Linked Data in Production: Moving Beyond Ontologies
Info Security & PCI(original)
1. Skeletal Elements of your Organization’s IT Systems Deter, Detect and Defend Against Data Breaches Information Security Program & Payment Card Industry Data Security (PCI DSS) Compliance for Your Business
2.
3. 77 Million Users 10 Million Credit Card Compromised Accounts Losses ??? Millions of Names and Email Addresses of over 2,500 Major Companies Consequences??
4. 94 Million Compromised Accounts 83 Million Dollars in Losses 4 Million Compromised Accounts 100’s of Compromised Accounts 50,000+ Credit Card Transactions Processed Yearly 20,000+ Credit Cards Numbers
5. The High Cost of Data Breaches Average Cost Per Record Breached $204 Average Cost Per Breach $6.75 million Range of Total Cost Per Breach $750,000 to almost $31 million Source: Ponemon Institute, Fourth Annual Cost of Data Breach Study, January 2009
13. Control Objectives for the Planning & Organization Domain PO1 Define a Strategic IT Plan PO2 Define the Information Architecture PO3 Determine Technological Direction PO4 Define the IT Processes, Organization & Relationships PO5 Manage the IT Investment PO6 Communicate Management Aims & Direction PO7 Manage IT Human Resources PO8 Manage Quality PO9 Assess and Manage IT Risks PO10 Manage Projects
14.
15. Control Objectives for the Acquire & Implement Domain AI1 Identify Automated Solutions AI2 Acquire and Maintain Application Software AI3 Acquire and Maintain Technology Infrastructure AI4 Enable Operation and Use AI5 Procure IT Resources AI6 Manage Changes AI7 Install and Accredit Solutions and Changes
16.
17. Control Objectives for the Delivery & Support Domain DS1 Define and Manage Service Levels DS2 Manage Third-party Services DS3 Manage Performance and Capacity DS4 Ensure Continuous Service DS5 Ensure Systems Security DS6 Identify and Allocate Costs DS7 Educate and Train Users DS8 Manage Service Desk and Incidents DS9 Manage the Configuration DS10 Manage Problems DS11 Manage Data DS12 Manage the Physical Environment DS13 Manage Operations
18.
19. Control Objectives for the Monitor & Evaluate Domain ME1 Monitor and Evaluate IT Processes ME2 Monitor and Evaluate Internal Control ME3 Ensure Regulatory Compliance ME4 Provide IT Governance
29. Further Information & Sample Polices/Guidelines: Systems And Network Security http://www.sans.org National Institute of Standards and Technology (NIST) www.nist.gov
33. We all can help to Deter, Detect and Defend against ID Theft with these 5 easy steps: Take Stock – Know Where the Info Is Scale Down – Keep Only What is Needed Lock It – Protect the Info We Do Keep Pitch It – Properly Dispose of What We Don’t Plan Ahead – Create a Plan to Response to a Breach
34. does not manage compliance programs and does not impose any consequences for non-compliance. may have their own compliance initiatives, including financial or operational consequences to certain businesses that are not compliant.
35. The Road to PCI DSS Compliance is dependent on the Merchant Level & Self Assessment Questionnaire (SAQ) Validation Types