SlideShare une entreprise Scribd logo

Compliance-driven Security Requirements Warzaw Oct 2010

Télécharger en tant que PPT, PDF
Cybercom Group
Cybercom Group
1  sur  21
Compliance-driven Security Requirements Warzaw 12 Oct 2010 10-10-13 [email_address] Bengt Berg, M.Sc, CISM, CISSP, QSA, ... Head of Compliance Management Services Cybercom Sweden East AB
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],So... Who’s Talking? 10-10-13 [email_address]
External Compliance Requirements 10-10-13 [email_address] Sarbanes-Oxley Act ISO/EIC 27001:2006 CE certification FDA/Part11 Basel3 Public Sector Procurement Laws ISO 14001 PCI DSS, Payment Card Industry Data Security Standard,
How PCI DSS has Transformed the Payment Security Area 10-10-13 [email_address]
PCI DSS 10-10-13 [email_address] Brands Bank PSP Merchant Solution vendor Service provider PA-QSA PTS PFI QSA ASV
But What are These Requirements? 10-10-13 [email_address] Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters Requirement 3: Protect stored cardholder data Requirement 4: Encrypt transmission of cardholder data across open, public networks Requirement 5: Use and regularly update anti-virus software Requirement 6: Develop and maintain secure systems and applications Requirement 7: Restrict access to cardholder data by business need-to-know : Requirement 8 Assign a unique ID to each person with computer access Requirement 9: Restrict physical access to cardholder data Requirement 10: Track and monitor all access to network resources and cardholder data Requirement 11: Regularly test security systems and processes Requirement 12: Maintain a policy that addresses information security ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Initial Backlashes 10-10-13 [email_address]
Response From Product Suppliers and Consultancy Companies 10-10-13 [email_address]
[object Object],[object Object],[object Object],[object Object],What Results Have Been Achieved? 10-10-13 [email_address] Investments in IS/IT Security
[object Object],What Results Have Been Achieved? 10-10-13 [email_address]
[object Object],What Results Have Been Achieved? 10-10-13 [email_address]
[object Object],[object Object],What Results Have Been Achieved? 10-10-13 [email_address] Brands Bank PSP Merchant Solution vendor Service provider QSA ASV
Emerging Methods for Managing External Compliance Requirements 10-10-13 [email_address]
[object Object],[object Object],[object Object],[object Object],[object Object],Emerging methods 10-10-13 [email_address]
[object Object],[object Object],Portal Solutions for Compliance Management 10-10-13 [email_address]
Use of Issue Management Systems 10-10-13 [email_address] 27 workflows neccessary to implement ISO 27001 Report Incident Incident response team Webb team Network team H/R Closed Incidents CISO
Use of Issue Management Systems 10-10-13 [email_address]
All Documentation in Wiki format ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],10-10-13 [email_address]
All Documentation in Wiki format 10-10-13 [email_address]
Trend-oriented tests 10-10-13 [email_address]
[object Object],Conclusions 10-10-13 [email_address] New compliance-oriented business models Will always benefit the outsourcing providers The leader gets a competitive advantage Rational methods decrease investment Success depends on the governance framework Nobody wants to be a problem for their customer

Recommandé

PCI 2010: Trends and Technologies
PCI 2010: Trends and TechnologiesPCI 2010: Trends and Technologies
PCI 2010: Trends and TechnologiesAnton Chuvakin
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the CloudKimberly Simon MBA
 
PCI DSS Essential Guide
PCI DSS Essential GuidePCI DSS Essential Guide
PCI DSS Essential GuideKim Jensen
 
Pci dss-for-it-providers
Pci dss-for-it-providersPci dss-for-it-providers
Pci dss-for-it-providersCalyptix Security
 
Approach pci- dss
Approach pci- dssApproach pci- dss
Approach pci- dssVikrant Burbure
 
Continual Compliance for PCI DSS, E13PA and ISO 27001/2
Continual Compliance for PCI DSS, E13PA and ISO 27001/2Continual Compliance for PCI DSS, E13PA and ISO 27001/2
Continual Compliance for PCI DSS, E13PA and ISO 27001/2ControlCase
 
Application security and pa dss certification
Application security and pa dss certificationApplication security and pa dss certification
Application security and pa dss certificationAlexander Polyakov
 
PA-DSS
PA-DSSPA-DSS
PA-DSSChristian Heinrich
 

Recommandé

PCI 2010: Trends and Technologies
PCI 2010: Trends and TechnologiesPCI 2010: Trends and Technologies
PCI 2010: Trends and TechnologiesAnton Chuvakin
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the CloudKimberly Simon MBA
 
PCI DSS Essential Guide
PCI DSS Essential GuidePCI DSS Essential Guide
PCI DSS Essential GuideKim Jensen
 
Pci dss-for-it-providers
Pci dss-for-it-providersPci dss-for-it-providers
Pci dss-for-it-providersCalyptix Security
 
Approach pci- dss
Approach pci- dssApproach pci- dss
Approach pci- dssVikrant Burbure
 
Continual Compliance for PCI DSS, E13PA and ISO 27001/2
Continual Compliance for PCI DSS, E13PA and ISO 27001/2Continual Compliance for PCI DSS, E13PA and ISO 27001/2
Continual Compliance for PCI DSS, E13PA and ISO 27001/2ControlCase
 
Application security and pa dss certification
Application security and pa dss certificationApplication security and pa dss certification
Application security and pa dss certificationAlexander Polyakov
 
PA-DSS
PA-DSSPA-DSS
PA-DSSChristian Heinrich
 
Data Discovery and PCI DSS
Data Discovery and PCI DSSData Discovery and PCI DSS
Data Discovery and PCI DSSKimberly Simon MBA
 
PCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataInMobi Technology
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSSKimberly Simon MBA
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overviewokrantz
 
PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowAlienVault
 
OnServe
OnServeOnServe
OnServeOnServe
 
OnServe
OnServeOnServe
OnServeOnServe
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation servicesTariq Juneja
 
Spirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinAnton Chuvakin
 
PCI Compliance Myths, Reality and Solutions for Retail
PCI Compliance Myths, Reality and Solutions for RetailPCI Compliance Myths, Reality and Solutions for Retail
PCI Compliance Myths, Reality and Solutions for RetailInDefense Security
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONhimalya sharma
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECKimberly Simon MBA
 
PCI DSS 3.0 – What You Need to Know
PCI DSS 3.0 – What You Need to KnowPCI DSS 3.0 – What You Need to Know
PCI DSS 3.0 – What You Need to KnowTerra Verde
 
Continual Compliance Monitoring
Continual Compliance MonitoringContinual Compliance Monitoring
Continual Compliance MonitoringKimberly Simon MBA
 
Verderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCIVerderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCIBen Rothke
 
Card Data Discovery and PCI DSS
Card Data Discovery and PCI DSSCard Data Discovery and PCI DSS
Card Data Discovery and PCI DSSKimberly Simon MBA
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the CloudControlCase
 
PCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyPCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyAlienVault
 
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS ComplianceKimberly Simon MBA
 
PCI DSS & PA DSS Version 3.0 Changes Webinar
PCI DSS & PA DSS Version 3.0 Changes WebinarPCI DSS & PA DSS Version 3.0 Changes Webinar
PCI DSS & PA DSS Version 3.0 Changes WebinarControlCase
 
Integrating Multiple IT Security Standards
Integrating Multiple IT Security StandardsIntegrating Multiple IT Security Standards
Integrating Multiple IT Security StandardsMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptwebhostingguy
 

Contenu connexe

Tendances

PCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataInMobi Technology
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overviewokrantz
 
PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowAlienVault
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation servicesTariq Juneja
 
Spirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinAnton Chuvakin
 
PCI Compliance Myths, Reality and Solutions for Retail
PCI Compliance Myths, Reality and Solutions for RetailPCI Compliance Myths, Reality and Solutions for Retail
PCI Compliance Myths, Reality and Solutions for RetailInDefense Security
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONhimalya sharma
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECKimberly Simon MBA
 
PCI DSS 3.0 – What You Need to Know
PCI DSS 3.0 – What You Need to KnowPCI DSS 3.0 – What You Need to Know
PCI DSS 3.0 – What You Need to KnowTerra Verde
 
Continual Compliance Monitoring
Continual Compliance MonitoringContinual Compliance Monitoring
Continual Compliance MonitoringKimberly Simon MBA
 
Verderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCIVerderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCIBen Rothke
 
Card Data Discovery and PCI DSS
Card Data Discovery and PCI DSSCard Data Discovery and PCI DSS
Card Data Discovery and PCI DSSKimberly Simon MBA
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the CloudControlCase
 
PCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyPCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyAlienVault
 
PCI DSS & PA DSS Version 3.0 Changes Webinar
PCI DSS & PA DSS Version 3.0 Changes WebinarPCI DSS & PA DSS Version 3.0 Changes Webinar
PCI DSS & PA DSS Version 3.0 Changes WebinarControlCase
 

Tendances (20)

Data Discovery and PCI DSS
Data Discovery and PCI DSSData Discovery and PCI DSS
Data Discovery and PCI DSS
 
PCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder data
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSS
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overview
 
PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to Know
 
OnServe
OnServeOnServe
OnServe
 
OnServe
OnServeOnServe
OnServe
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation services
 
Spirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton Chuvakin
 
PCI Compliance Myths, Reality and Solutions for Retail
PCI Compliance Myths, Reality and Solutions for RetailPCI Compliance Myths, Reality and Solutions for Retail
PCI Compliance Myths, Reality and Solutions for Retail
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
 
PCI DSS 3.0 – What You Need to Know
PCI DSS 3.0 – What You Need to KnowPCI DSS 3.0 – What You Need to Know
PCI DSS 3.0 – What You Need to Know
 
Continual Compliance Monitoring
Continual Compliance MonitoringContinual Compliance Monitoring
Continual Compliance Monitoring
 
Verderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCIVerderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCI
 
Card Data Discovery and PCI DSS
Card Data Discovery and PCI DSSCard Data Discovery and PCI DSS
Card Data Discovery and PCI DSS
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the Cloud
 
PCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyPCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance Strategy
 
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS Compliance
 
PCI DSS & PA DSS Version 3.0 Changes Webinar
PCI DSS & PA DSS Version 3.0 Changes WebinarPCI DSS & PA DSS Version 3.0 Changes Webinar
PCI DSS & PA DSS Version 3.0 Changes Webinar
 

Similaire à Compliance-driven Security Requirements Warzaw Oct 2010

Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptwebhostingguy
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptwebhostingguy
 
Access Control time attendence, Biometrics UAE
Access Control time attendence, Biometrics UAEAccess Control time attendence, Biometrics UAE
Access Control time attendence, Biometrics UAEsecuritysytem
 
PCI Compliance - Delving Deeper In The Standard
PCI Compliance - Delving Deeper In The StandardPCI Compliance - Delving Deeper In The Standard
PCI Compliance - Delving Deeper In The StandardJohn Bedrick
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonUlf Mattsson
 
Wakeel Ahmed_CV_IT_Admin
Wakeel Ahmed_CV_IT_AdminWakeel Ahmed_CV_IT_Admin
Wakeel Ahmed_CV_IT_AdminWakeel Ahmed
 
Noel_De_Leon_Alvior_CV
Noel_De_Leon_Alvior_CVNoel_De_Leon_Alvior_CV
Noel_De_Leon_Alvior_CVNoel Alvior
 
Introduction to ThousandEyes
Introduction to ThousandEyesIntroduction to ThousandEyes
Introduction to ThousandEyesThousandEyes
 
Cisco Connect 2018 Thailand - Data center transformation emerging trends and ...
Cisco Connect 2018 Thailand - Data center transformation emerging trends and ...Cisco Connect 2018 Thailand - Data center transformation emerging trends and ...
Cisco Connect 2018 Thailand - Data center transformation emerging trends and ...NetworkCollaborators
 
Didiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - EnglishDidiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - EnglishDidiet Kusumadihardja
 
PSI Corporate Profile
PSI Corporate ProfilePSI Corporate Profile
PSI Corporate Profilemike_vincent
 
Cyber Tekes Safety and Security programme 2013
Cyber Tekes Safety and Security programme 2013Cyber Tekes Safety and Security programme 2013
Cyber Tekes Safety and Security programme 2013Turvallisuus2013
 
This is my test slideshare
This is my test slideshareThis is my test slideshare
This is my test slidesharepapdev
 
PSI corporate profile
PSI corporate profilePSI corporate profile
PSI corporate profilesanirudha
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdfControlCase
 
Biz Nova It Project Bonus Slides
Biz Nova It Project Bonus SlidesBiz Nova It Project Bonus Slides
Biz Nova It Project Bonus SlidesTyHowardPMP
 

Similaire à Compliance-driven Security Requirements Warzaw Oct 2010 (20)

Integrating Multiple IT Security Standards
Integrating Multiple IT Security StandardsIntegrating Multiple IT Security Standards
Integrating Multiple IT Security Standards
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.ppt
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.ppt
 
Evolution Pci For Pod1
Evolution Pci For Pod1Evolution Pci For Pod1
Evolution Pci For Pod1
 
VDD Introduction-EN
VDD Introduction-ENVDD Introduction-EN
VDD Introduction-EN
 
Access Control time attendence, Biometrics UAE
Access Control time attendence, Biometrics UAEAccess Control time attendence, Biometrics UAE
Access Control time attendence, Biometrics UAE
 
PCI Compliance - Delving Deeper In The Standard
PCI Compliance - Delving Deeper In The StandardPCI Compliance - Delving Deeper In The Standard
PCI Compliance - Delving Deeper In The Standard
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf Mattsson
 
Presentation_Borne
Presentation_BornePresentation_Borne
Presentation_Borne
 
Wakeel Ahmed_CV_IT_Admin
Wakeel Ahmed_CV_IT_AdminWakeel Ahmed_CV_IT_Admin
Wakeel Ahmed_CV_IT_Admin
 
Noel_De_Leon_Alvior_CV
Noel_De_Leon_Alvior_CVNoel_De_Leon_Alvior_CV
Noel_De_Leon_Alvior_CV
 
Introduction to ThousandEyes
Introduction to ThousandEyesIntroduction to ThousandEyes
Introduction to ThousandEyes
 
Cisco Connect 2018 Thailand - Data center transformation emerging trends and ...
Cisco Connect 2018 Thailand - Data center transformation emerging trends and ...Cisco Connect 2018 Thailand - Data center transformation emerging trends and ...
Cisco Connect 2018 Thailand - Data center transformation emerging trends and ...
 
Didiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - EnglishDidiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - English
 
PSI Corporate Profile
PSI Corporate ProfilePSI Corporate Profile
PSI Corporate Profile
 
Cyber Tekes Safety and Security programme 2013
Cyber Tekes Safety and Security programme 2013Cyber Tekes Safety and Security programme 2013
Cyber Tekes Safety and Security programme 2013
 
This is my test slideshare
This is my test slideshareThis is my test slideshare
This is my test slideshare
 
PSI corporate profile
PSI corporate profilePSI corporate profile
PSI corporate profile
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
 
Biz Nova It Project Bonus Slides
Biz Nova It Project Bonus SlidesBiz Nova It Project Bonus Slides
Biz Nova It Project Bonus Slides
 

Compliance-driven Security Requirements Warzaw Oct 2010

  • 1. Compliance-driven Security Requirements Warzaw 12 Oct 2010 10-10-13 [email_address] Bengt Berg, M.Sc, CISM, CISSP, QSA, ... Head of Compliance Management Services Cybercom Sweden East AB
  • 2.
  • 3. External Compliance Requirements 10-10-13 [email_address] Sarbanes-Oxley Act ISO/EIC 27001:2006 CE certification FDA/Part11 Basel3 Public Sector Procurement Laws ISO 14001 PCI DSS, Payment Card Industry Data Security Standard,
  • 4. How PCI DSS has Transformed the Payment Security Area 10-10-13 [email_address]
  • 5. PCI DSS 10-10-13 [email_address] Brands Bank PSP Merchant Solution vendor Service provider PA-QSA PTS PFI QSA ASV
  • 6.
  • 7.
  • 8. Response From Product Suppliers and Consultancy Companies 10-10-13 [email_address]
  • 9.
  • 10.
  • 11.
  • 12.
  • 13. Emerging Methods for Managing External Compliance Requirements 10-10-13 [email_address]
  • 14.
  • 15.
  • 16. Use of Issue Management Systems 10-10-13 [email_address] 27 workflows neccessary to implement ISO 27001 Report Incident Incident response team Webb team Network team H/R Closed Incidents CISO
  • 17. Use of Issue Management Systems 10-10-13 [email_address]
  • 18.
  • 19. All Documentation in Wiki format 10-10-13 [email_address]
  • 20. Trend-oriented tests 10-10-13 [email_address]
  • 21.

Notes de l'éditeur

  1. Alltså, jag tänkte inte tala om branscher där man skall arbeta med IT-säkerhet
  2. Det är gratis att ställa krav på andra En allt större del av säkerhetsinvesteringarna går till att hantera andras krav, inte de egna Det finns alltid en struktur/organisation/uppföljning bakom dessa krav. Finns det inte kan man strunta i dem 
  3. Poängtera att detta inte är en wiki där envar kan editera.
  4. Poängtera att detta inte är en wiki där envar kan editera.