SlideShare une entreprise Scribd logo
1  sur  48
Télécharger pour lire hors ligne
Skeletal Elements of your Organization’s  IT Systems Deter, Detect and Defend Against  Data Breaches Information Security Program  &  Payment Card Industry Data Security (PCI DSS) Compliance for Your Business
Security and Compliance Not Synonymous   ,[object Object],[object Object]
77 Million Users 10 Million Credit Card Compromised Accounts   Losses ??? Millions of Names and Email Addresses of over 2,500 Major Companies   Consequences??
94 Million Compromised Accounts   83 Million Dollars in Losses 4 Million Compromised Accounts   100’s of Compromised Accounts   50,000+ Credit Card Transactions  Processed Yearly 20,000+ Credit Cards Numbers
The High Cost of Data Breaches Average Cost Per Record Breached  $204 Average Cost Per Breach  $6.75 million Range of Total Cost Per Breach $750,000 to almost $31 million Source: Ponemon Institute, Fourth Annual Cost of Data Breach Study, January 2009
Essentials Elements of a Successful Information Technology Security Program
COBIT Standards Risk Assessment  ,[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Management Benefits
[object Object],[object Object],[object Object],Auditors Benefits
[object Object],[object Object],End Users Benefits
COBIT's Four Domains ,[object Object],[object Object],[object Object],[object Object]
Plan and Organize ,[object Object],[object Object]
Control Objectives for the  Planning & Organization Domain PO1 Define a Strategic IT Plan PO2 Define the Information Architecture PO3 Determine Technological Direction PO4 Define the IT Processes, Organization & Relationships PO5 Manage the IT Investment PO6 Communicate Management Aims & Direction PO7 Manage IT Human Resources PO8 Manage Quality PO9 Assess and Manage IT Risks PO10 Manage Projects
Acquire and Implement ,[object Object],[object Object]
Control Objectives for the  Acquire & Implement Domain AI1 Identify Automated Solutions AI2 Acquire and Maintain Application Software AI3 Acquire and Maintain Technology Infrastructure AI4 Enable Operation and Use AI5 Procure IT Resources AI6 Manage Changes AI7 Install and Accredit Solutions and Changes
Delivery and Support ,[object Object],[object Object],[object Object]
Control Objectives for the  Delivery & Support Domain DS1 Define and Manage Service Levels DS2 Manage Third-party Services DS3 Manage Performance and Capacity DS4 Ensure Continuous Service DS5 Ensure Systems Security DS6 Identify and Allocate Costs DS7 Educate and Train Users DS8 Manage Service Desk and Incidents DS9 Manage the Configuration DS10 Manage Problems DS11 Manage Data DS12 Manage the Physical Environment DS13 Manage Operations
Monitor and Evaulate ,[object Object],[object Object]
Control Objectives for the  Monitor & Evaluate Domain ME1 Monitor and Evaluate IT Processes ME2 Monitor and Evaluate Internal Control ME3 Ensure Regulatory Compliance ME4 Provide IT Governance
Further Information: Information Systems  Audit and Control Association (ISACA) http://www.isaca.org
Annual Security Reporting ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Information Security Policy  ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Safeguarding  Customer Information Policy  ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Access Control Policy  ,[object Object],[object Object],[object Object],[object Object],[object Object]
Data Classification, Retention and Disposal Policy   ,[object Object],[object Object],[object Object]
Intrusion Response Plan   ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Unauthorized Access to Customer Information Plan
Additional Items ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Further Information & Sample Polices/Guidelines: Systems And Network Security http://www.sans.org National Institute of Standards and Technology (NIST) www.nist.gov
Payment Card Industry Data Security (PCI DSS) Compliance for Your Business
A Security Breach and Subsequent Compromise of Cardholder Data could have far-reaching  Consequences  for Your Business including: ,[object Object],[object Object],[object Object],[object Object],[object Object]
Compliant Organizations Experience Fewer Breaches ,[object Object],[object Object]
We all can help to  Deter, Detect and Defend  against ID Theft with these 5 easy steps: Take Stock  –  Know Where the Info Is Scale Down  –  Keep Only What is Needed Lock It  –  Protect the Info We Do Keep Pitch It   – Properly Dispose of What We Don’t Plan Ahead   – Create a Plan to Response to a Breach
does not manage compliance programs and does not impose any consequences for non-compliance.   may have their own compliance initiatives, including financial or operational consequences to certain businesses that are not compliant.
The Road to  PCI DSS Compliance   is dependent on the   Merchant Level  &  Self Assessment Questionnaire  (SAQ)  Validation Types
Merchant Levels  based on  Credit Card Transactions Processed ,[object Object],[object Object],[object Object],[object Object]
Self Assessment Questionnaire (SAQ) Validation Types
SAQ A  ,[object Object],[object Object],[object Object],[object Object]
SAQ B ,[object Object],[object Object],[object Object],[object Object]
SAQ C-VT ,[object Object],[object Object],[object Object]
SAQ C ,[object Object],[object Object],[object Object]
SAQ D ,[object Object],[object Object],[object Object]
Maintain Information  Security Policy Requirement 12 SAQ A,B,C,D Regularly  Test Security  Systems/Processes Requirement 11 SAQ C,D   Track & Monitor  Access to Network  Resources & CHD Requirement 10 SAQ C,D   Restrict Physical  Access to CHD Requirement  9 SAQ A,B,C,D Assign Unique ID  for each person w/ computer access  to CHD Requirement  8  SAQ C,D   Restrict CHD Access to  Business Need-to-Know Requirement  7 SAQ B,C,D Develop & Maintain  Secure Systems/Applications Requirement  6 SAQ C,D Use & Regularly Update  Anti-Virus Software Requirement 5 SAQ C,D Encrypt Transmission  of CHD across Public Networks Requirement 4 SAQ B,C,D Protect Stored CHD  Requirement 3 SAQ B,C,D Change All Defaults  Passwords  & Security Parameters Requirement 2 SAQ C,D   Install & Maintain  Firewall Configuration  to protect CHD Requirement 1  SAQ C,D Security Requirements for  PCI DSS Compliance
Prioritized Approach to Pursue PCI DSS Compliance ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Prioritized Approach to Pursue PCI DSS Compliance Tool https://www.pcisecuritystandards.org/documents/Prioritized_Approach_PCI_DSS_version1_2.xls
PCI Compliance in its simplest form is;  if you don’t need the cardholder data - then don’t store it, if you store it, you must protect it.
Further Information on ,[object Object],[object Object],[object Object],[object Object]
Questions??

Contenu connexe

Tendances

Information System audit
Information System auditInformation System audit
Information System auditPratapchandra
 
Critical Security And Compliance Issues In Internet Banking
Critical Security And Compliance Issues In Internet BankingCritical Security And Compliance Issues In Internet Banking
Critical Security And Compliance Issues In Internet BankingThomas Donofrio
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)Muhammad Azmy
 
Audit Sample Report
Audit Sample ReportAudit Sample Report
Audit Sample ReportRandy James
 
El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007Danial Khan
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Complianceseanpizzy
 
Symantec Corporate Presentation
Symantec Corporate PresentationSymantec Corporate Presentation
Symantec Corporate PresentationInvestorSymantec
 
IS Audit Checklist- by Software development company in india
IS Audit Checklist- by Software development company in indiaIS Audit Checklist- by Software development company in india
IS Audit Checklist- by Software development company in indiaiFour Consultancy
 
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIECVendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIECControlCase
 
Cloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA ProfessionCloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA ProfessionBharath Rao
 
Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2Yasir Khan
 
Internal Controls Over Information Systems
Internal Controls Over Information Systems Internal Controls Over Information Systems
Internal Controls Over Information Systems Jeffrey Paulette
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOXMahesh Patwardhan
 
The 21 CFR Part 11 Compliance Checklist for Digital Applications
The 21 CFR Part 11 Compliance Checklist for Digital ApplicationsThe 21 CFR Part 11 Compliance Checklist for Digital Applications
The 21 CFR Part 11 Compliance Checklist for Digital ApplicationsEMMAIntl
 
Software Asset Management
Software Asset ManagementSoftware Asset Management
Software Asset Managementicomply
 
Compliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCompliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCorporater
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSShivamSharma909
 
Linda Lopez Resume 20170130 IT Security
Linda Lopez Resume 20170130 IT SecurityLinda Lopez Resume 20170130 IT Security
Linda Lopez Resume 20170130 IT SecurityLinda Lopez
 

Tendances (20)

Information System audit
Information System auditInformation System audit
Information System audit
 
Critical Security And Compliance Issues In Internet Banking
Critical Security And Compliance Issues In Internet BankingCritical Security And Compliance Issues In Internet Banking
Critical Security And Compliance Issues In Internet Banking
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
 
Audit Sample Report
Audit Sample ReportAudit Sample Report
Audit Sample Report
 
Internal controls in an IT environment
Internal controls in an IT environment Internal controls in an IT environment
Internal controls in an IT environment
 
El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Compliance
 
Symantec Corporate Presentation
Symantec Corporate PresentationSymantec Corporate Presentation
Symantec Corporate Presentation
 
IS Audit Checklist- by Software development company in india
IS Audit Checklist- by Software development company in indiaIS Audit Checklist- by Software development company in india
IS Audit Checklist- by Software development company in india
 
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIECVendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
 
Cloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA ProfessionCloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA Profession
 
Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2
 
Internal Controls Over Information Systems
Internal Controls Over Information Systems Internal Controls Over Information Systems
Internal Controls Over Information Systems
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOX
 
3c 2 Information Systems Audit
3c   2   Information Systems Audit3c   2   Information Systems Audit
3c 2 Information Systems Audit
 
The 21 CFR Part 11 Compliance Checklist for Digital Applications
The 21 CFR Part 11 Compliance Checklist for Digital ApplicationsThe 21 CFR Part 11 Compliance Checklist for Digital Applications
The 21 CFR Part 11 Compliance Checklist for Digital Applications
 
Software Asset Management
Software Asset ManagementSoftware Asset Management
Software Asset Management
 
Compliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCompliance Management | Compliance Solutions
Compliance Management | Compliance Solutions
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
 
Linda Lopez Resume 20170130 IT Security
Linda Lopez Resume 20170130 IT SecurityLinda Lopez Resume 20170130 IT Security
Linda Lopez Resume 20170130 IT Security
 

Similaire à Info Security & PCI(original)

gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.pptKhalilIdhman
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsVisionet Systems, Inc.
 
What Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT GovernanceWhat Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT GovernanceBill Lisse
 
2010 06 gartner avoiding audit fatigue in nine steps 1d
2010 06 gartner   avoiding audit fatigue in nine steps 1d2010 06 gartner   avoiding audit fatigue in nine steps 1d
2010 06 gartner avoiding audit fatigue in nine steps 1dGene Kim
 
Msp It Goverance And Service Delivery Process
Msp It Goverance And Service Delivery ProcessMsp It Goverance And Service Delivery Process
Msp It Goverance And Service Delivery Processkadhar_masthan
 
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s  IT GRC Tools – Key Issues and TrendsMaclear’s  IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear LLC
 
Marcos cobi t -e-itil-v040811
Marcos cobi t -e-itil-v040811Marcos cobi t -e-itil-v040811
Marcos cobi t -e-itil-v040811faau09
 
Information Systems Audit-Related Designations
Information Systems Audit-Related DesignationsInformation Systems Audit-Related Designations
Information Systems Audit-Related DesignationsMichael Lin
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation servicesTariq Juneja
 
WLS Services Brochure March 2013
WLS Services Brochure March 2013WLS Services Brochure March 2013
WLS Services Brochure March 2013Mike Wright
 
Automating Policy Compliance and IT Governance
Automating Policy Compliance and IT GovernanceAutomating Policy Compliance and IT Governance
Automating Policy Compliance and IT GovernanceSasha Nunke
 
Secrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsSecrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsChristopher Foot
 
Thierry Brunet - IT best practices & frameworks overview
Thierry Brunet -  IT best practices & frameworks overviewThierry Brunet -  IT best practices & frameworks overview
Thierry Brunet - IT best practices & frameworks overviewThierry Brunet
 
CISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITCISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITShivamSharma909
 
Marcos gobernabilidad-sin-mapa-v040811
Marcos gobernabilidad-sin-mapa-v040811Marcos gobernabilidad-sin-mapa-v040811
Marcos gobernabilidad-sin-mapa-v040811faau09
 
Establishing a framework for it governance by dave cunningham 2007
Establishing a framework for it governance by dave cunningham 2007Establishing a framework for it governance by dave cunningham 2007
Establishing a framework for it governance by dave cunningham 2007David Cunningham
 

Similaire à Info Security & PCI(original) (20)

gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.ppt
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet Systems
 
What Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT GovernanceWhat Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT Governance
 
2010 06 gartner avoiding audit fatigue in nine steps 1d
2010 06 gartner   avoiding audit fatigue in nine steps 1d2010 06 gartner   avoiding audit fatigue in nine steps 1d
2010 06 gartner avoiding audit fatigue in nine steps 1d
 
A Guide To IT Compliance Assessment And Management
A Guide To IT Compliance Assessment And ManagementA Guide To IT Compliance Assessment And Management
A Guide To IT Compliance Assessment And Management
 
Msp It Goverance And Service Delivery Process
Msp It Goverance And Service Delivery ProcessMsp It Goverance And Service Delivery Process
Msp It Goverance And Service Delivery Process
 
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s  IT GRC Tools – Key Issues and TrendsMaclear’s  IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and Trends
 
Marcos cobi t -e-itil-v040811
Marcos cobi t -e-itil-v040811Marcos cobi t -e-itil-v040811
Marcos cobi t -e-itil-v040811
 
It Governance Methodology Cox
It Governance Methodology CoxIt Governance Methodology Cox
It Governance Methodology Cox
 
An IT Governance program
An IT Governance programAn IT Governance program
An IT Governance program
 
Information Systems Audit-Related Designations
Information Systems Audit-Related DesignationsInformation Systems Audit-Related Designations
Information Systems Audit-Related Designations
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation services
 
WLS Services Brochure March 2013
WLS Services Brochure March 2013WLS Services Brochure March 2013
WLS Services Brochure March 2013
 
Automating Policy Compliance and IT Governance
Automating Policy Compliance and IT GovernanceAutomating Policy Compliance and IT Governance
Automating Policy Compliance and IT Governance
 
Secrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsSecrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance Projects
 
Thierry Brunet - IT best practices & frameworks overview
Thierry Brunet -  IT best practices & frameworks overviewThierry Brunet -  IT best practices & frameworks overview
Thierry Brunet - IT best practices & frameworks overview
 
CISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITCISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of IT
 
Marcos gobernabilidad-sin-mapa-v040811
Marcos gobernabilidad-sin-mapa-v040811Marcos gobernabilidad-sin-mapa-v040811
Marcos gobernabilidad-sin-mapa-v040811
 
David Whitaker: Managing Your Vendors
David Whitaker: Managing Your VendorsDavid Whitaker: Managing Your Vendors
David Whitaker: Managing Your Vendors
 
Establishing a framework for it governance by dave cunningham 2007
Establishing a framework for it governance by dave cunningham 2007Establishing a framework for it governance by dave cunningham 2007
Establishing a framework for it governance by dave cunningham 2007
 

Dernier

Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 

Dernier (20)

Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 

Info Security & PCI(original)

  • 1. Skeletal Elements of your Organization’s IT Systems Deter, Detect and Defend Against Data Breaches Information Security Program & Payment Card Industry Data Security (PCI DSS) Compliance for Your Business
  • 2.
  • 3. 77 Million Users 10 Million Credit Card Compromised Accounts Losses ??? Millions of Names and Email Addresses of over 2,500 Major Companies Consequences??
  • 4. 94 Million Compromised Accounts 83 Million Dollars in Losses 4 Million Compromised Accounts 100’s of Compromised Accounts 50,000+ Credit Card Transactions Processed Yearly 20,000+ Credit Cards Numbers
  • 5. The High Cost of Data Breaches Average Cost Per Record Breached $204 Average Cost Per Breach $6.75 million Range of Total Cost Per Breach $750,000 to almost $31 million Source: Ponemon Institute, Fourth Annual Cost of Data Breach Study, January 2009
  • 6. Essentials Elements of a Successful Information Technology Security Program
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13. Control Objectives for the Planning & Organization Domain PO1 Define a Strategic IT Plan PO2 Define the Information Architecture PO3 Determine Technological Direction PO4 Define the IT Processes, Organization & Relationships PO5 Manage the IT Investment PO6 Communicate Management Aims & Direction PO7 Manage IT Human Resources PO8 Manage Quality PO9 Assess and Manage IT Risks PO10 Manage Projects
  • 14.
  • 15. Control Objectives for the Acquire & Implement Domain AI1 Identify Automated Solutions AI2 Acquire and Maintain Application Software AI3 Acquire and Maintain Technology Infrastructure AI4 Enable Operation and Use AI5 Procure IT Resources AI6 Manage Changes AI7 Install and Accredit Solutions and Changes
  • 16.
  • 17. Control Objectives for the Delivery & Support Domain DS1 Define and Manage Service Levels DS2 Manage Third-party Services DS3 Manage Performance and Capacity DS4 Ensure Continuous Service DS5 Ensure Systems Security DS6 Identify and Allocate Costs DS7 Educate and Train Users DS8 Manage Service Desk and Incidents DS9 Manage the Configuration DS10 Manage Problems DS11 Manage Data DS12 Manage the Physical Environment DS13 Manage Operations
  • 18.
  • 19. Control Objectives for the Monitor & Evaluate Domain ME1 Monitor and Evaluate IT Processes ME2 Monitor and Evaluate Internal Control ME3 Ensure Regulatory Compliance ME4 Provide IT Governance
  • 20. Further Information: Information Systems Audit and Control Association (ISACA) http://www.isaca.org
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29. Further Information & Sample Polices/Guidelines: Systems And Network Security http://www.sans.org National Institute of Standards and Technology (NIST) www.nist.gov
  • 30. Payment Card Industry Data Security (PCI DSS) Compliance for Your Business
  • 31.
  • 32.
  • 33. We all can help to Deter, Detect and Defend against ID Theft with these 5 easy steps: Take Stock – Know Where the Info Is Scale Down – Keep Only What is Needed Lock It – Protect the Info We Do Keep Pitch It – Properly Dispose of What We Don’t Plan Ahead – Create a Plan to Response to a Breach
  • 34. does not manage compliance programs and does not impose any consequences for non-compliance. may have their own compliance initiatives, including financial or operational consequences to certain businesses that are not compliant.
  • 35. The Road to PCI DSS Compliance is dependent on the Merchant Level & Self Assessment Questionnaire (SAQ) Validation Types
  • 36.
  • 37. Self Assessment Questionnaire (SAQ) Validation Types
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43. Maintain Information Security Policy Requirement 12 SAQ A,B,C,D Regularly Test Security Systems/Processes Requirement 11 SAQ C,D Track & Monitor Access to Network Resources & CHD Requirement 10 SAQ C,D Restrict Physical Access to CHD Requirement 9 SAQ A,B,C,D Assign Unique ID for each person w/ computer access to CHD Requirement 8 SAQ C,D Restrict CHD Access to Business Need-to-Know Requirement 7 SAQ B,C,D Develop & Maintain Secure Systems/Applications Requirement 6 SAQ C,D Use & Regularly Update Anti-Virus Software Requirement 5 SAQ C,D Encrypt Transmission of CHD across Public Networks Requirement 4 SAQ B,C,D Protect Stored CHD Requirement 3 SAQ B,C,D Change All Defaults Passwords & Security Parameters Requirement 2 SAQ C,D Install & Maintain Firewall Configuration to protect CHD Requirement 1 SAQ C,D Security Requirements for PCI DSS Compliance
  • 44.
  • 45. Prioritized Approach to Pursue PCI DSS Compliance Tool https://www.pcisecuritystandards.org/documents/Prioritized_Approach_PCI_DSS_version1_2.xls
  • 46. PCI Compliance in its simplest form is; if you don’t need the cardholder data - then don’t store it, if you store it, you must protect it.
  • 47.