PCI Change Detection: Thinking Beyond the Checkbox

•Télécharger en tant que PPTX, PDF•

2 j'aime•12,213 vues

Passing PCI compliance can be a painful experience. According to Verizon’s 2015 PCI report, only 9% of breached organizations were compliant with Requirement 11—a fundamental requirement which ensures that an organization is prepared for a range of attack types. Does your organization have the change detection requirement under control? Tim Erlin, Director of Security and Risk Strategist for Tripwire, and Glenn Rogers, Acting CIO for the Girl Scouts of Northern California, provide a practical discussion on: • How GSNorCal saved time and money by changing their PCI approach • The three most common change detection audit mistakes and how to correct them • A sneak peek at the impact of PCi v3.2 released this year

Technologie

Glenn Rogers
CIO
Girl Scouts of
Northern California
Tim Erlin
Dir. IT Risk and
Security Strategist
Tripwire

1: Build and
Maintain a
Secure Network
2: Protect
Cardholder Data
3: Maintain a
Vulnerability
Management
Program
4: Implement
Strong Access
Control Measures
5: Regularly
Monitor and Test
Networks
6: Maintain an
Information
Security Policy
Requirement 1:
Install and maintain
a firewall
configuration to
Protect Cardholder
Data
Requirement 3:
Protect stored
cardholder data
Requirement 5:
Protect all systems
against malware and
regularly update anti-
virus software or
programs
Requirement 7:
Restrict access to
cardholder data by
business need to
know
Requirement 10:
Track and monitor
all access to
network resources
and cardholder
data
Requirement 12:
Maintain a policy that
addresses information
security for all
personnel
Requirement 2:
Do not use vendor-
supplied defaults for
system passwords
and other security
parameters
Requirement 4:
Encrypt transmission
of cardholder data
across open, public
networks
Requirement 6:
Develop and maintain
secure systems and
applications
Requirement 8:
Identify and
authenticate access
to system
components
Requirement 11:
Regularly test
security systems
and processes
Requirement 9:
Restrict physical
access to cardholder
data
Validates
Provides
Supports

Continuous Monitoring
Risk Reduction
Threat Detection and Response
Operational Cost Reduction
INTEGRATION
AUTOM
ATION
CONTEXT

PCI Change Detection: Thinking Beyond the Checkbox

Contenu connexe

Tendances

SecurityDr. Vardhan choubey

Pervasive Security Across Your Extended NetworkCisco Security

Security Readiness Profilepds2k.com

Security EssentialsAshley Deuble

Cyber essentials-overview-sep-2021-211019100139evaleng2

Brian Starr Cover LetterBrian Starr

6 Steps to Secure Network DevicesLisa Kearney

Fire wallsSmit Panchal

Sallysspecialservices networksecurityproposal2-100305141834-phpapp02Sally's Special Services

Michael jarmark internet security basicsMichaelJarmark_

IoT Threat Intel - SteppaSteppa Cyber Security

Info and telecom_network_securityBrijesh Kumar

Telkom Sigma Software Security System v1Directorate of Information Security | Ditjen Aptika

Midsize Business Solutions: CybersecurityCisco Security

mcq edu03 Anju 23.pdfANJUMOHANANU

Mohammed imranuddin cv.DOCmohammed imranuddin

Edu 03Anju 23 assignment.pdfANJUMOHANANU

PCI Compliance Myths, Reality and Solutions for RetailInDefense Security

What is the UK Cyber Essentials scheme?IT Governance Ltd

New VIPRE_DS_EndpointSecurity_2016 Cyd Isaak Francisco

Tendances (20)

Security

Pervasive Security Across Your Extended Network

Security Readiness Profile

Security Essentials

Cyber essentials-overview-sep-2021-211019100139

Brian Starr Cover Letter

6 Steps to Secure Network Devices

Fire walls

Sallysspecialservices networksecurityproposal2-100305141834-phpapp02

Michael jarmark internet security basics

IoT Threat Intel - Steppa

Info and telecom_network_security

Telkom Sigma Software Security System v1

Midsize Business Solutions: Cybersecurity

mcq edu03 Anju 23.pdf

Mohammed imranuddin cv.DOC

Edu 03Anju 23 assignment.pdf

PCI Compliance Myths, Reality and Solutions for Retail

What is the UK Cyber Essentials scheme?

New VIPRE_DS_EndpointSecurity_2016

En vedette

Leveraging Change Control for SecurityTripwire

Tripwire University Boot Camp – Economy of BadTripwire

Tripwire University Boot Camp – The Shifting Landscape: Know Your BattlefieldTripwire

Survival of the Fittest: How to Build a Cyber Resilient OrganizationTripwire

The RMF: New Emphasis on the Risk Management Framework for Government Organiz...Tripwire

Tripwire University: Cyberwar Boot Camp – Introduction and OverviewTripwire

8 Tips on Creating a Security Culture in the WorkplaceTripwire

Threat Intelligence from Honeypots for Active DefenseTripwire

"Backoff" Malware: How to Know If You're InfectedTripwire

Keep Your Guard: Stay Compliant and Be SecureTripwire

An Essential Guide to EU GDPRTripwire

Achieving Continuous Monitoring with Security AutomationTripwire

Tripwire IP360 Vulnerability ManagementTripwire

Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Tripwire

Breaking In and Breaking Records – A Look Back at 2016 CybercrimesTripwire

How to Protect Your Organization from the Ransomware EpidemicTripwire

Excellence in the Essentials: It's Not Whether You Implement Foundational Con...Tripwire

Overload: Critical Lessons from 15 Years of ICS VulnerabilitiesTripwire

3 Success Stories on the Tripwire Enterprise JourneyTripwire

Industry Insights from Infosecurity Europe 2016Tripwire

En vedette (20)

Leveraging Change Control for Security

Tripwire University Boot Camp – Economy of Bad

Tripwire University Boot Camp – The Shifting Landscape: Know Your Battlefield

Survival of the Fittest: How to Build a Cyber Resilient Organization

The RMF: New Emphasis on the Risk Management Framework for Government Organiz...

Tripwire University: Cyberwar Boot Camp – Introduction and Overview

8 Tips on Creating a Security Culture in the Workplace

Threat Intelligence from Honeypots for Active Defense

"Backoff" Malware: How to Know If You're Infected

Keep Your Guard: Stay Compliant and Be Secure

An Essential Guide to EU GDPR

Achieving Continuous Monitoring with Security Automation

Tripwire IP360 Vulnerability Management

Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)

Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes

How to Protect Your Organization from the Ransomware Epidemic

Excellence in the Essentials: It's Not Whether You Implement Foundational Con...

Overload: Critical Lessons from 15 Years of ICS Vulnerabilities

3 Success Stories on the Tripwire Enterprise Journey

Industry Insights from Infosecurity Europe 2016

Similaire à PCI Change Detection: Thinking Beyond the Checkbox

Continual Compliance for PCI DSS, E13PA and ISO 27001/2ControlCase

Payment card industry data security standardmanojghimiray

Gazzang pci v1[1]Gazzang

Compliance posterRui Gomes

Generic_Sample_INFOSECPolicy_and_ProceduresSamuel Loomis

SGSB Webcast 2 : Smart grid and data securityAndy Bochman

PCI Compliance OverviewLawPay

Information Technology Security BasicsMohan Jadhav

Making Compliance Business as UsualControlCase

Security Education and Training1111.pdfakkashkumar055

How to Achieve PCI Compliance with an Enterprise Job Scheduler HelpSystems

GDPR Part 2: Quest RelevanceAdrian Dumitrescu

Personal Data Protection in IndonesiaEryk Budi Pratama

Pcishrinktofitpresentation 151125162550-lva1-app6891Risk Crew

SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008Denny Lee

PCI presentationMahmoud Salaheldin

Security hardening and drown attack prevention for mobile backend developersJiri Danihelka

Application Security: What do we need to know?Jose L. Quiñones-Borrero

PCI DSS & PA DSS Version 3.0 Changes WebinarControlCase

ISO_27001___2005_OASISDermot Clarke

Similaire à PCI Change Detection: Thinking Beyond the Checkbox (20)

Continual Compliance for PCI DSS, E13PA and ISO 27001/2

Payment card industry data security standard

Gazzang pci v1[1]

Compliance poster

Generic_Sample_INFOSECPolicy_and_Procedures

SGSB Webcast 2 : Smart grid and data security

PCI Compliance Overview

Information Technology Security Basics

Making Compliance Business as Usual

Security Education and Training1111.pdf

How to Achieve PCI Compliance with an Enterprise Job Scheduler

GDPR Part 2: Quest Relevance

Personal Data Protection in Indonesia

Pcishrinktofitpresentation 151125162550-lva1-app6891

SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008

PCI presentation

Security hardening and drown attack prevention for mobile backend developers

Application Security: What do we need to know?

PCI DSS & PA DSS Version 3.0 Changes Webinar

ISO_27001___2005_OASIS

Plus de Tripwire

Mind the Cybersecurity Gap - Why Compliance Isn't EnoughTripwire

Data Privacy Day 2022: Tips to Ensure Data PrivacyTripwire

Key Challenges Facing IT/OT: Hear From The ExpertsTripwire

Tripwire Energy Working Group: TIV Demo Tripwire

Tripwire Energy Working Group Session w/Dale PetersonTripwire

Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire

Tripwire Energy Working Group: Customer Session with Chase ColeTripwire

Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire

World Book Day: Cybersecurity’s Quietest CelebrationTripwire

Tripwire Retail Security 2020 Survey: Key FindingsTripwire

Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportTripwire

The Adventures of Captain Tripwire: Coloring Book!Tripwire

Industrial Cybersecurity: Practical Tips for IT & OT CollaborationTripwire

The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...Tripwire

Tripwire 2019 Skills Gap Survey: Key FindingsTripwire

A Look Back at 2018: The Most Memorable Cyber MomentsTripwire

Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTripwire

Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire

Defend Your Data Now with the MITRE ATT&CK FrameworkTripwire

Defending Critical Infrastructure Against Cyber AttacksTripwire

Plus de Tripwire (20)

Mind the Cybersecurity Gap - Why Compliance Isn't Enough

Data Privacy Day 2022: Tips to Ensure Data Privacy

Key Challenges Facing IT/OT: Hear From The Experts

Tripwire Energy Working Group: TIV Demo

Tripwire Energy Working Group Session w/Dale Peterson

Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through

Tripwire Energy Working Group: Customer Session with Chase Cole

Tripwire Energy Working Group: Keynote w/Patrick Miller

World Book Day: Cybersecurity’s Quietest Celebration

Tripwire Retail Security 2020 Survey: Key Findings

Key Findings: Tripwire COVID-19 Cybersecurity Impact Report

The Adventures of Captain Tripwire: Coloring Book!

Industrial Cybersecurity: Practical Tips for IT & OT Collaboration

The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...

Tripwire 2019 Skills Gap Survey: Key Findings

A Look Back at 2018: The Most Memorable Cyber Moments

Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits

Tripwire State of Cyber Hygiene 2018 Report: Key Findings

Defend Your Data Now with the MITRE ATT&CK Framework

Defending Critical Infrastructure Against Cyber Attacks

Dernier

How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe

Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan

How to write a Business Continuity PlanDatabarracks

A Journey Into the Emotions of Software DevelopersNicole Novielli

Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA

What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina

UiPath Community: Communication Mining from Zero to HeroUiPathCommunity

Take control of your SAP testing with UiPath Test SuiteDianaGray10

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada

A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3

DevEX - reference for building teams, processes, and platformsSergiu Bodiu

Manual 508 Accessibility Compliance AuditSkynet Technologies

Rise of the Machines: Known As Drones...Rick Flair

Sample pptx for embedding into website for demoHarshalMandlekar2

Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada

From Family Reminiscence to Scholarly Archive .Alan Dix

Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda

[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra

Dernier (20)

How AI, OpenAI, and ChatGPT impact business and software.

Generative AI for Technical Writer or Information Developers

How to write a Business Continuity Plan

A Journey Into the Emotions of Software Developers

Long journey of Ruby standard library at RubyConf AU 2024

What is DBT - The Ultimate Data Build Tool.pdf

UiPath Community: Communication Mining from Zero to Hero

Take control of your SAP testing with UiPath Test Suite

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx

DevEX - reference for building teams, processes, and platforms

Manual 508 Accessibility Compliance Audit

Rise of the Machines: Known As Drones...

Sample pptx for embedding into website for demo

Emixa Mendix Meetup 11 April 2024 about Mendix Native development

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024

From Family Reminiscence to Scholarly Archive .

Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...

[Webinar] SpiraTest - Setting New Standards in Quality Assurance

PCI Change Detection: Thinking Beyond the Checkbox

2. Glenn Rogers CIO Girl Scouts of Northern California Tim Erlin Dir. IT Risk and Security Strategist Tripwire

9. 1: Build and Maintain a Secure Network 2: Protect Cardholder Data 3: Maintain a Vulnerability Management Program 4: Implement Strong Access Control Measures 5: Regularly Monitor and Test Networks 6: Maintain an Information Security Policy Requirement 1: Install and maintain a firewall configuration to Protect Cardholder Data Requirement 3: Protect stored cardholder data Requirement 5: Protect all systems against malware and regularly update anti- virus software or programs Requirement 7: Restrict access to cardholder data by business need to know Requirement 10: Track and monitor all access to network resources and cardholder data Requirement 12: Maintain a policy that addresses information security for all personnel Requirement 2: Do not use vendor- supplied defaults for system passwords and other security parameters Requirement 4: Encrypt transmission of cardholder data across open, public networks Requirement 6: Develop and maintain secure systems and applications Requirement 8: Identify and authenticate access to system components Requirement 11: Regularly test security systems and processes Requirement 9: Restrict physical access to cardholder data Validates Provides Supports

10.

11. Tripwire and PCI DSS 3.2

12. Continuous Monitoring Risk Reduction Threat Detection and Response Operational Cost Reduction INTEGRATION AUTOM ATION CONTEXT

PCI Change Detection: Thinking Beyond the Checkbox

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

En vedette

En vedette (20)

Similaire à PCI Change Detection: Thinking Beyond the Checkbox

Similaire à PCI Change Detection: Thinking Beyond the Checkbox (20)

Plus de Tripwire

Plus de Tripwire (20)

Dernier

Dernier (20)

PCI Change Detection: Thinking Beyond the Checkbox