SlideShare une entreprise Scribd logo

PCI: A Valuable Security Framework, Not a Punishment

Télécharger en tant que PPTX, PDF
Tripwire
Tripwire

Most organizations view PCI as a punishment rather than a means of strengthening their security posture. But once these organizations make peace with PCI and embrace it, they create positive value within their organization. PCI not only unlocks security budgets, but provides a framework for security best practices that minimize security risks and costs associated with data breaches. In this webcast moderated by Cindy Valladares, Compliance Solutions Manager at Tripwire, John Kindervag, Senior Analyst at Forrester Research, Inc. discusses: Common misperceptions about PCI Why PCI compliance does not guarantee security The value of using PCI as a security framework How you can begin using PCI as a security framework

Technologie
1  sur  36
PCI: A Valuable Security Framework, Not a Punishment IT Security and Configuration Assessment & Change Auditing Automation Compliance Solutions VISIBILITY INTELLIGENCE AUTOMATION
Today’s Speakers  John Kindervag Senior Analyst Forrester Research  Cindy Valladares PCI Solutions Manager Tripwire IT SECURITY and COMPLIANCE AUTOMATION 2 Don’t Take Chances. TAKE CONTROL.
PCI Unleashed: Embracing PCI As A Next-Generation Security Architecture John Kindervag Senior Analyst Forrester Research
Key Components of PCI 1 PCI is here to stay. 2 PCI incentivizes security. Successful companies will derive value 3 from PCI. 5 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
PCI unleashed 6 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
―PCI feels like something that is being done to me and not something being done with me.‖ — CISO global company 7 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
Executive summary • PCI is imposed on all businesses using credit cards in any way. • It is the result of a long-term and systemic failure in corporate governance. – Willingness to accept poor internal data security practices – Profitability was more important than security. • Corporations assumed that card brands took all the risk. • PCI DSS was created to transfer some risk to merchants. 8 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
PCI misperceptions • How can you be hacked if you are compliant? • PCI is a never-ending process with complex requirements. – It requires day-to-day and hour-to-hour diligence to remain compliant. – The difficulty a company is having becoming PCI- compliant is a direct reflection of its overall approach to information security. • The validation of compliance ≠ security. 9 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
The PCI troika Security Validation Compliance 10 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
Compliance • Compliance is the act of meeting the terms of the PCI DSS. • Compliance assumes self-enforcement. • It is not enforced by the card brands. • Noncompliance is penalized by fines. • Noncompliance is not an option. Compliance 11 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
Validation • Merchants are assumed to be 100% PCI-compliant at all times. • Different levels of merchants may require third-party validation (QSA assessment). • Validation is like your dad checking up on you. • Many companies that appear to be ―PCI-compliant‖ have misrepresented their compliance. • You will hear the term ―compliance validation.‖ Validation 12 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
Security • Security encompasses all elements of protecting your network and data from misuse. • Security should be a given in any organization. • Buzzword time! • Your greatest ―corporate social responsibility‖ is to protect your customer’s data. Security 13 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
Compliance does not equal security • Compliance incentivizes security. • Compliance is a stick and not a carrot. • PCI has succeeded masterfully. – PCI has gotten the attention of the enterprise: •Fines and fees •Brand damage •Lawsuits 14 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
How can companies derive value from their PCI-compliance initiatives? • There are several important ways that PCI provides value to in-scope companies: – PCI creates awareness for data-centric security. – PCI unlocks budgets for security. – PCI defines a set of tactical best practices for network and data security. – PCI is easily molded into an understandable and actionable security, risk, and compliance framework. • Make PCI your security framework. 15 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
The open source of compliance • Used by millions of companies, it: – Has been vetted. – Has established support communities actually. – Has a highly trained workforce. – Is easy to hire expertise around. • Non-PCI companies are looking at PCI as a best practices framework. 16 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
Compliance costs less than compromise • Cost is a variable based on your beginning state of security. • PCI reduces costs. – Prescriptive – Helps avoid costly breaches – Cost-effectively achieve the SOX, etc. • PCI is not a zero-sum game. 17 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
The cost of a breach Source: April 10, 2007, ―Calculating The Cost Of A Security Breach‖ Forrester report 18 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
TJX accrued expenses (10,000) — 2008 19 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
The pièce de résistance • ―Since discovering the computer intrusion, we have taken steps designed to strengthen the security of our computer systems and protocols and have instituted an ongoing program with respect to data security.‖ 20 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
Compliance by cheerleading ―High-level frameworks have little value.‖ — CISO global company 21 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
A PCI framework has value • Your company will need to become compliant with PCI anyway. • Use your efforts to define your future security objectives. • Leverage existing controls. • Expand new PCI-related controls to other areas. • PCI has never claimed to be perfect bulletproof security. • You can’t repeal PCI. 22 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
PCI unleashed framework 23 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
Key Takeaways 1 PCI is actionable. 2 PCI unlocks budgets. PCI incentivizes good security and 3 makes an excellent baseline framework. 24 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
Good security = free compliance 25 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
Increased Security through Constant Compliance COMPLIANCE SECURITY CONTROL Tripwire VIA™ VISIBILITY  INTELLIGENCE  AUTOMATION Cindy Valladares | Solutions Marketing 26
Agenda 27 Don’t Take Chances. TAKE CONTROL.
Problem: Taking Too Long to Find Breaches/Risks Breaches go undiscovered and uncontained for weeks or months in 75 % of cases. 2009 Breach Average time between a breach and the detection of Discovery it: 156 days [5.2 months] Feb. 2010 “…breaches targeting stored data averaged 686 days [of exposure]” 2010 “More than 75,000 computers … hacked” -- The attack began late 2008 and discovered last month Feb. 2010 28 Don’t Take Chances. TAKE CONTROL.
Result: The Time Delay Of Discovery Is Costly! Breach Discovery “Heartland Payment Systems announced today that it will pay “The average cost per breach in Visa-branded credit and debit 2009 was $6.7 million…” card issuers up 2010 $60 million…” Ponemon Institute, Jan. 25, to Bank Info Security, Jan. 8, 2010 29 Don’t Take Chances. TAKE CONTROL.
Need: Close The Time Gap Breach Discovery Discovery Discovery 30 Don’t Take Chances. TAKE CONTROL.
Need: Close The Time Gap Many Compromising Problems Are Difficult To Discover Logging turned off FTP event to foreign IP New user added Login successful FTP enabled 10 failed logins DLL modified by new user 31 Don’t Take Chances. TAKE CONTROL.
Just Detecting Change Is Not Enough… Policy-Based Intelligence Is Required Logging turned off New user added Typical FIM cannot make these types FTP enabled alerts. Change intelligence is required. DLL modified by new user 32 Don’t Take Chances. TAKE CONTROL.
Just Detecting Log Events Is Not Enough… Policy-Based Intelligence Is Required FTP event to foreign IP Login successful 10 failed logins Log management alone cannot alert on these events—SIEM is required. 33 Don’t Take Chances. TAKE CONTROL.
Relating Change Events to Log Events… Best Chance To Discover Compromising Problems Quickly Logging turned off FTP event to foreign IP Events New user added of Login successful Interest FTP enabled 10 failed logins DLL modified by new user 34 Don’t Take Chances. TAKE CONTROL.
Solution: 35 Don’t Take Chances. TAKE CONTROL.
Questions John Kindervag | Forrester Research Cindy Valladares | Tripwire jkindervag@forrester.com cvalladares@tripwire.com www.forrester.com www.tripwire.com Twitter: @cindyv @TripwireInc 36 Don’t Take Chances. TAKE CONTROL.

Recommandé

Security For Free
Security For FreeSecurity For Free
Security For Freegwarden
 
Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3techcouncil
 
Achieving PCI Compliance Long And Short Term Strategies 2009
Achieving PCI Compliance Long And Short Term Strategies 2009Achieving PCI Compliance Long And Short Term Strategies 2009
Achieving PCI Compliance Long And Short Term Strategies 2009Jason Edelstein
 
7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information SecurityCindy Kim
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationSeccuris Inc.
 
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Dr. Ahmed Al Zaidy
 
Business Outsourcing to Asia
Business Outsourcing to AsiaBusiness Outsourcing to Asia
Business Outsourcing to AsiaConferencias FIST
 
Security Feature Cover Story
Security Feature Cover StorySecurity Feature Cover Story
Security Feature Cover StoryTorrid Networks Private Limited
 

Recommandé

Security For Free
Security For FreeSecurity For Free
Security For Freegwarden
 
Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3techcouncil
 
Achieving PCI Compliance Long And Short Term Strategies 2009
Achieving PCI Compliance Long And Short Term Strategies 2009Achieving PCI Compliance Long And Short Term Strategies 2009
Achieving PCI Compliance Long And Short Term Strategies 2009Jason Edelstein
 
7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information SecurityCindy Kim
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationSeccuris Inc.
 
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Dr. Ahmed Al Zaidy
 
Business Outsourcing to Asia
Business Outsourcing to AsiaBusiness Outsourcing to Asia
Business Outsourcing to AsiaConferencias FIST
 
Security Feature Cover Story
Security Feature Cover StorySecurity Feature Cover Story
Security Feature Cover StoryTorrid Networks Private Limited
 
Assocham conf grc sept 13
Assocham conf grc sept 13Assocham conf grc sept 13
Assocham conf grc sept 13subramanian K
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7Dr. Ahmed Al Zaidy
 
IT Risk Management & Compliance
IT Risk Management & ComplianceIT Risk Management & Compliance
IT Risk Management & Compliancerhanna11
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Education & Training Boards
 
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...Cohesive Networks
 
Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Dr. Ahmed Al Zaidy
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber securitynsheel
 
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared CarstensenCyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensenjaredcarst
 
CISO Case Study 2011 V2
CISO Case Study 2011 V2CISO Case Study 2011 V2
CISO Case Study 2011 V2candy_alexander
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategyJason Clark
 
Outlook emerging security_technology_trends
Outlook emerging security_technology_trendsOutlook emerging security_technology_trends
Outlook emerging security_technology_trendswardell henley
 
Business Outsourcing to Asia
Business Outsourcing to AsiaBusiness Outsourcing to Asia
Business Outsourcing to AsiaConferencias FIST
 
Developing Metrics for Information Security Governance
Developing Metrics for Information Security GovernanceDeveloping Metrics for Information Security Governance
Developing Metrics for Information Security Governancedigitallibrary
 
Renewed focus of Business and Practitioners on BCM (in Asia)
Renewed focus of Business and Practitioners on BCM (in Asia)Renewed focus of Business and Practitioners on BCM (in Asia)
Renewed focus of Business and Practitioners on BCM (in Asia)Continuity and Resilience
 
Compliance IT Project Categories
Compliance IT Project CategoriesCompliance IT Project Categories
Compliance IT Project CategoriesMark Ritchie
 
PECB Webinar: Why every company needs a CISO?
PECB Webinar: Why every company needs a CISO?PECB Webinar: Why every company needs a CISO?
PECB Webinar: Why every company needs a CISO?PECB
 
iCode Security Architecture Framework
iCode Security Architecture FrameworkiCode Security Architecture Framework
iCode Security Architecture FrameworkMohamed Ridha CHEBBI, CISSP
 
Organizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC ApproachOrganizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC ApproachPECB
 
The Perils that PCI brings to Security
The Perils that PCI brings to SecurityThe Perils that PCI brings to Security
The Perils that PCI brings to SecurityTripwire
 
QSA Shares PCI 3.0 Advice & Checklist
QSA Shares PCI 3.0 Advice & ChecklistQSA Shares PCI 3.0 Advice & Checklist
QSA Shares PCI 3.0 Advice & ChecklistTripwire
 

Contenu connexe

Tendances

Assocham conf grc sept 13
Assocham conf grc sept 13Assocham conf grc sept 13
Assocham conf grc sept 13subramanian K
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7Dr. Ahmed Al Zaidy
 
IT Risk Management & Compliance
IT Risk Management & ComplianceIT Risk Management & Compliance
IT Risk Management & Compliancerhanna11
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Education & Training Boards
 
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...Cohesive Networks
 
Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Dr. Ahmed Al Zaidy
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber securitynsheel
 
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared CarstensenCyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensenjaredcarst
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategyJason Clark
 
Outlook emerging security_technology_trends
Outlook emerging security_technology_trendsOutlook emerging security_technology_trends
Outlook emerging security_technology_trendswardell henley
 
Business Outsourcing to Asia
Business Outsourcing to AsiaBusiness Outsourcing to Asia
Business Outsourcing to AsiaConferencias FIST
 
Developing Metrics for Information Security Governance
Developing Metrics for Information Security GovernanceDeveloping Metrics for Information Security Governance
Developing Metrics for Information Security Governancedigitallibrary
 
Renewed focus of Business and Practitioners on BCM (in Asia)
Renewed focus of Business and Practitioners on BCM (in Asia)Renewed focus of Business and Practitioners on BCM (in Asia)
Renewed focus of Business and Practitioners on BCM (in Asia)Continuity and Resilience
 
Compliance IT Project Categories
Compliance IT Project CategoriesCompliance IT Project Categories
Compliance IT Project CategoriesMark Ritchie
 
PECB Webinar: Why every company needs a CISO?
PECB Webinar: Why every company needs a CISO?PECB Webinar: Why every company needs a CISO?
PECB Webinar: Why every company needs a CISO?PECB
 
Organizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC ApproachOrganizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC ApproachPECB
 

Tendances (20)

Assocham conf grc sept 13
Assocham conf grc sept 13Assocham conf grc sept 13
Assocham conf grc sept 13
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
 
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8
 
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7
 
IT Risk Management & Compliance
IT Risk Management & ComplianceIT Risk Management & Compliance
IT Risk Management & Compliance
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
 
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
 
Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber security
 
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared CarstensenCyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
 
CISO Case Study 2011 V2
CISO Case Study 2011 V2CISO Case Study 2011 V2
CISO Case Study 2011 V2
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
 
Outlook emerging security_technology_trends
Outlook emerging security_technology_trendsOutlook emerging security_technology_trends
Outlook emerging security_technology_trends
 
Business Outsourcing to Asia
Business Outsourcing to AsiaBusiness Outsourcing to Asia
Business Outsourcing to Asia
 
Developing Metrics for Information Security Governance
Developing Metrics for Information Security GovernanceDeveloping Metrics for Information Security Governance
Developing Metrics for Information Security Governance
 
Renewed focus of Business and Practitioners on BCM (in Asia)
Renewed focus of Business and Practitioners on BCM (in Asia)Renewed focus of Business and Practitioners on BCM (in Asia)
Renewed focus of Business and Practitioners on BCM (in Asia)
 
Compliance IT Project Categories
Compliance IT Project CategoriesCompliance IT Project Categories
Compliance IT Project Categories
 
PECB Webinar: Why every company needs a CISO?
PECB Webinar: Why every company needs a CISO?PECB Webinar: Why every company needs a CISO?
PECB Webinar: Why every company needs a CISO?
 
iCode Security Architecture Framework
iCode Security Architecture FrameworkiCode Security Architecture Framework
iCode Security Architecture Framework
 
Organizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC ApproachOrganizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC Approach
 

En vedette

The Perils that PCI brings to Security
The Perils that PCI brings to SecurityThe Perils that PCI brings to Security
The Perils that PCI brings to SecurityTripwire
 
QSA Shares PCI 3.0 Advice & Checklist
QSA Shares PCI 3.0 Advice & ChecklistQSA Shares PCI 3.0 Advice & Checklist
QSA Shares PCI 3.0 Advice & ChecklistTripwire
 
PCI DSS 3.0: Don’t Shortchange Your PCI Readiness
PCI DSS 3.0: Don’t Shortchange Your PCI ReadinessPCI DSS 3.0: Don’t Shortchange Your PCI Readiness
PCI DSS 3.0: Don’t Shortchange Your PCI ReadinessTripwire
 
PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian HonanPCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian HonanTripwire
 
The State of Risk-Based Security Management
The State of Risk-Based Security ManagementThe State of Risk-Based Security Management
The State of Risk-Based Security ManagementTripwire
 
The RMF: New Emphasis on the Risk Management Framework for Government Organiz...
The RMF: New Emphasis on the Risk Management Framework for Government Organiz...The RMF: New Emphasis on the Risk Management Framework for Government Organiz...
The RMF: New Emphasis on the Risk Management Framework for Government Organiz...Tripwire
 
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...Amazon Web Services
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 ChallengesLeandro Bennaton
 
Automation testing strategy, approach & planning
Automation testing strategy, approach & planningAutomation testing strategy, approach & planning
Automation testing strategy, approach & planningSivaprasanthRentala1975
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security pptLipsita Behera
 

En vedette (10)

The Perils that PCI brings to Security
The Perils that PCI brings to SecurityThe Perils that PCI brings to Security
The Perils that PCI brings to Security
 
QSA Shares PCI 3.0 Advice & Checklist
QSA Shares PCI 3.0 Advice & ChecklistQSA Shares PCI 3.0 Advice & Checklist
QSA Shares PCI 3.0 Advice & Checklist
 
PCI DSS 3.0: Don’t Shortchange Your PCI Readiness
PCI DSS 3.0: Don’t Shortchange Your PCI ReadinessPCI DSS 3.0: Don’t Shortchange Your PCI Readiness
PCI DSS 3.0: Don’t Shortchange Your PCI Readiness
 
PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian HonanPCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
 
The State of Risk-Based Security Management
The State of Risk-Based Security ManagementThe State of Risk-Based Security Management
The State of Risk-Based Security Management
 
The RMF: New Emphasis on the Risk Management Framework for Government Organiz...
The RMF: New Emphasis on the Risk Management Framework for Government Organiz...The RMF: New Emphasis on the Risk Management Framework for Government Organiz...
The RMF: New Emphasis on the Risk Management Framework for Government Organiz...
 
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
 
Automation testing strategy, approach & planning
Automation testing strategy, approach & planningAutomation testing strategy, approach & planning
Automation testing strategy, approach & planning
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 

Similaire à PCI: A Valuable Security Framework, Not a Punishment

Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Erik Ginalick
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...EC-Council
 
IDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech
 
Security in Mergers and Acquisitions - NTT Security - Miriam Levenstein
Security in Mergers and Acquisitions - NTT Security - Miriam LevensteinSecurity in Mergers and Acquisitions - NTT Security - Miriam Levenstein
Security in Mergers and Acquisitions - NTT Security - Miriam LevensteinMiriam L
 
What to Expect in 2016: Top 5 Predictions for Security and Access Control
What to Expect in 2016: Top 5 Predictions for Security and Access ControlWhat to Expect in 2016: Top 5 Predictions for Security and Access Control
What to Expect in 2016: Top 5 Predictions for Security and Access ControlSecureAuth
 
Helicopter Assessments - Improve your Customer Data Security!
Helicopter Assessments - Improve your Customer Data Security!Helicopter Assessments - Improve your Customer Data Security!
Helicopter Assessments - Improve your Customer Data Security!Dahamoo GmbH
 
Securing the Office of Finance in the Cloud -- Separating Fact from Fiction
Securing the Office of Finance in the Cloud -- Separating Fact from FictionSecuring the Office of Finance in the Cloud -- Separating Fact from Fiction
Securing the Office of Finance in the Cloud -- Separating Fact from FictionWorkday
 
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...UBM_Design_Central
 
Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Jason Jolley
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...UBM_Design_Central
 

Similaire à PCI: A Valuable Security Framework, Not a Punishment (20)

PCI Myths
PCI MythsPCI Myths
PCI Myths
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About Compliance
 
Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
 
IDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech - Information security consulting
IDBI Intech - Information security consulting
 
Why physical security just isn’t enough, Sending the heavies into virtualized...
Why physical security just isn’t enough, Sending the heavies into virtualized...Why physical security just isn’t enough, Sending the heavies into virtualized...
Why physical security just isn’t enough, Sending the heavies into virtualized...
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
 
Confidis-Briefing-Web
Confidis-Briefing-WebConfidis-Briefing-Web
Confidis-Briefing-Web
 
Security in Mergers and Acquisitions - NTT Security - Miriam Levenstein
Security in Mergers and Acquisitions - NTT Security - Miriam LevensteinSecurity in Mergers and Acquisitions - NTT Security - Miriam Levenstein
Security in Mergers and Acquisitions - NTT Security - Miriam Levenstein
 
What to Expect in 2016: Top 5 Predictions for Security and Access Control
What to Expect in 2016: Top 5 Predictions for Security and Access ControlWhat to Expect in 2016: Top 5 Predictions for Security and Access Control
What to Expect in 2016: Top 5 Predictions for Security and Access Control
 
Helicopter Assessments - Improve your Customer Data Security!
Helicopter Assessments - Improve your Customer Data Security!Helicopter Assessments - Improve your Customer Data Security!
Helicopter Assessments - Improve your Customer Data Security!
 
Infosec russia cnemeth_v1.2.ppt
Infosec russia cnemeth_v1.2.pptInfosec russia cnemeth_v1.2.ppt
Infosec russia cnemeth_v1.2.ppt
 
Securing the Office of Finance in the Cloud -- Separating Fact from Fiction
Securing the Office of Finance in the Cloud -- Separating Fact from FictionSecuring the Office of Finance in the Cloud -- Separating Fact from Fiction
Securing the Office of Finance in the Cloud -- Separating Fact from Fiction
 
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
 
Security architecture
Security architectureSecurity architecture
Security architecture
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
 
Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!
 
Fortify technology
Fortify technologyFortify technology
Fortify technology
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
 

Plus de Tripwire

Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughMind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughTripwire
 
Data Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyData Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyTripwire
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire
 
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire
 
Tripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire
 
World Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationWorld Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationTripwire
 
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire
 
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportKey Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportTripwire
 
The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!Tripwire
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationTripwire
 
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...Tripwire
 
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire
 
A Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsA Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsTripwire
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTripwire
 
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkTripwire
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksTripwire
 

Plus de Tripwire (20)

Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughMind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't Enough
 
Data Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyData Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data Privacy
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The Experts
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale Peterson
 
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
 
Tripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase Cole
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller
 
World Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationWorld Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest Celebration
 
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key Findings
 
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportKey Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
 
The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
 
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
 
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key Findings
 
A Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsA Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber Moments
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
 
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK Framework
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber Attacks
 

Dernier

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 

Dernier (20)

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 

PCI: A Valuable Security Framework, Not a Punishment

  • 1. PCI: A Valuable Security Framework, Not a Punishment IT Security and Configuration Assessment & Change Auditing Automation Compliance Solutions VISIBILITY INTELLIGENCE AUTOMATION
  • 2. Today’s Speakers  John Kindervag Senior Analyst Forrester Research  Cindy Valladares PCI Solutions Manager Tripwire IT SECURITY and COMPLIANCE AUTOMATION 2 Don’t Take Chances. TAKE CONTROL.
  • 3.
  • 4. PCI Unleashed: Embracing PCI As A Next-Generation Security Architecture John Kindervag Senior Analyst Forrester Research
  • 5. Key Components of PCI 1 PCI is here to stay. 2 PCI incentivizes security. Successful companies will derive value 3 from PCI. 5 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
  • 6. PCI unleashed 6 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
  • 7. ―PCI feels like something that is being done to me and not something being done with me.‖ — CISO global company 7 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
  • 8. Executive summary • PCI is imposed on all businesses using credit cards in any way. • It is the result of a long-term and systemic failure in corporate governance. – Willingness to accept poor internal data security practices – Profitability was more important than security. • Corporations assumed that card brands took all the risk. • PCI DSS was created to transfer some risk to merchants. 8 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
  • 9. PCI misperceptions • How can you be hacked if you are compliant? • PCI is a never-ending process with complex requirements. – It requires day-to-day and hour-to-hour diligence to remain compliant. – The difficulty a company is having becoming PCI- compliant is a direct reflection of its overall approach to information security. • The validation of compliance ≠ security. 9 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
  • 10. The PCI troika Security Validation Compliance 10 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
  • 11. Compliance • Compliance is the act of meeting the terms of the PCI DSS. • Compliance assumes self-enforcement. • It is not enforced by the card brands. • Noncompliance is penalized by fines. • Noncompliance is not an option. Compliance 11 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
  • 12. Validation • Merchants are assumed to be 100% PCI-compliant at all times. • Different levels of merchants may require third-party validation (QSA assessment). • Validation is like your dad checking up on you. • Many companies that appear to be ―PCI-compliant‖ have misrepresented their compliance. • You will hear the term ―compliance validation.‖ Validation 12 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
  • 13. Security • Security encompasses all elements of protecting your network and data from misuse. • Security should be a given in any organization. • Buzzword time! • Your greatest ―corporate social responsibility‖ is to protect your customer’s data. Security 13 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
  • 14. Compliance does not equal security • Compliance incentivizes security. • Compliance is a stick and not a carrot. • PCI has succeeded masterfully. – PCI has gotten the attention of the enterprise: •Fines and fees •Brand damage •Lawsuits 14 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
  • 15. How can companies derive value from their PCI-compliance initiatives? • There are several important ways that PCI provides value to in-scope companies: – PCI creates awareness for data-centric security. – PCI unlocks budgets for security. – PCI defines a set of tactical best practices for network and data security. – PCI is easily molded into an understandable and actionable security, risk, and compliance framework. • Make PCI your security framework. 15 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
  • 16. The open source of compliance • Used by millions of companies, it: – Has been vetted. – Has established support communities actually. – Has a highly trained workforce. – Is easy to hire expertise around. • Non-PCI companies are looking at PCI as a best practices framework. 16 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
  • 17. Compliance costs less than compromise • Cost is a variable based on your beginning state of security. • PCI reduces costs. – Prescriptive – Helps avoid costly breaches – Cost-effectively achieve the SOX, etc. • PCI is not a zero-sum game. 17 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
  • 18. The cost of a breach Source: April 10, 2007, ―Calculating The Cost Of A Security Breach‖ Forrester report 18 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
  • 19. TJX accrued expenses (10,000) — 2008 19 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
  • 20. The pièce de résistance • ―Since discovering the computer intrusion, we have taken steps designed to strengthen the security of our computer systems and protocols and have instituted an ongoing program with respect to data security.‖ 20 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
  • 21. Compliance by cheerleading ―High-level frameworks have little value.‖ — CISO global company 21 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
  • 22. A PCI framework has value • Your company will need to become compliant with PCI anyway. • Use your efforts to define your future security objectives. • Leverage existing controls. • Expand new PCI-related controls to other areas. • PCI has never claimed to be perfect bulletproof security. • You can’t repeal PCI. 22 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
  • 23. PCI unleashed framework 23 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
  • 24. Key Takeaways 1 PCI is actionable. 2 PCI unlocks budgets. PCI incentivizes good security and 3 makes an excellent baseline framework. 24 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
  • 25. Good security = free compliance 25 Entire contents © 2009 Forrester Research, Inc. All rights reserved.
  • 26. Increased Security through Constant Compliance COMPLIANCE SECURITY CONTROL Tripwire VIA™ VISIBILITY  INTELLIGENCE  AUTOMATION Cindy Valladares | Solutions Marketing 26
  • 27. Agenda 27 Don’t Take Chances. TAKE CONTROL.
  • 28. Problem: Taking Too Long to Find Breaches/Risks Breaches go undiscovered and uncontained for weeks or months in 75 % of cases. 2009 Breach Average time between a breach and the detection of Discovery it: 156 days [5.2 months] Feb. 2010 “…breaches targeting stored data averaged 686 days [of exposure]” 2010 “More than 75,000 computers … hacked” -- The attack began late 2008 and discovered last month Feb. 2010 28 Don’t Take Chances. TAKE CONTROL.
  • 29. Result: The Time Delay Of Discovery Is Costly! Breach Discovery “Heartland Payment Systems announced today that it will pay “The average cost per breach in Visa-branded credit and debit 2009 was $6.7 million…” card issuers up 2010 $60 million…” Ponemon Institute, Jan. 25, to Bank Info Security, Jan. 8, 2010 29 Don’t Take Chances. TAKE CONTROL.
  • 30. Need: Close The Time Gap Breach Discovery Discovery Discovery 30 Don’t Take Chances. TAKE CONTROL.
  • 31. Need: Close The Time Gap Many Compromising Problems Are Difficult To Discover Logging turned off FTP event to foreign IP New user added Login successful FTP enabled 10 failed logins DLL modified by new user 31 Don’t Take Chances. TAKE CONTROL.
  • 32. Just Detecting Change Is Not Enough… Policy-Based Intelligence Is Required Logging turned off New user added Typical FIM cannot make these types FTP enabled alerts. Change intelligence is required. DLL modified by new user 32 Don’t Take Chances. TAKE CONTROL.
  • 33. Just Detecting Log Events Is Not Enough… Policy-Based Intelligence Is Required FTP event to foreign IP Login successful 10 failed logins Log management alone cannot alert on these events—SIEM is required. 33 Don’t Take Chances. TAKE CONTROL.
  • 34. Relating Change Events to Log Events… Best Chance To Discover Compromising Problems Quickly Logging turned off FTP event to foreign IP Events New user added of Login successful Interest FTP enabled 10 failed logins DLL modified by new user 34 Don’t Take Chances. TAKE CONTROL.
  • 35. Solution: 35 Don’t Take Chances. TAKE CONTROL.
  • 36. Questions John Kindervag | Forrester Research Cindy Valladares | Tripwire jkindervag@forrester.com cvalladares@tripwire.com www.forrester.com www.tripwire.com Twitter: @cindyv @TripwireInc 36 Don’t Take Chances. TAKE CONTROL.

Notes de l'éditeur

  1. Many organizations have file integrity monitoring, log management and even event management solutions in place.But the average time it takes these same organizations to discover that a breach has occurred is months.During that time their critical data and infrastructure is at risk of compromise—if it has not already been compromised.There is an industry-wide problem: The time it takes to discover breaches is far too long and it needs to be shortened.
  2. The cost of this time delay is enormous.These organizations not only suffer monetarily, their “mojo” is also badly damaged.They loose shareholder trust and value.Their name remains in the press and presentation like this for a very long time.
  3. Automated help is needed to enable these organizations to more quickly know their data is at risk due to a breach activity.They need to close the breach to discover time gap.
  4. Tripwire VIA delivers intelligent threat control by providing…Visibility across your infrastructure to know what is happening at all times.Intelligence to know which changes or events are suspect and may put your infrastructure and data at risk of compromise.Automation to help you to categorize high risk changes and events, remediate certain conditions, and automate compliance requirements such as reporting.