SlideShare une entreprise Scribd logo

Pci V2

Ben Omoakin Oguntala, developingafrica(dot)net
Ben Omoakin Oguntala, developingafrica(dot)net

Riesgo PCI v2 is a software solution that assists organizations in managing their PCI compliance activities. It includes a PCI operations radar for real-time monitoring of PCI assets, a PCI compliance dashboard, and a log retrieval system. The solution captures the full PCI assessment and audit cycle, including assessing projects, business units, and assets against PCI policies. It provides visibility into compliance status and risk ratings. For a pilot of the software, organizations should contact Ben Oguntala.

1  sur  11
Télécharger pour lire hors ligne
PCI v2 PCI operations radar & compliance dashboard Ben Oguntala info@riesgoriskmanagement.com www.riesgoriskmanagement.com 07812039867 For a pilot, email Ben Oguntala - info@riesgoriskmanagement.com
Introduction Objective • This presentation describes the features of Riesgo PCI V2 that assists organisations in managing the activities of related to PCI compliance. Key modules include: • PCI operations radar – real time monitoring of all PCI assets across your network • PCI compliance dashboard - policy compliance in accordance with the PCI DSS In this presentation: • PCI assessment process • PCI operations radar process • PCI operation log retrieval system • PCI Asset register • PCI Audit process • Project & Business unit PCI assessment For a pilot, email Ben Oguntala - info@riesgoriskmanagement.com
Riesgo PCI v2 solution captures the end to end cycle of PCI within your organisation. PCI Audits PCI PCI reports assessments PCI compliance PCI PCI Risk program register Dashboard PCI log PCI Asset retrieval register system PCI operations radar For a pilot, email Ben Oguntala - info@riesgoriskmanagement.com
Overview PCI compliance Dashboard PCI Operations Radar Application server Database server Business logic Business unit assessments assessments assessments Web server Firewalls Routers IPS/IDS server Project Asset PCI Log retrieval PCI asset register system PCI compliance dashboard PCI operations radar Risk Register Radar alerts compliance Likelihood Business Web server logic server Application impact Audits Business Database Database Policy Firewalls Likelihood Business Asset Review Routers impact IPS/IDS server server server Violation PCI ID Asset BU owner date PCI ID Ben 123 Serv1 AG H L Y 2/3/09 3 - - Gee 123 H L 3 3 1 5 Olu 124 Serv3 AG H L N 2/3/09 - - - Gee 124 H L - Mark 125 Serv4 AG H L Y 2/3/09 - - - Seal 125 H L - Olu 126 Serv5 AG H L N 2/5/09 - - - Gee 126 H L 3 3 4 1 Ray 127 Serv6 AG H L N 2/3/09 - - - Ban 127 H L - See 128 Serv7 AG H L Y 2/3/09 - - - More 128 H L - Olu 129 Serv8 AG H L Y 2/3/09 - - - Gee Cee 130 Serv9 AG H L Y 2/3/09 For a pilot,-email Ben Oguntala - - - Cee info@riesgoriskmanagement.com
PCI assessment process Type PCI Assessment Risk rating PCI 1. Do not retain full magnetic stripe, card L MH compliance Project validation code or value Dashboard PCI 2. Protect stored cardholder data registration Business unit 3. Provide secure authentication features form 4. Log payment application activity Asset 5. Develop secure payment applications PCI risk 6. Protect wireless transmissions register 7. Test payment applications to address vulnerabilities 8. Facilitate secure network implementation 9. Cardholder data must never be stored on a server connected to the Internet 10. Facilitate secure remote software updates 11. Facilitate secure remote access to payment application 12. Encrypt sensitive traffic over public networks 13. Encrypt all non-console administrative access 14. Maintain instructional documentation and training programs for customers, resellers, and integrators For a pilot, email Ben Oguntala - info@riesgoriskmanagement.com
PCI operation radar process PCI compliance Dashboard PCI operations radar Project details Web server logic server Application Business Database Database Firewalls Likelihood Business Routers impact IPS/IDS server server server Violation PCI ID Project name Project ID 123 H L 3 3 1 5 Project Manager Project Manager Description Assets Web Servers Asset owner Log interface Business logic Asset owner Log interface Riesgo Log retrieval system Firewalls Asset owner Log interface Databases Asset owner Legal interface For a pilot, email Ben Oguntala - info@riesgoriskmanagement.com
PCI log retrieval system PCI operations radar PCI project ID Web server logic server Application Business Database Database Firewalls Likelihood Business Routers impact IPS/IDS server server server Violation Web server Log PCI ID Application server Log 123 H L 3 3 1 5 Business logic Log server PCI Log retrieval Alert rating system Database server Log Routers Log Firewalls Log IPS/IDS Log For a pilot, email Ben Oguntala - info@riesgoriskmanagement.com
PCI Asset register PCI project ID Web server Log PCI compliance dashboard Application server Log compliance Likelihood Business impact Policy Asset PCI ID Asset BU owner Business logic Log server Ben 123 Serv1 AG H L Y Gee Olu Database server Log 124 Serv3 AG H L N Gee Mark 125 Serv4 AG H L Y Seal Olu Routers Log 126 Serv5 AG H L N Gee Ray 127 Serv6 AG H L N Ban Firewalls Log See 128 Serv7 AG H L Y More Olu 129 Serv8 AG H L Y IPS/IDS Log Gee Cee 130 Serv9 AG H L Y Cee Each PCI project can identify its assets and assessed against the policy compliance and For a pilot, email Ben Oguntala transmitted data via its logs. ready - info@riesgoriskmanagement.com
PCI Audit Business Audit non compliance report units Audit schedule compliance compliance Risk rating Likelihood Business findings impact Policy Audit Asset Asset Non BU owner PCI PCI Policies PCI Assets projects compliance PCI compliance dashboard Risk Register Radar alerts compliance Likelihood Business impact Audits Policy Asset Review PCI ID Asset BU owner date For a pilot, email Ben Oguntala - info@riesgoriskmanagement.com
Project & business Business unit assessments assessments assessments Project Asset unit PCI assessment PCI related PCI related units with Business projects Assets PCI Reports PCI risk Risk Register compliance Risk Likelihood Business assessment form Audits impact Policy rating Review The 14 key PCI date assessments PCI compliance 1. Do not retain full magnetic stripe, card validation code or value dashboard 2. Protect stored cardholder data 3. Provide secure authentication features 4. Log payment application activity 5. Develop secure payment applications 6. Protect wireless transmissions 7. Test payment applications to address vulnerabilities 8. Facilitate secure network implementation 9. Cardholder data must never be stored on a server connected to the Internet 10. Facilitate secure remote software updates 11. Facilitate secure remote access to payment application 12. Encrypt sensitive traffic over public networks 13. Encrypt all non-console administrative access 14. Maintain instructional documentation and training programs for customers, resellers, and integrators For a pilot, email Ben Oguntala - info@riesgoriskmanagement.com
Contact details Interested in PCI v2? Contact us For a pilot, email Ben Oguntala - info@riesgoriskmanagement.com

Recommandé

Stratum Global RFID
Stratum Global RFIDStratum Global RFID
Stratum Global RFIDAlan Christensen
 
ACORD Web Services
ACORD Web ServicesACORD Web Services
ACORD Web Serviceschris_bertelsen
 
The CORA Model Explained
The CORA Model ExplainedThe CORA Model Explained
The CORA Model Explainedtelzinga
 
PCI DSS: Las leyes de Seguridad de VISA y Mastercard. Internet Global Congres...
PCI DSS: Las leyes de Seguridad de VISA y Mastercard. Internet Global Congres...PCI DSS: Las leyes de Seguridad de VISA y Mastercard. Internet Global Congres...
PCI DSS: Las leyes de Seguridad de VISA y Mastercard. Internet Global Congres...Internet Security Auditors
 
Requisitos y pasos para avanzar en el cumplimiento PCI
Requisitos y pasos para avanzar en el cumplimiento PCIRequisitos y pasos para avanzar en el cumplimiento PCI
Requisitos y pasos para avanzar en el cumplimiento PCIInternet Security Auditors
 
Risk and Issue Dashboard ver. 1
Risk and Issue Dashboard ver. 1Risk and Issue Dashboard ver. 1
Risk and Issue Dashboard ver. 1arvinronald
 
PCI DSS Essential Guide
PCI DSS Essential GuidePCI DSS Essential Guide
PCI DSS Essential GuideKim Jensen
 
Presentación ISACA Madrid PCI DSS - 28 abril 2011
Presentación ISACA Madrid PCI DSS - 28 abril 2011Presentación ISACA Madrid PCI DSS - 28 abril 2011
Presentación ISACA Madrid PCI DSS - 28 abril 2011Juan Manuel Nieto
 

Recommandé

Stratum Global RFID
Stratum Global RFIDStratum Global RFID
Stratum Global RFIDAlan Christensen
 
ACORD Web Services
ACORD Web ServicesACORD Web Services
ACORD Web Serviceschris_bertelsen
 
The CORA Model Explained
The CORA Model ExplainedThe CORA Model Explained
The CORA Model Explainedtelzinga
 
PCI DSS: Las leyes de Seguridad de VISA y Mastercard. Internet Global Congres...
PCI DSS: Las leyes de Seguridad de VISA y Mastercard. Internet Global Congres...PCI DSS: Las leyes de Seguridad de VISA y Mastercard. Internet Global Congres...
PCI DSS: Las leyes de Seguridad de VISA y Mastercard. Internet Global Congres...Internet Security Auditors
 
Requisitos y pasos para avanzar en el cumplimiento PCI
Requisitos y pasos para avanzar en el cumplimiento PCIRequisitos y pasos para avanzar en el cumplimiento PCI
Requisitos y pasos para avanzar en el cumplimiento PCIInternet Security Auditors
 
Risk and Issue Dashboard ver. 1
Risk and Issue Dashboard ver. 1Risk and Issue Dashboard ver. 1
Risk and Issue Dashboard ver. 1arvinronald
 
PCI DSS Essential Guide
PCI DSS Essential GuidePCI DSS Essential Guide
PCI DSS Essential GuideKim Jensen
 
Presentación ISACA Madrid PCI DSS - 28 abril 2011
Presentación ISACA Madrid PCI DSS - 28 abril 2011Presentación ISACA Madrid PCI DSS - 28 abril 2011
Presentación ISACA Madrid PCI DSS - 28 abril 2011Juan Manuel Nieto
 
NIST SP 800 30 Flow Chart
NIST SP 800 30 Flow ChartNIST SP 800 30 Flow Chart
NIST SP 800 30 Flow ChartJames W. De Rienzo
 
Real time trade surveillance in financial markets
Real time trade surveillance in financial marketsReal time trade surveillance in financial markets
Real time trade surveillance in financial marketsHortonworks
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualKimberly Simon MBA
 
Introduction to cambridge semantics trade surveillance 2015
Introduction to cambridge semantics trade surveillance 2015Introduction to cambridge semantics trade surveillance 2015
Introduction to cambridge semantics trade surveillance 2015John Rueter
 
Balanced_Scorecard_Project V Final
Balanced_Scorecard_Project V FinalBalanced_Scorecard_Project V Final
Balanced_Scorecard_Project V FinalCarlos Rivero
 
Risk Dashboard
Risk Dashboard Risk Dashboard
Risk Dashboard Michel Rochette
 
HP Service Delivery Platform 3.0 Launch
HP Service Delivery Platform 3.0 LaunchHP Service Delivery Platform 3.0 Launch
HP Service Delivery Platform 3.0 Launchgrahamwright
 
Acl Presentation 3 4 10 Final
Acl Presentation 3 4 10 FinalAcl Presentation 3 4 10 Final
Acl Presentation 3 4 10 Finalmcoello
 
Venus-c: Using open source clouds in eScience
Venus-c: Using open source clouds in eScienceVenus-c: Using open source clouds in eScience
Venus-c: Using open source clouds in eScienceOW2
 
QualysGuard InfoDay 2012 - QualysGuard Suite 7.0
QualysGuard InfoDay 2012 - QualysGuard Suite 7.0QualysGuard InfoDay 2012 - QualysGuard Suite 7.0
QualysGuard InfoDay 2012 - QualysGuard Suite 7.0Risk Analysis Consultants, s.r.o.
 
First Operational Technology (OT) High Performance Messaging Patterns for Ent...
First Operational Technology (OT) High Performance Messaging Patterns for Ent...First Operational Technology (OT) High Performance Messaging Patterns for Ent...
First Operational Technology (OT) High Performance Messaging Patterns for Ent...Real-Time Innovations (RTI)
 
Leadership Symposium on Digital Media in Healthcare
Leadership Symposium on Digital Media in HealthcareLeadership Symposium on Digital Media in Healthcare
Leadership Symposium on Digital Media in Healthcaresetstanford
 
Wc Mand Connectors2
Wc Mand Connectors2Wc Mand Connectors2
Wc Mand Connectors2day
 
Dell open stack powered cloud solution introduce & crowbar demo cosug-2012
Dell open stack powered cloud solution introduce & crowbar demo cosug-2012Dell open stack powered cloud solution introduce & crowbar demo cosug-2012
Dell open stack powered cloud solution introduce & crowbar demo cosug-2012OpenCity Community
 
M2M Billing - Comarch M2M Projects
M2M Billing - Comarch M2M ProjectsM2M Billing - Comarch M2M Projects
M2M Billing - Comarch M2M ProjectsComarch
 
EMC Documentum & Captiva
EMC Documentum & CaptivaEMC Documentum & Captiva
EMC Documentum & CaptivaITDogadjaji.com
 
Enabling Content Workflows in the Cloud
Enabling Content Workflows in the CloudEnabling Content Workflows in the Cloud
Enabling Content Workflows in the CloudAmazon Web Services
 
Michel izygon
Michel izygonMichel izygon
Michel izygonNASAPMC
 
Enabling the next generation airport at DXB
Enabling the next generation airport at DXBEnabling the next generation airport at DXB
Enabling the next generation airport at DXBAmor Group
 
Transaction-based Capacity Planning for greater IT Reliability™ webinar
Transaction-based Capacity Planning for greater IT Reliability™ webinar Transaction-based Capacity Planning for greater IT Reliability™ webinar
Transaction-based Capacity Planning for greater IT Reliability™ webinar Metron
 
Software architecture
Software architectureSoftware architecture
Software architectureVolodymyr Yelchev
 
Tech Ed 09 - Arc302 - Analysis and Architecture
Tech Ed 09 - Arc302 - Analysis and ArchitectureTech Ed 09 - Arc302 - Analysis and Architecture
Tech Ed 09 - Arc302 - Analysis and Architecturemhessinger
 

Contenu connexe

En vedette

Real time trade surveillance in financial markets
Real time trade surveillance in financial marketsReal time trade surveillance in financial markets
Real time trade surveillance in financial marketsHortonworks
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualKimberly Simon MBA
 
Introduction to cambridge semantics trade surveillance 2015
Introduction to cambridge semantics trade surveillance 2015Introduction to cambridge semantics trade surveillance 2015
Introduction to cambridge semantics trade surveillance 2015John Rueter
 
Balanced_Scorecard_Project V Final
Balanced_Scorecard_Project V FinalBalanced_Scorecard_Project V Final
Balanced_Scorecard_Project V FinalCarlos Rivero
 

En vedette (6)

NIST SP 800 30 Flow Chart
NIST SP 800 30 Flow ChartNIST SP 800 30 Flow Chart
NIST SP 800 30 Flow Chart
 
Real time trade surveillance in financial markets
Real time trade surveillance in financial marketsReal time trade surveillance in financial markets
Real time trade surveillance in financial markets
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as Usual
 
Introduction to cambridge semantics trade surveillance 2015
Introduction to cambridge semantics trade surveillance 2015Introduction to cambridge semantics trade surveillance 2015
Introduction to cambridge semantics trade surveillance 2015
 
Balanced_Scorecard_Project V Final
Balanced_Scorecard_Project V FinalBalanced_Scorecard_Project V Final
Balanced_Scorecard_Project V Final
 
Risk Dashboard
Risk Dashboard Risk Dashboard
Risk Dashboard
 

Similaire à Pci V2

HP Service Delivery Platform 3.0 Launch
HP Service Delivery Platform 3.0 LaunchHP Service Delivery Platform 3.0 Launch
HP Service Delivery Platform 3.0 Launchgrahamwright
 
Acl Presentation 3 4 10 Final
Acl Presentation 3 4 10 FinalAcl Presentation 3 4 10 Final
Acl Presentation 3 4 10 Finalmcoello
 
Venus-c: Using open source clouds in eScience
Venus-c: Using open source clouds in eScienceVenus-c: Using open source clouds in eScience
Venus-c: Using open source clouds in eScienceOW2
 
First Operational Technology (OT) High Performance Messaging Patterns for Ent...
First Operational Technology (OT) High Performance Messaging Patterns for Ent...First Operational Technology (OT) High Performance Messaging Patterns for Ent...
First Operational Technology (OT) High Performance Messaging Patterns for Ent...Real-Time Innovations (RTI)
 
Leadership Symposium on Digital Media in Healthcare
Leadership Symposium on Digital Media in HealthcareLeadership Symposium on Digital Media in Healthcare
Leadership Symposium on Digital Media in Healthcaresetstanford
 
Wc Mand Connectors2
Wc Mand Connectors2Wc Mand Connectors2
Wc Mand Connectors2day
 
Dell open stack powered cloud solution introduce & crowbar demo cosug-2012
Dell open stack powered cloud solution introduce & crowbar demo cosug-2012Dell open stack powered cloud solution introduce & crowbar demo cosug-2012
Dell open stack powered cloud solution introduce & crowbar demo cosug-2012OpenCity Community
 
M2M Billing - Comarch M2M Projects
M2M Billing - Comarch M2M ProjectsM2M Billing - Comarch M2M Projects
M2M Billing - Comarch M2M ProjectsComarch
 
EMC Documentum & Captiva
EMC Documentum & CaptivaEMC Documentum & Captiva
EMC Documentum & CaptivaITDogadjaji.com
 
Enabling Content Workflows in the Cloud
Enabling Content Workflows in the CloudEnabling Content Workflows in the Cloud
Enabling Content Workflows in the CloudAmazon Web Services
 
Michel izygon
Michel izygonMichel izygon
Michel izygonNASAPMC
 
Enabling the next generation airport at DXB
Enabling the next generation airport at DXBEnabling the next generation airport at DXB
Enabling the next generation airport at DXBAmor Group
 
Transaction-based Capacity Planning for greater IT Reliability™ webinar
Transaction-based Capacity Planning for greater IT Reliability™ webinar Transaction-based Capacity Planning for greater IT Reliability™ webinar
Transaction-based Capacity Planning for greater IT Reliability™ webinar Metron
 
Tech Ed 09 - Arc302 - Analysis and Architecture
Tech Ed 09 - Arc302 - Analysis and ArchitectureTech Ed 09 - Arc302 - Analysis and Architecture
Tech Ed 09 - Arc302 - Analysis and Architecturemhessinger
 
Managing the Data Center with JBoss SOA-P
Managing the Data Center with JBoss SOA-PManaging the Data Center with JBoss SOA-P
Managing the Data Center with JBoss SOA-PColloquium
 
Geospatial Community Cloud Vision
Geospatial Community Cloud VisionGeospatial Community Cloud Vision
Geospatial Community Cloud VisionDaneyon Hansen
 
WAS Support & Monitoring Tools
WAS Support & Monitoring ToolsWAS Support & Monitoring Tools
WAS Support & Monitoring ToolsRoyal Cyber Inc.
 
SVG in Data Acquisition and Control Systems
SVG in Data Acquisition and Control SystemsSVG in Data Acquisition and Control Systems
SVG in Data Acquisition and Control SystemsTao Jiang
 

Similaire à Pci V2 (20)

HP Service Delivery Platform 3.0 Launch
HP Service Delivery Platform 3.0 LaunchHP Service Delivery Platform 3.0 Launch
HP Service Delivery Platform 3.0 Launch
 
Acl Presentation 3 4 10 Final
Acl Presentation 3 4 10 FinalAcl Presentation 3 4 10 Final
Acl Presentation 3 4 10 Final
 
Venus-c: Using open source clouds in eScience
Venus-c: Using open source clouds in eScienceVenus-c: Using open source clouds in eScience
Venus-c: Using open source clouds in eScience
 
QualysGuard InfoDay 2012 - QualysGuard Suite 7.0
QualysGuard InfoDay 2012 - QualysGuard Suite 7.0QualysGuard InfoDay 2012 - QualysGuard Suite 7.0
QualysGuard InfoDay 2012 - QualysGuard Suite 7.0
 
First Operational Technology (OT) High Performance Messaging Patterns for Ent...
First Operational Technology (OT) High Performance Messaging Patterns for Ent...First Operational Technology (OT) High Performance Messaging Patterns for Ent...
First Operational Technology (OT) High Performance Messaging Patterns for Ent...
 
Leadership Symposium on Digital Media in Healthcare
Leadership Symposium on Digital Media in HealthcareLeadership Symposium on Digital Media in Healthcare
Leadership Symposium on Digital Media in Healthcare
 
Wc Mand Connectors2
Wc Mand Connectors2Wc Mand Connectors2
Wc Mand Connectors2
 
Dell open stack powered cloud solution introduce & crowbar demo cosug-2012
Dell open stack powered cloud solution introduce & crowbar demo cosug-2012Dell open stack powered cloud solution introduce & crowbar demo cosug-2012
Dell open stack powered cloud solution introduce & crowbar demo cosug-2012
 
M2M Billing - Comarch M2M Projects
M2M Billing - Comarch M2M ProjectsM2M Billing - Comarch M2M Projects
M2M Billing - Comarch M2M Projects
 
EMC Documentum & Captiva
EMC Documentum & CaptivaEMC Documentum & Captiva
EMC Documentum & Captiva
 
Enabling Content Workflows in the Cloud
Enabling Content Workflows in the CloudEnabling Content Workflows in the Cloud
Enabling Content Workflows in the Cloud
 
Michel izygon
Michel izygonMichel izygon
Michel izygon
 
Enabling the next generation airport at DXB
Enabling the next generation airport at DXBEnabling the next generation airport at DXB
Enabling the next generation airport at DXB
 
Transaction-based Capacity Planning for greater IT Reliability™ webinar
Transaction-based Capacity Planning for greater IT Reliability™ webinar Transaction-based Capacity Planning for greater IT Reliability™ webinar
Transaction-based Capacity Planning for greater IT Reliability™ webinar
 
Software architecture
Software architectureSoftware architecture
Software architecture
 
Tech Ed 09 - Arc302 - Analysis and Architecture
Tech Ed 09 - Arc302 - Analysis and ArchitectureTech Ed 09 - Arc302 - Analysis and Architecture
Tech Ed 09 - Arc302 - Analysis and Architecture
 
Managing the Data Center with JBoss SOA-P
Managing the Data Center with JBoss SOA-PManaging the Data Center with JBoss SOA-P
Managing the Data Center with JBoss SOA-P
 
Geospatial Community Cloud Vision
Geospatial Community Cloud VisionGeospatial Community Cloud Vision
Geospatial Community Cloud Vision
 
WAS Support & Monitoring Tools
WAS Support & Monitoring ToolsWAS Support & Monitoring Tools
WAS Support & Monitoring Tools
 
SVG in Data Acquisition and Control Systems
SVG in Data Acquisition and Control SystemsSVG in Data Acquisition and Control Systems
SVG in Data Acquisition and Control Systems
 

Plus de Ben Omoakin Oguntala, developingafrica(dot)net

Plus de Ben Omoakin Oguntala, developingafrica(dot)net (16)

Developing Africa Ode Remo brochure
Developing Africa Ode Remo brochureDeveloping Africa Ode Remo brochure
Developing Africa Ode Remo brochure
 
Developing Africa - Ode Remo
Developing Africa - Ode RemoDeveloping Africa - Ode Remo
Developing Africa - Ode Remo
 
Thisday story with Oguntala
Thisday story with OguntalaThisday story with Oguntala
Thisday story with Oguntala
 
Africa secretariat - The Home of African raw materials
Africa secretariat - The Home of African raw materials Africa secretariat - The Home of African raw materials
Africa secretariat - The Home of African raw materials
 
Data Leakage Prevention
Data Leakage PreventionData Leakage Prevention
Data Leakage Prevention
 
Risk Assessment And Risk Treatment
Risk Assessment And Risk TreatmentRisk Assessment And Risk Treatment
Risk Assessment And Risk Treatment
 
Data Protection Compliance In Economically Depressing Times
Data Protection Compliance In Economically Depressing TimesData Protection Compliance In Economically Depressing Times
Data Protection Compliance In Economically Depressing Times
 
Privacy Impact Assessment Final
Privacy Impact Assessment FinalPrivacy Impact Assessment Final
Privacy Impact Assessment Final
 
Managing Information Asset Register
Managing Information Asset RegisterManaging Information Asset Register
Managing Information Asset Register
 
Fraud Monitoring Solution
Fraud Monitoring SolutionFraud Monitoring Solution
Fraud Monitoring Solution
 
Conformidad De Seguridad De InformacióNv2
Conformidad De Seguridad De InformacióNv2Conformidad De Seguridad De InformacióNv2
Conformidad De Seguridad De InformacióNv2
 
Iso 27001 Audit Evidence Acquisitionv3
Iso 27001 Audit Evidence Acquisitionv3Iso 27001 Audit Evidence Acquisitionv3
Iso 27001 Audit Evidence Acquisitionv3
 
Iso 27001 Audit Evidence Acquisition
Iso 27001 Audit Evidence AcquisitionIso 27001 Audit Evidence Acquisition
Iso 27001 Audit Evidence Acquisition
 
Gprs/3G Troubleshooter
Gprs/3G TroubleshooterGprs/3G Troubleshooter
Gprs/3G Troubleshooter
 
FoI
FoIFoI
FoI
 
Dpa V3
Dpa V3Dpa V3
Dpa V3
 

Pci V2

  • 1. PCI v2 PCI operations radar & compliance dashboard Ben Oguntala info@riesgoriskmanagement.com www.riesgoriskmanagement.com 07812039867 For a pilot, email Ben Oguntala - info@riesgoriskmanagement.com
  • 2. Introduction Objective • This presentation describes the features of Riesgo PCI V2 that assists organisations in managing the activities of related to PCI compliance. Key modules include: • PCI operations radar – real time monitoring of all PCI assets across your network • PCI compliance dashboard - policy compliance in accordance with the PCI DSS In this presentation: • PCI assessment process • PCI operations radar process • PCI operation log retrieval system • PCI Asset register • PCI Audit process • Project & Business unit PCI assessment For a pilot, email Ben Oguntala - info@riesgoriskmanagement.com
  • 3. Riesgo PCI v2 solution captures the end to end cycle of PCI within your organisation. PCI Audits PCI PCI reports assessments PCI compliance PCI PCI Risk program register Dashboard PCI log PCI Asset retrieval register system PCI operations radar For a pilot, email Ben Oguntala - info@riesgoriskmanagement.com
  • 4. Overview PCI compliance Dashboard PCI Operations Radar Application server Database server Business logic Business unit assessments assessments assessments Web server Firewalls Routers IPS/IDS server Project Asset PCI Log retrieval PCI asset register system PCI compliance dashboard PCI operations radar Risk Register Radar alerts compliance Likelihood Business Web server logic server Application impact Audits Business Database Database Policy Firewalls Likelihood Business Asset Review Routers impact IPS/IDS server server server Violation PCI ID Asset BU owner date PCI ID Ben 123 Serv1 AG H L Y 2/3/09 3 - - Gee 123 H L 3 3 1 5 Olu 124 Serv3 AG H L N 2/3/09 - - - Gee 124 H L - Mark 125 Serv4 AG H L Y 2/3/09 - - - Seal 125 H L - Olu 126 Serv5 AG H L N 2/5/09 - - - Gee 126 H L 3 3 4 1 Ray 127 Serv6 AG H L N 2/3/09 - - - Ban 127 H L - See 128 Serv7 AG H L Y 2/3/09 - - - More 128 H L - Olu 129 Serv8 AG H L Y 2/3/09 - - - Gee Cee 130 Serv9 AG H L Y 2/3/09 For a pilot,-email Ben Oguntala - - - Cee info@riesgoriskmanagement.com
  • 5. PCI assessment process Type PCI Assessment Risk rating PCI 1. Do not retain full magnetic stripe, card L MH compliance Project validation code or value Dashboard PCI 2. Protect stored cardholder data registration Business unit 3. Provide secure authentication features form 4. Log payment application activity Asset 5. Develop secure payment applications PCI risk 6. Protect wireless transmissions register 7. Test payment applications to address vulnerabilities 8. Facilitate secure network implementation 9. Cardholder data must never be stored on a server connected to the Internet 10. Facilitate secure remote software updates 11. Facilitate secure remote access to payment application 12. Encrypt sensitive traffic over public networks 13. Encrypt all non-console administrative access 14. Maintain instructional documentation and training programs for customers, resellers, and integrators For a pilot, email Ben Oguntala - info@riesgoriskmanagement.com
  • 6. PCI operation radar process PCI compliance Dashboard PCI operations radar Project details Web server logic server Application Business Database Database Firewalls Likelihood Business Routers impact IPS/IDS server server server Violation PCI ID Project name Project ID 123 H L 3 3 1 5 Project Manager Project Manager Description Assets Web Servers Asset owner Log interface Business logic Asset owner Log interface Riesgo Log retrieval system Firewalls Asset owner Log interface Databases Asset owner Legal interface For a pilot, email Ben Oguntala - info@riesgoriskmanagement.com
  • 7. PCI log retrieval system PCI operations radar PCI project ID Web server logic server Application Business Database Database Firewalls Likelihood Business Routers impact IPS/IDS server server server Violation Web server Log PCI ID Application server Log 123 H L 3 3 1 5 Business logic Log server PCI Log retrieval Alert rating system Database server Log Routers Log Firewalls Log IPS/IDS Log For a pilot, email Ben Oguntala - info@riesgoriskmanagement.com
  • 8. PCI Asset register PCI project ID Web server Log PCI compliance dashboard Application server Log compliance Likelihood Business impact Policy Asset PCI ID Asset BU owner Business logic Log server Ben 123 Serv1 AG H L Y Gee Olu Database server Log 124 Serv3 AG H L N Gee Mark 125 Serv4 AG H L Y Seal Olu Routers Log 126 Serv5 AG H L N Gee Ray 127 Serv6 AG H L N Ban Firewalls Log See 128 Serv7 AG H L Y More Olu 129 Serv8 AG H L Y IPS/IDS Log Gee Cee 130 Serv9 AG H L Y Cee Each PCI project can identify its assets and assessed against the policy compliance and For a pilot, email Ben Oguntala transmitted data via its logs. ready - info@riesgoriskmanagement.com
  • 9. PCI Audit Business Audit non compliance report units Audit schedule compliance compliance Risk rating Likelihood Business findings impact Policy Audit Asset Asset Non BU owner PCI PCI Policies PCI Assets projects compliance PCI compliance dashboard Risk Register Radar alerts compliance Likelihood Business impact Audits Policy Asset Review PCI ID Asset BU owner date For a pilot, email Ben Oguntala - info@riesgoriskmanagement.com
  • 10. Project & business Business unit assessments assessments assessments Project Asset unit PCI assessment PCI related PCI related units with Business projects Assets PCI Reports PCI risk Risk Register compliance Risk Likelihood Business assessment form Audits impact Policy rating Review The 14 key PCI date assessments PCI compliance 1. Do not retain full magnetic stripe, card validation code or value dashboard 2. Protect stored cardholder data 3. Provide secure authentication features 4. Log payment application activity 5. Develop secure payment applications 6. Protect wireless transmissions 7. Test payment applications to address vulnerabilities 8. Facilitate secure network implementation 9. Cardholder data must never be stored on a server connected to the Internet 10. Facilitate secure remote software updates 11. Facilitate secure remote access to payment application 12. Encrypt sensitive traffic over public networks 13. Encrypt all non-console administrative access 14. Maintain instructional documentation and training programs for customers, resellers, and integrators For a pilot, email Ben Oguntala - info@riesgoriskmanagement.com
  • 11. Contact details Interested in PCI v2? Contact us For a pilot, email Ben Oguntala - info@riesgoriskmanagement.com