standard (PCI DSS) 1.2 October 2008 6.6 PCI Security Standards Council Information Supplement: Application Reviews and Web Application Firewalls
More informationHow To Secure Your Store Data With Fortinet
Securing Wireless Networks for PCI Compliance Using Fortinet s Secure WLAN Solution to Meet Regulatory Requirements Introduction In the wake of many well-documented data breaches, standards such as the
More informationData-centric Security for HP NonStop and Enterprise-wide Environments
Data-centric Security for HP NonStop and Enterprise-wide Environments Ernie Tarbox, Voltage Security 2014 Voltage Security, Inc. All Rights Reserved 1 Title Agenda Part 1 this morning Common challenges
More informationProjectplace: A Secure Project Collaboration Solution
Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationAdobe Systems Software Ireland Ltd
Adobe Systems Software Ireland Ltd Own motion investigation report 13/00007 Timothy Pilgrim, Australian Privacy Commissioner Contents Overview... 2 Background... 3 Relevant provisions of the Privacy Act...
More informationDATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH
DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and
More informationHow To Reduce Pci Dss Scope
WHITE PAPER Intel Expressway Tokenization Broker PCI DSS Reducing PCI DSS Scope: The Gateway Approach Challenge: Payment applications that handle credit card numbers pull connected systems into PCI DSS
More informationData Security as a Business Enabler Not a Ball & Chain. Big Data Everywhere May 12, 2015
Data Security as a Business Enabler Not a Ball & Chain Big Data Everywhere May 12, 2015 Les McMonagle Protegrity - Director Data Security Solutions Les has over twenty years experience in information security.
More informationImplementation Guide
Implementation Guide PayLINK Implementation Guide Version 2.1.252 Released September 17, 2013 Copyright 2011-2013, BridgePay Network Solutions, Inc. All rights reserved. The information contained herein
More informationEnd-to-end Encryption for E-Commerce Payments using Voltage SecureData Web
Technical Brief using Voltage SecureData Web Introduction Today, merchants accepting card-not-present payments on the web are concerned about three major issues affecting their business with respect to
More informationBecoming PCI Compliant
Becoming PCI Compliant Jason Brown - brownj52@michigan.gov Enterprise Security Architect Enterprise Architecture Department of Technology, Management and Budget State of Michigan @jasonbrown17 History
More informationCyber - Security and Investigations. Ingrid Beierly August 18, 2008
Cyber - Security and Investigations Ingrid Beierly August 18, 2008 Agenda Visa Cyber - Security and Investigations Today s Targets Recent Attack Patterns Hacking Statistics (removed) Top Merchant Vulnerabilities
More informationWhy Add Data Masking to Your IBM DB2 Application Environment
Why Add Data Masking to Your IBM DB2 Application Environment dataguise inc. 2010. All rights reserved. Dataguise, Inc. 2201 Walnut Ave., #260 Fremont, CA 94538 (510) 824-1036 www.dataguise.com dataguise
More informationPractical Advice for Cloud Data Protection
Practical Advice for Cloud Data Protection Ulf Mattsson CTO, Protegrity Ulf.Mattsson@protegrity.com Ulf Mattsson, Protegrity CTO Cloud Security Alliance (CSA) PCI Security Standards Council Cloud & Virtualization
More informationFrequently Asked Questions
PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply
More informationHow To Secure An Extended Enterprise
Data Security Initiatives The Layered Approach Melissa Perisce Regional Director, Global Services, South Asia April 25, 2010 2009 Verizon. All Rights Reserved. PTEXXXXX XX/09 Intel Case Study Asia North
More informationPCI DSS 3.0 : THE CHANGES AND HOW THEY WILL EFFECT YOUR BUSINESS
PCI DSS 3.0 : THE CHANGES AND HOW THEY WILL EFFECT YOUR BUSINESS CIVICA Conference 22 January 2015 WELCOME AND AGENDA Change is here! PCI-DSS 3.0 is mandatory starting January 1, 2015 Goals of the session
More informationVoltage Secure Commerce
SOLUTION BRIEF Voltage Secure Commerce PROTECT SENSITIVE DATA FROM BROWSER TO BACK-OFFICE Safely Enable Mobile and E-commerce Channels while Simplifying PCI Compliance If your business runs credit card
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationWHITE PAPER FORTIWEB WEB APPLICATION FIREWALL. Ensuring Compliance for PCI DSS 6.5 and 6.6
WHITE PAPER FORTIWEB WEB APPLICATION FIREWALL Ensuring Compliance for PCI DSS 6.5 and 6.6 CONTENTS 04 04 06 08 11 12 13 Overview Payment Card Industry Data Security Standard PCI Compliance for Web Applications
More informationSafeNet DataSecure vs. Native Oracle Encryption
SafeNet vs. Native Encryption Executive Summary Given the vital records databases hold, these systems often represent one of the most critical areas of exposure for an enterprise. Consequently, as enterprises
More informationTarget Security Breach
Target Security Breach Lessons Learned for Retailers and Consumers 2014 Pointe Solutions, Inc. PO Box 41, Exton, PA 19341 USA +1 610 524 1230 Background In the aftermath of the Target breach that affected
More informationTop Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009
Top Five Data Security Trends Impacting Franchise Operators Payment System Risk September 29, 2009 Top Five Data Security Trends Agenda Data Security Environment Compromise Overview and Attack Methods
More information2012 Bit9 Cyber Security Research Report
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationPCI Compliance. Top 10 Questions & Answers
PCI Compliance Top 10 Questions & Answers 1. What is PCI Compliance and PCI DSS? 2. Who needs to follow the PCI Data Security Standard? 3. What happens if I don t comply? 4. What are the basic requirements
More informationClient Security Risk Assessment Questionnaire
Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2
More informationData Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan
WHITE PAPER Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan Introduction to Data Privacy Today, organizations face a heightened threat landscape with data
More informationPCI Compliance Top 10 Questions and Answers
Where every interaction matters. PCI Compliance Top 10 Questions and Answers White Paper October 2013 By: Peer 1 Hosting Product Team www.peer1.com Contents What is PCI Compliance and PCI DSS? 3 Who needs
More informationThoughts on PCI DSS 3.0. September, 2014
Thoughts on PCI DSS 3.0 September, 2014 Speaker Today Jeff Sanchez is a Managing Director in Protiviti s Los Angeles office. He joined Protiviti in 2002 after spending 10 years with Arthur Andersen s Technology
More informationAchieving PCI Compliance Using F5 Products
Achieving PCI Compliance Using F5 Products Overview In April 2000, Visa launched its Cardholder Information Security Program (CISP) -- a set of mandates designed to protect its cardholders from identity
More informationSECURE YOUR DATA EXCHANGE WITH SAFE-T BOX
SECURE YOUR DATA EXCHANGE SAFE-T BOX WHITE PAPER Safe-T. Smart Security Made Simple. 1 The Costs of Uncontrolled Data Exchange 2 Safe-T Box Secure Data Exchange Platform 2.1 Business Applications and Data
More informationOvercoming PCI Compliance Challenges
Overcoming PCI Compliance Challenges Randy Rosenbaum - Security Services Exec. Alert Logic, CPISM Brian Anderson - Product Manager, Security Services, SunGard AS www.sungardas.com Goal: Understand the
More informationRSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief
RSA Encryption and Key Management Suite The threat of experiencing a data breach has never been greater. According to the Identity Theft Resource Center, since the beginning of 2008, the personal information
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationThe PCI Security Standards Council. Bob Russo June 2011
The PCI Security Standards Council Bob Russo June 2011 What are the threats to card data? How can you defend your card data? What is the Council doing to help you? What tools are available to get you secure?
More informationMITIGATING LARGE MERCHANT DATA BREACHES
MITIGATING LARGE MERCHANT DATA BREACHES Tia D. Ilori Ed Verdurmen January 2014 1 DISCLAIMER The information or recommendations contained herein are provided "AS IS" and intended for informational purposes
More informationFor more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at www.visa.
Global Partner Management Notice Subject: Visa Data Security Alert Malicious Software and Internet Protocol Addresses Dated: April 10, 2009 Announcement: The protection of account information is a responsibility
More informationHow To Protect Data From Attack On A Computer System
Information Management White Paper Understanding holistic database security 8 steps to successfully securing enterprise data sources 2 Understanding holistic database security News headlines about the
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationPCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:
What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers
More informationPCI Solution for Retail: Addressing Compliance and Security Best Practices
PCI Solution for Retail: Addressing Compliance and Security Best Practices Executive Summary The Payment Card Industry (PCI) Data Security Standard has been revised to address an evolving risk environment
More informationPCI DSS Overview and Solutions. Anwar McEntee Anwar_McEntee@rapid7.com
PCI DSS Overview and Solutions Anwar McEntee Anwar_McEntee@rapid7.com Agenda Threat environment and risk PCI DSS overview Who we are Solutions and where we can help Market presence High Profile Hacks in
More informationSeptember 20, 2013 Senior IT Examiner Gene Lilienthal
Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank
More informationPayment Transactions Security & Enforcement
Payment Transactions Security & Enforcement A REPORT FROM NEWNET COMMUNICATION TECHNOLOGIES, LLC Copyright NewNet Communication Technologies, LLC. 700 East Butterfield Road, Suite 350, Lombard, IL 60148
More informationEncryption and Tokenization: Protecting Customer Data. Your Payments Universally Amplified. Tia D. Ilori Sue Zloth September 18, 2013
Encryption and Tokenization: Protecting Customer Data Your Payments Universally Amplified Tia D. Ilori Sue Zloth September 18, 2013 Agenda Global Threat Landscape Real Cost of a Data Breach Evolution of
More informationComplying with PCI Data Security
Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring
More informationCloud security: A matter of trust? Dr Mark Ian Williams CEO, Muon Consulting
Cloud security: A matter of trust? Dr Mark Ian Williams CEO, Muon Consulting I wandered lonely as a cloud... The academic, globe-trotting years: 1992 1993: Parallel software for PET scanner images in Geneva
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationMySQL Security: Best Practices
MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationCyberSource Payment Security. with PCI DSS Tokenization Guidelines
CyberSource Payment Security Compliance The PCI Security Standards Council has published guidelines on tokenization, providing all merchants who store, process, or transmit cardholder data with guidance
More informationPayment Card Industry Security Standards PCI DSS, PCI-PTS and PA-DSS
The PCI Security Standards Council http://www.pcisecuritystandards.org The OWASP Foundation http://www.owasp.org Payment Card Industry Security Standards PCI DSS, PCI-PTS and PA-DSS Omar F. Khandaker,
More informationBreach Findings for Large Merchants. 28 January 2015 Glen Jones Cyber Intelligence and Investigation Lester Chan Payment System Security
Breach Findings for Large Merchants 28 January 2015 Glen Jones Cyber Intelligence and Investigation Lester Chan Payment System Security Disclaimer The information or recommendations contained herein are
More informationVoltage SecureData Web with Page-Integrated Encryption (PIE) Technology Security Review
Voltage SecureData Web with Page-Integrated Encryption (PIE) Technology Security Review Prepared for: Coalfire Systems, Inc. March 2, 2012 Table of Contents EXECUTIVE SUMMARY... 3 DETAILED PROJECT OVERVIEW...
More informationHow to Secure Your Environment
End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge
More informationHow To Secure An Rsa Authentication Agent
RSA Authentication Agents Security Best Practices Guide Version 3 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks RSA,
More informationRational AppScan & Ounce Products
IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168
More informationSecurity. Tiffany Trent-Abram VP, Global Product Management. November 6 th, 2015. One Connection - A World of Opportunities
One Connection - A World of Opportunities Security Tiffany Trent-Abram VP, Global Product Management November 6 th, 2015 2015 TNS Inc. All Rights Reserved. Bringing Global Credibility and History TNS Specializes
More informationVirginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
More informationLas Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM
Las Vegas Datacenter Overview Product Overview and Data Sheet Product Data Sheet Maintaining a Software as a Service (SaaS) environment with market leading availability and security is something that Active
More informationPresentation to ACC Charlotte. Data Security & Privacy. November 2, 2011. Presented by: William J. Cook C. Andrew Konia Mark J.
Presentation to ACC Charlotte Data Security & Privacy Presented by: November 2, 2011 William J. Cook C. Andrew Konia Mark J. Maier www.mcguirewoods.com Agenda Identifying the Issues/Concerns Current State/Impact
More informationPayment Card Industry Data Security Standard PCI-DSS #SA7D, Platform Database, Tuning & Security
Payment Card Industry Data Security Standard PCI-DSS #SA7D, Platform Database, Tuning & Security John Mason Slides & Code - labs.fusionlink.com Blog - www.codfusion.com What is PCI-DSS? Created by the
More informationPCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst. 2010. Page 1 of 7 www.ecfirst.com
Policy/Procedure Description PCI DSS Policies Install and Maintain a Firewall Configuration to Protect Cardholder Data Establish Firewall and Router Configuration Standards Build a Firewall Configuration
More informationProtecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance
Payment Security White Paper Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance Breaches happen across all industries as thieves look for vulnerabilities.
More informationWEB APPLICATION FIREWALLS: DO WE NEED THEM?
DISTRIBUTING EMERGING TECHNOLOGIES, REGION-WIDE WEB APPLICATION FIREWALLS: DO WE NEED THEM? SHAIKH SURMED Sr. Solutions Engineer info@fvc.com www.fvc.com HAVE YOU BEEN HACKED????? WHAT IS THE PROBLEM?
More informationRetour d'expérience PCI DSS
Retour d'expérience PCI DSS Frédéric Charpentier OSSIR : Retour d'expérience PCI DSS - 1 XMCO PARTNERS : Who are we? Xmco Partners is a consulting company specialized in IT security and advisory Xmco Partners
More informationProviding Secure Representative Data Sets
Test Data Protection Providing Secure Representative Data Sets By Dr. Ron Indeck VelociData Inc. - www.velocidata.com World Headquarters 321 North Clark Street, Suite 740 Chicago, IL 60654 Telephone: 312-600-4422
More informationPCI Data Security Standards
PCI Data Security Standards An Introduction to Bankcard Data Security Why should we worry? Since 2005, over 500 million customer records have been reported as lost or stolen 1 In 2010 alone, over 134 million
More informationData Security for the Hospitality
M&T Bank and SecurityMetrics Present: Data Security for the Hospitality Industry Featuring Lee Pierce, SecurityMetricsStrategicStrategic Accounts Dave Ellis, SecurityMetrics Forensic Investigator Doug
More informationApplying the 80/20 approach for Operational Excellence. How to combat new age threats, optimize investments and increase security.
Applying the 80/20 approach for Operational Excellence How to combat new age threats, optimize investments and increase security Vinod Vasudevan Agenda Current Threat Landscape The 80/20 Approach Achieving
More informationNetwork Test Labs (NTL) Software Testing Services for igaming
Network Test Labs (NTL) Software Testing Services for igaming Led by committed, young and dynamic professionals with extensive expertise and experience of independent testing services, Network Test Labs
More informationGlobal Partner Management Notice
Global Partner Management Notice Subject: Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends Dated: May 4, 2009 Announcement: To support compliance with
More informationAchieving PCI DSS 2.0 Compliance with Voltage Security
WHITE PAPER Achieving PCI DSS 2.0 Compliance with Security Introduction The Payment Card Industry (PCI) Data Security Standard (DSS) 2.0 1 dictates that organizations processing and storing credit card
More informationWHITE PAPER. FortiWeb Web Application Firewall Ensuring Compliance for PCI DSS 6.5 and 6.6
WHITE PAPER FortiWeb Web Application Firewall Ensuring Compliance for PCI DSS 6.5 and 6.6 Ensuring compliance for PCI DSS 6.5 and 6.6 Page 2 Overview Web applications and the elements surrounding them
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More information