BRAND-NAME is What COUNTS!!!

Similar documents
PCI-DSS Compliance. Ron Dinwiddie Chief Technology Officer J. Spargo & Associates

Payment Card Industry Compliance Overview

Protecting Your Customers' Card Data. Presented By: Oliver Pinson-Roxburgh

Accounting and Administrative Manual Section 100: Accounting and Finance

SecurityMetrics Introduction to PCI Compliance

PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor January 23, 2014

Payment Card Industry Data Security Standard

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) Merchant Business Solutions. Version 5.0 (April 2011)

La règlementation VisaCard, MasterCard PCI-DSS

North Carolina Office of the State Controller Technology Meeting

The PCI DSS Compliance Guide For Small Business

Your Compliance Classification Level and What it Means

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

Payment Card Industry Data Security Standard Explained

What a Processor Needs from a University to Validate Compliance

<COMPANY> P07 - Third Parties Policy

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

PCI Compliance for Cloud Applications

Continuous compliance through good governance

1/18/10. Walt Conway. PCI DSS in Context. Some History The Digital Dozen Key Players Cardholder Data Outsourcing Conclusions. PCI in Higher Education

HOW SECURE IS YOUR PAYMENT CARD DATA?

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

Managed Hosting & Datacentre PCI DSS v2.0 Obligations

Payment Card Industry Compliance

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014

PCI Data Security Standards

PCI DSS. Payment Card Industry Data Security Standard.

COLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL

Josiah Wilkinson Internal Security Assessor. Nationwide

Becoming PCI Compliant

PCI Standards: A Banking Perspective

AISA Sydney 15 th April 2009

Two Approaches to PCI-DSS Compliance

PCI Compliance. Top 10 Questions & Answers

June 19, Bobbi McCracken, Associate Vice Chancellor Financial Services. Subject: Internal Audit of PCI Compliance.

How To Protect Your Credit Card Information From Being Stolen

PCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz

Frequently Asked Questions

PCI Compliance. What is New in Payment Card Industry Compliance Standards. October cliftonlarsonallen.com CliftonLarsonAllen LLP

Security Breaches and Vulnerability Experiences Overview of PCI DSS Initiative and CISP Payment Application Best Practices Questions and Comments

Don Roeber Vice President, PCI Compliance Manager. Lisa Tedeschi Assistant Vice President, Compliance Officer

PCI Security Compliance

A Compliance Overview for the Payment Card Industry (PCI)

PCI Assessments 3.0 What Will the Future Bring? Matt Halbleib, SecurityMetrics

PCI Compliance Overview

HOW SECURE IS YOUR PAYMENT CARD DATA? COMPLYING WITH PCI DSS

Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance

Payment Card Industry Data Security Standards

PCI Compliance Top 10 Questions and Answers

Are You Prepared to Successfully Pass a PCI-DSS and/or a FISMA Certification Assessment? Fiona Pattinson, SHARE: Seattle 2010

MasterCard PCI & Site Data Protection (SDP) Program Update. Academy of Risk Management Innovate. Collaborate. Educate.

How To Protect Your Business From A Hacker Attack

John B. Dickson, CISSP October 11, 2007

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

PCI DSS Overview. By Kishor Vaswani CEO, ControlCase

SecurityMetrics. PCI Starter Kit

San Jose Airport Diane Mack-Williams SJC Airport Technology Services ACI NA San Diego, 15th October 2011

PCI DSS Compliance Guide

Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance

PCI Compliance Security Awareness Program For Marine Corps Community Services Contacts: Paul Watson

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

PCI DSS Payment Card Industry Data Security Standard. Merchant compliance guidelines for level 4 merchants

Understanding Payment Card Industry (PCI) Data Security

University of Sunderland Business Assurance PCI Security Policy

How Secure is Your Payment Card Data?

Net Report s PCI DSS Version 1.1 Compliance Suite

Credit Cards and Oracle: How to Comply with PCI DSS. Stephen Kost Integrigy Corporation Session #600

Click&DECiDE s PCI DSS Version 1.2 Compliance Suite Nerys Grivolas The V ersatile BI S o l uti on!

Project Title slide Project: PCI. Are You At Risk?

PCI Requirements Coverage Summary Table

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

PCI Compliance: How to ensure customer cardholder data is handled with care

This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected

VISA EUROPE ACCOUNT INFORMATION SECURITY (AIS) PROGRAMME FREQUENTLY ASKED QUESTIONS (FAQS)

Varonis Systems & The Payment Card Industry Data Security Standard (PCI DSS)

Payment Card Industry Standard - Symantec Services

A PCI Journey with Wichita State University

Payment Card Industry Data Security Standard PCI-DSS #SA7D, Platform Database, Tuning & Security

Westpac Merchant. A guide to meeting the new Payment Card Industry Security Standards

PCI Requirements Coverage Summary Table

PCI Training for Retail Jamboree Staff Volunteers. Securing Cardholder Data

Payment Card Industry (PCI) Compliance A QSA Perspective

CHEAT SHEET: PCI DSS 3.1 COMPLIANCE

Payment Card Industry (PCI) Data Security Standard. Summary of Changes from PCI DSS Version 2.0 to 3.0

ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE

Data Security Basics for Small Merchants

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

Achieving Compliance with the PCI Data Security Standard

PCI Compliance. How to Meet Payment Card Industry Compliance Standards. May cliftonlarsonallen.com CliftonLarsonAllen LLP

Payment Card Industry Data Security Standard (PCI DSS)

Network Segmentation

Payment Card Industry Data Security Standard

Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013

Whitepaper. PCI Compliance: Protect Your Business from Data Breach

The State of Security and Compliance for E- Commerce and Retail

PAYMENT CARD INDUSTRY (PCI) ANNUAL TRAINING DECEMBER 10, 2009 WESTERN ILLINOIS UNIVERSITY OFFICE OF THE CTSO & BUSINESS SERVICES

PCI DSS v3.0 Vulnerability & Penetration Testing

Ecommerce Guide to PCI DSS 3.0

IT Security Compliance PCI DSS FOR MERCHANTS THE PAYMENT CARD INDUSTRY DATE SECURITY STANDARD WHITE PAPER

Transcription:

BRAND-NAME is What COUNTS!!! USE PCI-DSS and make a name for your business Amit Jain Lead Solution Architect Aug 2015

Who We Are WHO WE ARE Company facts and figures ESTABLISHED TRUSTED 1995 BY MORE THAN 3 MILLION BUSINESSES Selected by more enterprises for compliance chosen more often than the next 10 service providers combined GROWING GLOBAL INNOVATING MORE THAN 1,300 EMPLOYEES CUSTOMERS IN 96 COUNTRIES MORE THAN 50 PATENTS & COUNTING Global Threat Database feeds technologies and services with threat intelligence Industry s most holistic portfolio of security technologies delivered through TrustKeeper *+30 patents granted; +20 patents pending

Introduction to PCI-DSS

PCI BASICS PCI DSS Defined The Payment Card Industry Data Security Standard (PCI DSS) is a set of 12 requirements designed to protect cardholder data It is applied to ALL merchants, service providers, systems, networks and applications that process, store, and/or transmit card numbers PCI Data Security Standard High Level Overview Build and Maintain a Secure Network and Systems (2) Protect Cardholder Data (2) Maintain a Vulnerability Management Program (2) Implement Strong Access Control Measures (3) Regularly Monitor and Test Networks (2) Maintain an Information Security Policy (1)

PCI DSS COMPLIANCE Sound Business Practice Fundamental Best Security Practices Avoid fraud Helps to understand own system better Clarifies where data is stored Upholds Brand Name Adds value to name Increases consumer confidence Non-compliant, compromised business could expect Damage to their brand/reputation Investigation costs Remediation costs Fines and fees

Requirements for HOSTING PROVIDERS

Requirement No. 9 Restrict physical access to cardholder data Implement facility entry controls to limit and monitor physical access to systems and data. video cameras (3 months retention) restrict physical access to public network jacks, Wireless APs, etc. Visitor controls: distinguish between employees and visitors (visitor and employee badges) data centre visitor log Physically secure all paper and electronic media that contain cardholder information Backup media in safe or secure room Restrict access hardcopy media Clean desk policy Maintain, control and audit all movement of media containing cardholder data (paper & electronic) Secure media destruction (cross-cut shred, degauss etc.)

Requirement No. 12 Maintain a policy that addresses information security Formalise, maintain and publish Information Security Policy Formalise operational security procedures Develop acceptable usage policies for remote access systems Ensure information security responsibilities are clearly defined and assigned. Security Awareness Programme HR Screening Policies and Procedures Contractual obligations for 3rd parties Incident Response Plan

PEN TEST REQUIREMENT Compliance point of view Penetration testing definitions tightened: Pen testing must adhere to industry methodology and/or standards NIST given as an example Qualified personnel performing the test. Independence within the organization or external body. Include review of threats and vulnerabilities experienced in the past Includes testing of CDE perimeter

Vulnerability Scanning Requirement Compliance : - Is a critical component of maintaining PCI-DSS status over the course of year - Used by assessors and auditors to regularly validate PCI DSS Security : - Provides a hacker s insight into network assets, both inside and outside the firewall - Regular scanning and reporting documents vulnerabilities, assigns risk and verifies remediation through patching : Reducing the number and severity of vulnerabilities

Why Trustwave? Every PCI assessment requires to use an ASV (approved scanning vendor). Every PCI assessment requires Internal/External Vulnerability Scan to be performed. Every PCI assessment requires Pen test to be performed. Every PCI assessment for Level 1 Service Providers requires onsite validation Every PCI assessment for Level 1 Service providers requires Policies and Procedures to be properly documented in the Report on Compliance. Trustwave provides complete spectrum of PCI services and solutions that help a customer achieve compliance and more importantly maintain the status going forward. We help customers make COMPLIANCE as a BUSINESS AS USUAL activity.

PCI Compliance Credentials QSA since 2001 Visa CISP (2001) MasterCard SDP (2003) Discover DISC (2004) AMEX (2006) ASV (2003) PA QSA (2005) PFI (2005) P2PE (2012) QSA PA QSA

UNDISPUTED LEADERS IN PCI-DSS Who do customers trust to assess & validate their compliance Source: Visa Registry of Global Service Providers (Jan 2013)

THANK YOU.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information