SlideShare une entreprise Scribd logo

PruebaJLF.pptx

Télécharger en tant que PPTX, PDF
J
JoseLuna802663

Prueba de powerpoint

Business
1  sur  21
1 04.08.21 PCI Program Office
2 04.08.21 PCI DSS Security Awareness Program
3 Objectives PCI Overview PCI Security Standards Council Structure of the PCI DSS PCI DSS v3.2.1 High Level Overview PCI DSS Card Holder Data PCI Standard & State Laws How PCI DSS Compliance is applied PCI DSS & Merchant Levels PCI Transaction Cash Flow Requirements for Service Providers PCI Industry Groups & Issues PCI Overview PCI DSS Compliance PCI Scope & Resources Agenda
PCI Overview 01 4 04.08.21
OBJECTIVES After you complete this course, you should be able to: Understand the key PCI DSS goals and be aware that PCI has been incorporated in State Law Be familiar with types of entities/merchants that PCI DSS compliance applies to Gain knowledge of current issues and resources for PCI 5 04.08.21  Be familiar with PCI and the Data Security Standards  Be aware of the PCI Security Standards Council  Understand the meaning of Cardholder Data  Be aware of the various merchant levels
PCI OVERVIEW What is PCI? There are three standards related to credit card security: Payment Card Industry Data Security Standard (PCI DSS) Payment Application Data Security Standard, or PA-DSS PCI PIN Transaction Security (PCI PTS) 6  PCI = Payment Card Industry  PCI Security Standards Council - Visa, Mastercard, American Express, Discover, JCB International
PCI SECURITY STANDARDS COUNCIL 7 PCI Security Standards Council was launched in 2006. PCI SSC founding payment brands are: American Express, Discover Financial, JCB International, MasterCard, Visa, Inc. The PCI SSC is responsible for the development, management, education, and awareness of the PCI Security Standards (PCI DSS).
8 TECHNICAL SOLUTIONS & SETTINGS POLICIES AND PROCEDURES TRAINING PCI-DSS contains 12 high-level requirements including 260 controls categorized into 3 areas: Section title STRUCTURE OF THE PCI DSS
PCI DSS Compliance 02 9
PCI DATA SECURITY STANDARD – HIGH LEVEL OVERVIEW 10
PCI CARD HOLDER DATA 11
PCI DSS applies globally to all merchants and service providers that store, process, use, or transmit cardholder data. Below are some types of entities that PCI DSS compliance applies to: PCI Compliance Applications • Retail - online sites, brick & mortar, mail/phone order • Hospitality - restaurants, hotels • Transportation - airlines, car rentals, taxi, limo • Utilities - gas, electric, water. • Service Providers – Cloud Security providers, data hosting providers, managed services etc. • Telecommunications - cable, wireless services, phone • Healthcare/Education - hospitals, doctors, dentists, colleges • Financial Services - banks, insurance, credit card processors. 12
PCI DSS is not a governmental regulation, its an Industry Standard and is relevant wherever credit cards are accepted. PCI DSS is validated either through a self- assessment questionnaire (SAQ) or through an annual on- site audit performed by a Qualified Security Assessor (QSA) How to validate depends upon the number of transactions your organization processes per year [refer to Merchant levels slide] Some states have incorporated some PCI DSS requirements into privacy and data breach laws Compliance with PCI DSS is not required by federal law in the United States. However, the laws of some U.S. states either refer to PCI DSS directly or make equivalent provisions. PAYMENT CARD INDUSTRY DATA SECURITY STANDARD 13
PCI Scope & Resources 03 14
MERCHANT LEVELS AT PCI DSS PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accept, transmit or store any cardholder data. Visa - Merchant Level - Descriptions Any merchant — regardless of acceptance channel — processing over 6M Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system. Any merchant processing fewer than 20,000 Visa e- commerce transactions per year, and all other merchants — regardless of acceptance channel — processing up to 1M Visa transactions per year. Any merchant — regardless of acceptance channel — processing 1M to 6M Visa transactions per year. Any merchant processing 20,000 to 1M Visa e- commerce transactions per year. Level 1 Level 2 Level 4 Level 3 15
PCI – TRANSACTION CASH FLOW 16
PCI DSS REQUIREMENTS FOR SERVICE PROVIDERS 17 Some of the key PCI DSS requirements relative to Service Providers:  Service providers with remote access to customer premises (for example, for support of POS systems or servers) must use a unique authentication credential (such as a password/phrase) for each customer. (PCI 8.5.1)  Implement a process for the timely detection and reporting of failures of critical security control systems, including but not limited to failure of: Firewalls, IPS/IDS, FIM, Anti-virus, Physical Access Controls, Logical Access Controls, Audit Logging Mechanisms, Segmentation Controls (if used). (PCI 10.8)  If segmentation is used, confirm PCI DSS scope by performing penetration testing on segmentation controls at least every six months and after any changes to segmentation controls/methods. (PCI 11.3.4.1)  Maintain a written agreement that includes an acknowledgement that the service providers are responsible for the security of cardholder data the service providers possess or otherwise store, process or transmit on behalf of the customer, or to the extent that they could impact the security of the customer’s cardholder data environment. (PCI 12.8.2)  Service providers acknowledge in writing to customers that they are responsible for the security of cardholder data the service provider possesses or otherwise stores, processes, or transmits on behalf of the customer, or to the extent that they could impact the security of the customer’s cardholder data environment. (PCI 12.9)  Perform reviews at least quarterly to confirm personnel are following security policies and operational procedures. Reviews must cover the following processes: Daily log reviews, Firewall rule-set reviews, Applying configuration standards to new systems, Responding to security alerts, and Change management processes (PCI 12.11)
PCI SCOPE 18 • The PCI DSS defines scope as “the PCI DSS security requirements apply to all system components included in or connected to the cardholder data environment.” • A cardholder data environment (CDE) is comprised of people, processes, and technologies that store, process, or transmit cardholder data or sensitive authentication data. • Here’s a list of areas that are very likely in scope in any environment where credit card data is present: • Networking devices: switches, routers • Firewalls • Servers • Data Center – Physical Security • Portable Media – tapes, USB devices • Point-of-sale (POS) devices • Wireless devices – access points • Applications/databases (that handle credit card data)
RESOURCES Official PCI Security Standards Website www.PCISecurityStandards.org PCI DSS 3.2.1 Link https://www.pcisecuritystandards.org/document_libr ary?category=pcidss&document=pci_dss PCI INDUSTRY GROUPS/FORUMS PCI Knowledge Base https://www.pcisecuritystandards.org/faq/ INDUSTRY GROUPS & RESOURCES 19
Thank you 20
21 Kyndryl is currently a wholly-owned subsidiary of International Business Machines Corporation with the intent that Kyndryl will be spun-out.

Recommandé

Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperShaun O'keeffe
 
PCI DSS
PCI DSSPCI DSS
PCI DSSDuy Do Phan
 
PCI-DSS for IDRBT
PCI-DSS for IDRBTPCI-DSS for IDRBT
PCI-DSS for IDRBTShanmugavel Sankaran
 
Educause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxEducause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxgealehegn
 
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantMelanie Beam
 
eCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Merchants
 
PCI DSS Compliance Readiness
PCI DSS Compliance ReadinessPCI DSS Compliance Readiness
PCI DSS Compliance ReadinessAl Abbas, PMP, CISSP, MBA, MSc
 
Pci ssc quick reference guide
Pci ssc quick reference guidePci ssc quick reference guide
Pci ssc quick reference guideMohammad Makchudul Alam (Arif)
 

Recommandé

Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperShaun O'keeffe
 
PCI DSS
PCI DSSPCI DSS
PCI DSSDuy Do Phan
 
PCI-DSS for IDRBT
PCI-DSS for IDRBTPCI-DSS for IDRBT
PCI-DSS for IDRBTShanmugavel Sankaran
 
Educause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxEducause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxgealehegn
 
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantMelanie Beam
 
eCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Merchants
 
PCI DSS Compliance Readiness
PCI DSS Compliance ReadinessPCI DSS Compliance Readiness
PCI DSS Compliance ReadinessAl Abbas, PMP, CISSP, MBA, MSc
 
Pci ssc quick reference guide
Pci ssc quick reference guidePci ssc quick reference guide
Pci ssc quick reference guideMohammad Makchudul Alam (Arif)
 
SFISSA - PCI DSS 3.0 - A QSA Perspective
SFISSA - PCI DSS 3.0 - A QSA PerspectiveSFISSA - PCI DSS 3.0 - A QSA Perspective
SFISSA - PCI DSS 3.0 - A QSA PerspectiveMark Akins
 
Quick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security StandardQuick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security Standard- Mark - Fullbright
 
PCI-DSS_Overview
PCI-DSS_OverviewPCI-DSS_Overview
PCI-DSS_Overviewsameh Abulfotooh
 
Pcidss qr gv3_1
Pcidss qr gv3_1Pcidss qr gv3_1
Pcidss qr gv3_1leon bonilla
 
PCI DSS Data Security Compliance Program Overview
PCI DSS Data Security Compliance Program OverviewPCI DSS Data Security Compliance Program Overview
PCI DSS Data Security Compliance Program Overview- Mark - Fullbright
 
PCI_Presentation_OASIS
PCI_Presentation_OASISPCI_Presentation_OASIS
PCI_Presentation_OASISDermot Clarke
 
Pci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewPci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewisc2-hellenic
 
Evolution Pci For Pod1
Evolution Pci For Pod1Evolution Pci For Pod1
Evolution Pci For Pod1Amanda Squires@Pod1
 
Payment System Risk. Visa
Payment System Risk. VisaPayment System Risk. Visa
Payment System Risk. VisaInternet Security Auditors
 
Visa Compliance Mark National Certification
Visa Compliance Mark National CertificationVisa Compliance Mark National Certification
Visa Compliance Mark National CertificationMark Pollard
 
Data Center Audit Standards
Data Center Audit StandardsData Center Audit Standards
Data Center Audit StandardsKeyur Thakore
 
Payment card industry data security standard
Payment card industry data security standardPayment card industry data security standard
Payment card industry data security standardsallychiu
 
Risk Factory: PCI - The Essentials
Risk Factory: PCI - The EssentialsRisk Factory: PCI - The Essentials
Risk Factory: PCI - The EssentialsRisk Crew
 
pci-comp pci requirements and controls.ppt
pci-comp pci requirements and controls.pptpci-comp pci requirements and controls.ppt
pci-comp pci requirements and controls.pptgealehegn
 
PCI DSS Certification
PCI DSS CertificationPCI DSS Certification
PCI DSS Certificationhodonoghue
 
PCI DSS for Penetration Testing
PCI DSS for Penetration TestingPCI DSS for Penetration Testing
PCI DSS for Penetration TestingNetwork Intelligence India
 
Presentation Pci-dss compliance on the cloud
Presentation Pci-dss compliance on the cloudPresentation Pci-dss compliance on the cloud
Presentation Pci-dss compliance on the cloudHassan EL ALLOUSSI
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation servicesTariq Juneja
 
Tripwire pci basics_wp
Tripwire pci basics_wpTripwire pci basics_wp
Tripwire pci basics_wpEdward Lam
 
PCI DSSand PA DSS
PCI DSSand PA DSSPCI DSSand PA DSS
PCI DSSand PA DSSKimberly Simon MBA
 
Healthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterHealthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterJamesConcepcion7
 
14680-51-4.pdf Good quality CAS Good quality CAS
14680-51-4.pdf Good quality CAS Good quality CAS14680-51-4.pdf Good quality CAS Good quality CAS
14680-51-4.pdf Good quality CAS Good quality CAScathy664059
 

Contenu connexe

Similaire à PruebaJLF.pptx

SFISSA - PCI DSS 3.0 - A QSA Perspective
SFISSA - PCI DSS 3.0 - A QSA PerspectiveSFISSA - PCI DSS 3.0 - A QSA Perspective
SFISSA - PCI DSS 3.0 - A QSA PerspectiveMark Akins
 
Quick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security StandardQuick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security Standard- Mark - Fullbright
 
PCI DSS Data Security Compliance Program Overview
PCI DSS Data Security Compliance Program OverviewPCI DSS Data Security Compliance Program Overview
PCI DSS Data Security Compliance Program Overview- Mark - Fullbright
 
PCI_Presentation_OASIS
PCI_Presentation_OASISPCI_Presentation_OASIS
PCI_Presentation_OASISDermot Clarke
 
Pci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewPci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewisc2-hellenic
 
Visa Compliance Mark National Certification
Visa Compliance Mark National CertificationVisa Compliance Mark National Certification
Visa Compliance Mark National CertificationMark Pollard
 
Data Center Audit Standards
Data Center Audit StandardsData Center Audit Standards
Data Center Audit StandardsKeyur Thakore
 
Payment card industry data security standard
Payment card industry data security standardPayment card industry data security standard
Payment card industry data security standardsallychiu
 
Risk Factory: PCI - The Essentials
Risk Factory: PCI - The EssentialsRisk Factory: PCI - The Essentials
Risk Factory: PCI - The EssentialsRisk Crew
 
pci-comp pci requirements and controls.ppt
pci-comp pci requirements and controls.pptpci-comp pci requirements and controls.ppt
pci-comp pci requirements and controls.pptgealehegn
 
PCI DSS Certification
PCI DSS CertificationPCI DSS Certification
PCI DSS Certificationhodonoghue
 
Presentation Pci-dss compliance on the cloud
Presentation Pci-dss compliance on the cloudPresentation Pci-dss compliance on the cloud
Presentation Pci-dss compliance on the cloudHassan EL ALLOUSSI
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation servicesTariq Juneja
 
Tripwire pci basics_wp
Tripwire pci basics_wpTripwire pci basics_wp
Tripwire pci basics_wpEdward Lam
 

Similaire à PruebaJLF.pptx (20)

SFISSA - PCI DSS 3.0 - A QSA Perspective
SFISSA - PCI DSS 3.0 - A QSA PerspectiveSFISSA - PCI DSS 3.0 - A QSA Perspective
SFISSA - PCI DSS 3.0 - A QSA Perspective
 
Quick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security StandardQuick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security Standard
 
PCI-DSS_Overview
PCI-DSS_OverviewPCI-DSS_Overview
PCI-DSS_Overview
 
Pcidss qr gv3_1
Pcidss qr gv3_1Pcidss qr gv3_1
Pcidss qr gv3_1
 
PCI DSS Data Security Compliance Program Overview
PCI DSS Data Security Compliance Program OverviewPCI DSS Data Security Compliance Program Overview
PCI DSS Data Security Compliance Program Overview
 
PCI_Presentation_OASIS
PCI_Presentation_OASISPCI_Presentation_OASIS
PCI_Presentation_OASIS
 
Pci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewPci standards, from participation to implementation and review
Pci standards, from participation to implementation and review
 
Evolution Pci For Pod1
Evolution Pci For Pod1Evolution Pci For Pod1
Evolution Pci For Pod1
 
Payment System Risk. Visa
Payment System Risk. VisaPayment System Risk. Visa
Payment System Risk. Visa
 
Visa Compliance Mark National Certification
Visa Compliance Mark National CertificationVisa Compliance Mark National Certification
Visa Compliance Mark National Certification
 
Data Center Audit Standards
Data Center Audit StandardsData Center Audit Standards
Data Center Audit Standards
 
Payment card industry data security standard
Payment card industry data security standardPayment card industry data security standard
Payment card industry data security standard
 
Risk Factory: PCI - The Essentials
Risk Factory: PCI - The EssentialsRisk Factory: PCI - The Essentials
Risk Factory: PCI - The Essentials
 
pci-comp pci requirements and controls.ppt
pci-comp pci requirements and controls.pptpci-comp pci requirements and controls.ppt
pci-comp pci requirements and controls.ppt
 
PCI DSS Certification
PCI DSS CertificationPCI DSS Certification
PCI DSS Certification
 
PCI DSS for Penetration Testing
PCI DSS for Penetration TestingPCI DSS for Penetration Testing
PCI DSS for Penetration Testing
 
Presentation Pci-dss compliance on the cloud
Presentation Pci-dss compliance on the cloudPresentation Pci-dss compliance on the cloud
Presentation Pci-dss compliance on the cloud
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation services
 
Tripwire pci basics_wp
Tripwire pci basics_wpTripwire pci basics_wp
Tripwire pci basics_wp
 
PCI DSSand PA DSS
PCI DSSand PA DSSPCI DSSand PA DSS
PCI DSSand PA DSS
 

Dernier

Healthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterHealthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterJamesConcepcion7
 
14680-51-4.pdf Good quality CAS Good quality CAS
14680-51-4.pdf Good quality CAS Good quality CAS14680-51-4.pdf Good quality CAS Good quality CAS
14680-51-4.pdf Good quality CAS Good quality CAScathy664059
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdfShaun Heinrichs
 
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...Operational Excellence Consulting
 
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfGUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfDanny Diep To
 
Unveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic ExperiencesUnveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic ExperiencesDoe Paoro
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Peter Ward
 
Onemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring CapabilitiesOnemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring CapabilitiesOne Monitar
 
WSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdfWSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdfJamesConcepcion7
 
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...ssuserf63bd7
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFChandresh Chudasama
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMVoces Mineras
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 
NAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors DataNAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environmentelijahj01012
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxRakhi Bazaar
 
EUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exportersEUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exportersPeter Horsten
 
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...ssuserf63bd7
 
Interoperability and ecosystems: Assembling the industrial metaverse
Interoperability and ecosystems: Assembling the industrial metaverseInteroperability and ecosystems: Assembling the industrial metaverse
Interoperability and ecosystems: Assembling the industrial metaverseSiemens
 

Dernier (20)

Healthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterHealthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare Newsletter
 
14680-51-4.pdf Good quality CAS Good quality CAS
14680-51-4.pdf Good quality CAS Good quality CAS14680-51-4.pdf Good quality CAS Good quality CAS
14680-51-4.pdf Good quality CAS Good quality CAS
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf
 
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
 
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfGUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
 
Unveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic ExperiencesUnveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic Experiences
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...
 
Onemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring CapabilitiesOnemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
 
WSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdfWSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdf
 
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDF
 
WAM Corporate Presentation April 12 2024.pdf
WAM Corporate Presentation April 12 2024.pdfWAM Corporate Presentation April 12 2024.pdf
WAM Corporate Presentation April 12 2024.pdf
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQM
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.
 
NAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors DataNAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors Data
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environment
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
 
EUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exportersEUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exporters
 
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
 
Interoperability and ecosystems: Assembling the industrial metaverse
Interoperability and ecosystems: Assembling the industrial metaverseInteroperability and ecosystems: Assembling the industrial metaverse
Interoperability and ecosystems: Assembling the industrial metaverse
 

PruebaJLF.pptx

  • 3. 3 Objectives PCI Overview PCI Security Standards Council Structure of the PCI DSS PCI DSS v3.2.1 High Level Overview PCI DSS Card Holder Data PCI Standard & State Laws How PCI DSS Compliance is applied PCI DSS & Merchant Levels PCI Transaction Cash Flow Requirements for Service Providers PCI Industry Groups & Issues PCI Overview PCI DSS Compliance PCI Scope & Resources Agenda
  • 5. OBJECTIVES After you complete this course, you should be able to: Understand the key PCI DSS goals and be aware that PCI has been incorporated in State Law Be familiar with types of entities/merchants that PCI DSS compliance applies to Gain knowledge of current issues and resources for PCI 5 04.08.21  Be familiar with PCI and the Data Security Standards  Be aware of the PCI Security Standards Council  Understand the meaning of Cardholder Data  Be aware of the various merchant levels
  • 6. PCI OVERVIEW What is PCI? There are three standards related to credit card security: Payment Card Industry Data Security Standard (PCI DSS) Payment Application Data Security Standard, or PA-DSS PCI PIN Transaction Security (PCI PTS) 6  PCI = Payment Card Industry  PCI Security Standards Council - Visa, Mastercard, American Express, Discover, JCB International
  • 7. PCI SECURITY STANDARDS COUNCIL 7 PCI Security Standards Council was launched in 2006. PCI SSC founding payment brands are: American Express, Discover Financial, JCB International, MasterCard, Visa, Inc. The PCI SSC is responsible for the development, management, education, and awareness of the PCI Security Standards (PCI DSS).
  • 8. 8 TECHNICAL SOLUTIONS & SETTINGS POLICIES AND PROCEDURES TRAINING PCI-DSS contains 12 high-level requirements including 260 controls categorized into 3 areas: Section title STRUCTURE OF THE PCI DSS
  • 10. PCI DATA SECURITY STANDARD – HIGH LEVEL OVERVIEW 10
  • 11. PCI CARD HOLDER DATA 11
  • 12. PCI DSS applies globally to all merchants and service providers that store, process, use, or transmit cardholder data. Below are some types of entities that PCI DSS compliance applies to: PCI Compliance Applications • Retail - online sites, brick & mortar, mail/phone order • Hospitality - restaurants, hotels • Transportation - airlines, car rentals, taxi, limo • Utilities - gas, electric, water. • Service Providers – Cloud Security providers, data hosting providers, managed services etc. • Telecommunications - cable, wireless services, phone • Healthcare/Education - hospitals, doctors, dentists, colleges • Financial Services - banks, insurance, credit card processors. 12
  • 13. PCI DSS is not a governmental regulation, its an Industry Standard and is relevant wherever credit cards are accepted. PCI DSS is validated either through a self- assessment questionnaire (SAQ) or through an annual on- site audit performed by a Qualified Security Assessor (QSA) How to validate depends upon the number of transactions your organization processes per year [refer to Merchant levels slide] Some states have incorporated some PCI DSS requirements into privacy and data breach laws Compliance with PCI DSS is not required by federal law in the United States. However, the laws of some U.S. states either refer to PCI DSS directly or make equivalent provisions. PAYMENT CARD INDUSTRY DATA SECURITY STANDARD 13
  • 15. MERCHANT LEVELS AT PCI DSS PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accept, transmit or store any cardholder data. Visa - Merchant Level - Descriptions Any merchant — regardless of acceptance channel — processing over 6M Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system. Any merchant processing fewer than 20,000 Visa e- commerce transactions per year, and all other merchants — regardless of acceptance channel — processing up to 1M Visa transactions per year. Any merchant — regardless of acceptance channel — processing 1M to 6M Visa transactions per year. Any merchant processing 20,000 to 1M Visa e- commerce transactions per year. Level 1 Level 2 Level 4 Level 3 15
  • 16. PCI – TRANSACTION CASH FLOW 16
  • 17. PCI DSS REQUIREMENTS FOR SERVICE PROVIDERS 17 Some of the key PCI DSS requirements relative to Service Providers:  Service providers with remote access to customer premises (for example, for support of POS systems or servers) must use a unique authentication credential (such as a password/phrase) for each customer. (PCI 8.5.1)  Implement a process for the timely detection and reporting of failures of critical security control systems, including but not limited to failure of: Firewalls, IPS/IDS, FIM, Anti-virus, Physical Access Controls, Logical Access Controls, Audit Logging Mechanisms, Segmentation Controls (if used). (PCI 10.8)  If segmentation is used, confirm PCI DSS scope by performing penetration testing on segmentation controls at least every six months and after any changes to segmentation controls/methods. (PCI 11.3.4.1)  Maintain a written agreement that includes an acknowledgement that the service providers are responsible for the security of cardholder data the service providers possess or otherwise store, process or transmit on behalf of the customer, or to the extent that they could impact the security of the customer’s cardholder data environment. (PCI 12.8.2)  Service providers acknowledge in writing to customers that they are responsible for the security of cardholder data the service provider possesses or otherwise stores, processes, or transmits on behalf of the customer, or to the extent that they could impact the security of the customer’s cardholder data environment. (PCI 12.9)  Perform reviews at least quarterly to confirm personnel are following security policies and operational procedures. Reviews must cover the following processes: Daily log reviews, Firewall rule-set reviews, Applying configuration standards to new systems, Responding to security alerts, and Change management processes (PCI 12.11)
  • 18. PCI SCOPE 18 • The PCI DSS defines scope as “the PCI DSS security requirements apply to all system components included in or connected to the cardholder data environment.” • A cardholder data environment (CDE) is comprised of people, processes, and technologies that store, process, or transmit cardholder data or sensitive authentication data. • Here’s a list of areas that are very likely in scope in any environment where credit card data is present: • Networking devices: switches, routers • Firewalls • Servers • Data Center – Physical Security • Portable Media – tapes, USB devices • Point-of-sale (POS) devices • Wireless devices – access points • Applications/databases (that handle credit card data)
  • 19. RESOURCES Official PCI Security Standards Website www.PCISecurityStandards.org PCI DSS 3.2.1 Link https://www.pcisecuritystandards.org/document_libr ary?category=pcidss&document=pci_dss PCI INDUSTRY GROUPS/FORUMS PCI Knowledge Base https://www.pcisecuritystandards.org/faq/ INDUSTRY GROUPS & RESOURCES 19
  • 21. 21 Kyndryl is currently a wholly-owned subsidiary of International Business Machines Corporation with the intent that Kyndryl will be spun-out.