Riesgo PCI v2 is a software solution that assists organizations in managing their PCI compliance activities. It includes a PCI operations radar for real-time monitoring of PCI assets, a PCI compliance dashboard, and a log retrieval system. The solution captures the full PCI assessment and audit cycle, including assessing projects, business units, and assets against PCI policies. It provides visibility into compliance status and risk ratings. For a pilot of the software, organizations should contact Ben Oguntala.
1. PCI v2
PCI operations radar & compliance dashboard
Ben Oguntala
info@riesgoriskmanagement.com
www.riesgoriskmanagement.com
07812039867
For a pilot, email Ben Oguntala -
info@riesgoriskmanagement.com
2. Introduction
Objective
• This presentation describes the features of Riesgo PCI V2 that assists
organisations in managing the activities of related to PCI compliance.
Key modules include:
• PCI operations radar – real time monitoring of all PCI assets across your network
• PCI compliance dashboard - policy compliance in accordance with the PCI DSS
In this presentation:
• PCI assessment process
• PCI operations radar process
• PCI operation log retrieval system
• PCI Asset register
• PCI Audit process
• Project & Business unit PCI assessment
For a pilot, email Ben Oguntala -
info@riesgoriskmanagement.com
3. Riesgo PCI v2 solution captures the end to end cycle of PCI within your organisation.
PCI Audits
PCI
PCI reports
assessments
PCI
compliance PCI PCI Risk
program register
Dashboard
PCI log
PCI Asset
retrieval
register
system
PCI
operations
radar
For a pilot, email Ben Oguntala -
info@riesgoriskmanagement.com
4. Overview
PCI compliance Dashboard PCI Operations Radar
Application server
Database server
Business logic
Business unit
assessments
assessments
assessments
Web server
Firewalls
Routers
IPS/IDS
server
Project
Asset
PCI Log retrieval
PCI asset register system
PCI compliance dashboard PCI operations radar
Risk Register
Radar alerts
compliance
Likelihood
Business
Web server
logic server
Application
impact
Audits
Business
Database
Database
Policy
Firewalls
Likelihood
Business
Asset Review
Routers
impact
IPS/IDS
server
server
server
Violation
PCI ID Asset BU
owner date PCI ID
Ben
123 Serv1 AG H L Y 2/3/09 3 - -
Gee
123 H L 3 3 1 5
Olu
124 Serv3 AG H L N 2/3/09 - - -
Gee
124 H L -
Mark
125 Serv4 AG H L Y 2/3/09 - - -
Seal
125 H L -
Olu
126 Serv5 AG H L N 2/5/09 - - -
Gee
126 H L 3 3 4 1
Ray
127 Serv6 AG H L N 2/3/09 - - -
Ban
127 H L -
See
128 Serv7 AG H L Y 2/3/09 - - -
More
128 H L -
Olu
129 Serv8 AG H L Y 2/3/09 - - -
Gee
Cee
130 Serv9 AG H L Y 2/3/09 For a pilot,-email Ben Oguntala -
- -
Cee
info@riesgoriskmanagement.com
5. PCI assessment process
Type PCI Assessment Risk rating
PCI
1. Do not retain full magnetic stripe, card L MH compliance
Project validation code or value Dashboard
PCI 2. Protect stored cardholder data
registration Business unit 3. Provide secure authentication features
form 4. Log payment application activity
Asset 5. Develop secure payment applications PCI risk
6. Protect wireless transmissions register
7. Test payment applications to address
vulnerabilities
8. Facilitate secure network implementation
9. Cardholder data must never be stored on a
server connected to the Internet
10. Facilitate secure remote software updates
11. Facilitate secure remote access to payment
application
12. Encrypt sensitive traffic over public
networks
13. Encrypt all non-console administrative
access
14. Maintain instructional documentation and
training programs for customers, resellers,
and integrators
For a pilot, email Ben Oguntala -
info@riesgoriskmanagement.com
6. PCI operation radar process
PCI
compliance
Dashboard
PCI operations radar
Project details
Web server
logic server
Application
Business
Database
Database
Firewalls
Likelihood
Business
Routers
impact
IPS/IDS
server
server
server
Violation
PCI ID
Project name
Project ID
123 H L 3 3 1 5
Project Manager
Project Manager
Description
Assets
Web Servers Asset owner Log interface
Business logic Asset owner Log interface Riesgo Log
retrieval system
Firewalls Asset owner Log interface
Databases Asset owner Legal interface
For a pilot, email Ben Oguntala -
info@riesgoriskmanagement.com
7. PCI log retrieval system
PCI operations radar
PCI project ID
Web server
logic server
Application
Business
Database
Database
Firewalls
Likelihood
Business
Routers
impact
IPS/IDS
server
server
server
Violation
Web server Log PCI ID
Application server Log 123 H L 3 3 1 5
Business logic
Log
server
PCI Log retrieval Alert rating
system
Database server Log
Routers Log
Firewalls Log
IPS/IDS Log
For a pilot, email Ben Oguntala -
info@riesgoriskmanagement.com
8. PCI Asset register
PCI project ID
Web server Log
PCI compliance dashboard
Application server Log
compliance
Likelihood
Business
impact
Policy
Asset
PCI ID Asset BU
owner
Business logic
Log
server
Ben
123 Serv1 AG H L Y
Gee
Olu Database server Log
124 Serv3 AG H L N
Gee
Mark
125 Serv4 AG H L Y
Seal
Olu Routers Log
126 Serv5 AG H L N
Gee
Ray
127 Serv6 AG H L N
Ban Firewalls Log
See
128 Serv7 AG H L Y
More
Olu
129 Serv8 AG H L Y IPS/IDS Log
Gee
Cee
130 Serv9 AG H L Y
Cee
Each PCI project can identify its assets and
assessed against the policy compliance and
For a pilot, email Ben Oguntala transmitted data via its logs.
ready -
info@riesgoriskmanagement.com
9. PCI Audit
Business Audit non compliance report
units
Audit schedule
compliance
compliance
Risk rating
Likelihood
Business
findings
impact
Policy
Audit
Asset Asset
Non
BU
owner
PCI PCI Policies
PCI Assets
projects compliance
PCI compliance dashboard
Risk Register
Radar alerts
compliance
Likelihood
Business
impact
Audits
Policy
Asset Review
PCI ID Asset BU
owner date
For a pilot, email Ben Oguntala -
info@riesgoriskmanagement.com
10. Project & business
Business unit
assessments
assessments
assessments
Project
Asset
unit PCI assessment
PCI related
PCI related
units with
Business
projects
Assets
PCI
Reports
PCI risk
Risk Register
compliance
Risk Likelihood
Business
assessment form Audits
impact
Policy
rating Review
The 14 key PCI date
assessments
PCI compliance
1. Do not retain full magnetic stripe, card validation code or value dashboard
2. Protect stored cardholder data
3. Provide secure authentication features
4. Log payment application activity
5. Develop secure payment applications
6. Protect wireless transmissions
7. Test payment applications to address vulnerabilities
8. Facilitate secure network implementation
9. Cardholder data must never be stored on a server connected to the Internet
10. Facilitate secure remote software updates
11. Facilitate secure remote access to payment application
12. Encrypt sensitive traffic over public networks
13. Encrypt all non-console administrative access
14. Maintain instructional documentation and training programs for customers,
resellers, and integrators
For a pilot, email Ben Oguntala -
info@riesgoriskmanagement.com