PCI DSS Security and Compliance Taking on the Worl

50 %
50 %
Information about PCI DSS Security and Compliance Taking on the Worl
Education

Published on October 27, 2009

Author: AustralianComputerSo

Source: authorstream.com

Shearwater Solutions: Shearwater Solutions Protecting your Information Assets ACS Security SIG Stephan Overbeek 27 October 2009 Agenda: Agenda Securing credit card transactions: Securing credit card transactions PCI DSS – History: Visa / Mastercard PCI DSS – History AIS CISP SDP PCI Purpose of PCI =: Purpose of PCI = Protect cardholder data Payments – Stakeholders and parties: Payments – Stakeholders and parties Merchant Customer Acquiring bank Issuing bank Various other parties Various other parties Stakeholders: Stakeholders Applicability of PCI DSS: Applicability of PCI DSS Merchant Customer Acquiring bank Issuing bank Various other parties Various other parties Service providers Credit card lifecycle: Credit card lifecycle Processing Capture Storage Cardholder data Disposal Transmit Customer Merchant Acquirer PCI-SSC website: PCI-SSC website Slide133: https://www.pcisecuritystandards.org/pdfs/pci_ssc_quick_guide.pdf Minimising storage and protecting stored data: Minimising storage and protecting stored data Minimising storage and protecting stored data: Minimising storage and protecting stored data PCI SSC – Three standards: PCI SSC – Three standards MANUFACTURERS PCI PTS Payment Transaction Security Complying with PCI DSS: PCI’s twelve requirements Complying with PCI DSS – example: Complying with PCI DSS So organisations need to comply with 211 requirements And auditors need to conduct 261 testing procedures Validation requirements: Complying with PCI DSS – example Validation requirements: Validation requirements Validation versus Compliance: Validation requirements Validation requirements At all times, you need to comply with all 211 requirements in PCI DSS! Determing level (for merchants, example): Validation versus Compliance What if you do not validate compliance?: Determing level (for merchants, example) What if you do not validate compliance?: What if you do not validate compliance? What if you do not validate compliance?: What if you do not validate compliance? What if you do not validate compliance?: Complying with PCI DSS Slide137: 29 PCI remediation and compliance – Three phases PCI pre-review assessment Remediation PCI on-site review by QSA PCI remediation and compliance – Three phases: Remediation models Remediation models: Remediation for PCI DSS: Shearwater’s Layered Remediation Model Remediation for PCI DSS:Shearwater’s Layered Remediation Model: Physical security Systems security Network security Storage security Application security Management Documentation Layered design Identity and access management Layered design: Physical security Layered design Identity and access management Layered design: Physical security Implementation – step 1 Identity and access management Implementation – step 1: Physical security Implementation – step 2 Identity and access management Implementation – step 2: Physical security Implementation – step 3 Identity and access management Implementation – step 3: PCI SSC’s Prioritised Approach PCI SSC’s Prioritised Approach: Prioritised Approach Prioritised Approach: PCI DSS for increased security PCI DSS for increased security: PCI DSS for increased security PCI DSS for increased security: Alternatives for PCI DSS Alternatives for PCI DSS: Total PCI offering PCI auditing services PCI consulting services Network security scan (Shearwater is not an ASV) On-site review (QSA) SAQ assistance Network vulnerability scanning Network penetration testing Pre-review assessment Remediation Security design Forensics Slide125: Contact details

Add a comment

Related presentations

Related pages

Worldpay | Secure Payment Processing

Worldpay provides secure payment services for small and large businesses, ... Security & Compliance; INSIGHT. Insight Articles; Blog; Account Login.
Read more

Privacy Training |Data Security Training | TeachPrivacy Blog

Please stop by the TeachPrivacy booth at the expo ... including The Practical Guide to HIPAA Privacy and Security Compliance ... PCI; PCI-DSS; Philosophy ...
Read more

1000+ ideas about Regulatory Compliance on Pinterest ...

Find and save ideas about Regulatory Compliance on ... percent of PCI DSS compliance validated ... and Security: Regulatory Compliance and Data ...
Read more

Card Payment Frequently Asked Questions

Our customer care Frequently Asked Questions will supply you with the answers ... PCI DSS Compliance UK; Card ... What are the benefits of taking credit ...
Read more

Security Awareness: Combating Unintentional Security ...

PCI DSS Compliance Management; ... Taking On Today’s Threats. ... Combating Unintentional Security Breaches in a BYOD world.
Read more

Merchant Services – Worldpay

Start taking card payments. ... PCI annual Management fee ^ Worldpay Benefits Club, ... ^ PCI non compliance fees apply. ...
Read more

UK Support | Worldpay

... it comes to taking credit and debit card transactions. Whether you're looking to become PCI DSS compliant through our ... Security & Compliance; INSIGHT.
Read more

EMV Chip Card Technology FAQs | Chase Paymentech

What is EMV? EMV chip technology is becoming the global standard for credit card and debit card payments. Named after its original developers (Europay ...
Read more