SlideShare une entreprise Scribd logo

Achieving PCI Compliance Long And Short Term Strategies 2009

J
Jason Edelstein
Technologie
1  sur  12
Télécharger pour lire hors ligne
Achieving PCI Compliance: Long and Short Term Strategies Murray Goldschmidt - CISSP, QSA PCI DSS Compliance Conference, 3 Dec 2009 1 www.senseofsecurity.com.au Tuesday, August 11, 2009
Overview 1. PCI Compliance - A Business or IT Issue? 2. The Key Elements of a Successful PCI DSS Compliance Assessment 3. Building a Roadmap to PCI DSS Compliance 4. Long and Short Term Strategies 5. Conclusion 2 www.senseofsecurity.com.au Thursday, December 3, 2009
Why is PCI DSS Seen as an IT Issue? Take a good look at the wording of the 12 core requirements: 3 www.senseofsecurity.com.au Thursday, December 3, 2009
PCI DSS Requirements Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored data 4. Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management 5. Use and regularly update anti-virus software Program 6. Develop and maintain secure systems and applications Implement Strong Access Control 7. Restrict access to cardholder data by business need-to-know Measures 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes Maintain an Information Security 12. Maintain a policy that addresses information security Policy 4 www.senseofsecurity.com.au Thursday, December 3, 2009
Why is PCI DSS Seen as an IT Issue? • Organisations often do not look beyond the 12 requirements before assigning PCI DSS compliance responsibilities • Therefore PCI DSS becomes an IT “project” • PCI DSS contains ~270 sub-requirements 5 www.senseofsecurity.com.au Thursday, December 3, 2009
PCI DSS is a Business Issue • PCI DSS is not a project and should not be treated as one – PCI DSS has no start or finish date – As with security in general, PCI DSS is an ongoing process – IT is a project based culture • PCI DSS addresses business risk, not IT risk – It requires people that understand the business and can align PCI DSS requirements with business risk – PCI DSS should be addressed at the business level via an organisation’s overall compliance framework • Cost of compliance sits with the business – Cost does not sit with an individual department – The risk to business and cost of non-compliance far exceed the implementation costs – Data compromise affects the entire organisation 6 www.senseofsecurity.com.au Thursday, December 3, 2009
Key Elements of a Successful Audit • PCI DSS is about policy, process and procedures – Technology provides the tools to help achieve the goal – PCI DSS is about more than just technical issues or finding technical solutions • Do not pass responsibility to the IT department – The scope and size of a PCI DSS audit is too much for one department – Spans other areas not under IT control • Obtain backing from the business – The lead for driving compliance must reside on the business side – Requires support from those that understand the business – The business must remain involved throughout the life of PCI DSS – Resources span departments and requires authority to assign these resources 7 www.senseofsecurity.com.au Thursday, December 3, 2009
Key Elements of a Successful Audit • Reduce your scope • Prioritise • PCI DSS requirements should not be addressed in isolation – Individual IT solutions create complex and unmanageable environments – There is no silver bullet – Manageability issues lead to security issues • Choose the right QSA – PCI DSS spans a vast number of disciplines – The QSA should have in-depth knowledge and experience in all areas • Remember: PCI DSS compliance is a snapshot of an organisation’s compliance at a single point in time – Compliance != Security – Ongoing adherence to process and procedures should ensure ongoing compliance 8 www.senseofsecurity.com.au Thursday, December 3, 2009
Roadmap to Compliance - Short Term • PCI DSS is based on security best practice • Prioritise – PCI DSS is a set of guidelines to reduce risk – Not all requirements are equal in size or complexity – PCI DSS Prioritised Approach • Reduce your scope, reduce your data – Where is the risk if there is nothing to steal? – Outsourcing: Why and why not • Protect your networks – Perimeter – Internal – Wireless • Lock and secure the front door – Payment applications access sensitive data 9 www.senseofsecurity.com.au Thursday, December 3, 2009
Roadmap to Compliance - Long Term • Monitor and control access – Who is accessing your data? • Protect stored data – How will you protect your data? – Stored and in transit • Ongoing policies, processes and procedures – PCI DSS is a process, not a project – If policy, process and procedures are followed, compliance can be maintained 10 www.senseofsecurity.com.au Thursday, December 3, 2009
Conclusion • PCI DSS addresses business risk and cannot be solved piecemeal with IT solutions • PCI DSS not a project, it is about policy and processes • Get backing from the business from day one • Reduce your scope • Prioritise • By applying good security practice and following established policy and procedures, the organisation can obtain not only PCI DSS compliance but also overall security 11 www.senseofsecurity.com.au Thursday, December 3, 2009
Thank You Questions? Murray Goldschmidt Sense of Security Pty Ltd murrayg@senseofsecurity.com.au Tel: +61 2 9290 4444 http://www.senseofsecurity.com.au 12 www.senseofsecurity.com.au Thursday, December 3, 2009

Recommandé

PCI Compliance a Business Issue Isaca 2009
PCI Compliance a Business Issue Isaca 2009PCI Compliance a Business Issue Isaca 2009
PCI Compliance a Business Issue Isaca 2009Jason Edelstein
 
Security in Mergers and Acquisitions - NTT Security - Miriam Levenstein
Security in Mergers and Acquisitions - NTT Security - Miriam LevensteinSecurity in Mergers and Acquisitions - NTT Security - Miriam Levenstein
Security in Mergers and Acquisitions - NTT Security - Miriam LevensteinMiriam L
 
Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By DesignNalneesh Gaur
 
Why ISO 27001 for an Organisation
Why ISO 27001 for an OrganisationWhy ISO 27001 for an Organisation
Why ISO 27001 for an OrganisationSyed Azher
 
IANS-2008
IANS-2008IANS-2008
IANS-2008Bob Radvanovsky
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Education & Training Boards
 
E5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryptionE5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryptionBen Rothke
 
Company Profile 2016_1
Company Profile 2016_1Company Profile 2016_1
Company Profile 2016_1Tarek Mekkawy
 

Recommandé

PCI Compliance a Business Issue Isaca 2009
PCI Compliance a Business Issue Isaca 2009PCI Compliance a Business Issue Isaca 2009
PCI Compliance a Business Issue Isaca 2009Jason Edelstein
 
Security in Mergers and Acquisitions - NTT Security - Miriam Levenstein
Security in Mergers and Acquisitions - NTT Security - Miriam LevensteinSecurity in Mergers and Acquisitions - NTT Security - Miriam Levenstein
Security in Mergers and Acquisitions - NTT Security - Miriam LevensteinMiriam L
 
Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By DesignNalneesh Gaur
 
Why ISO 27001 for an Organisation
Why ISO 27001 for an OrganisationWhy ISO 27001 for an Organisation
Why ISO 27001 for an OrganisationSyed Azher
 
IANS-2008
IANS-2008IANS-2008
IANS-2008Bob Radvanovsky
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Education & Training Boards
 
E5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryptionE5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryptionBen Rothke
 
Company Profile 2016_1
Company Profile 2016_1Company Profile 2016_1
Company Profile 2016_1Tarek Mekkawy
 
Security and SMBs
Security and SMBsSecurity and SMBs
Security and SMBsGFI Software
 
___2360_SP_RBR_4pp_FINAL---Screen
___2360_SP_RBR_4pp_FINAL---Screen___2360_SP_RBR_4pp_FINAL---Screen
___2360_SP_RBR_4pp_FINAL---ScreenManuel Sanchez Lopez
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?NTEN
 
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...Papadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
 
Oasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITILOasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITILOpen Access Systems Corporation
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 sucesuminas
 
Building The Framework For A Culture Of Security
Building The Framework For A Culture Of SecurityBuilding The Framework For A Culture Of Security
Building The Framework For A Culture Of Securitymguenther
 
Solutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceSolutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceTrend Micro
 
NCC Group C Suite Cyber Security Advisory Services
NCC Group C Suite Cyber Security Advisory ServicesNCC Group C Suite Cyber Security Advisory Services
NCC Group C Suite Cyber Security Advisory ServicesOllie Whitehouse
 
NCC Group Pro-active Breach Discovery: Network Threat Assessment
NCC Group Pro-active Breach Discovery: Network Threat AssessmentNCC Group Pro-active Breach Discovery: Network Threat Assessment
NCC Group Pro-active Breach Discovery: Network Threat AssessmentOllie Whitehouse
 
PCI: A Valuable Security Framework, Not a Punishment
PCI: A Valuable Security Framework, Not a PunishmentPCI: A Valuable Security Framework, Not a Punishment
PCI: A Valuable Security Framework, Not a PunishmentTripwire
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONhimalya sharma
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec
 
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...Directorate of Information Security | Ditjen Aptika
 
Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...
Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...
Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...IJERA Editor
 
Computer Security Policy
Computer Security PolicyComputer Security Policy
Computer Security Policyeverestsky66
 
Protect your critical business information with information security solution...
Protect your critical business information with information security solution...Protect your critical business information with information security solution...
Protect your critical business information with information security solution...IBM India Smarter Computing
 
Protect your critical business information with information security solution...
Protect your critical business information with information security solution...Protect your critical business information with information security solution...
Protect your critical business information with information security solution...IBM India Smarter Computing
 
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec
 
IBM per la sicurezza del Datacenter
IBM per la sicurezza del DatacenterIBM per la sicurezza del Datacenter
IBM per la sicurezza del DatacenterAnna Landolfi
 
Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Erik Ginalick
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation servicesTariq Juneja
 

Contenu connexe

Tendances

The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?NTEN
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 sucesuminas
 
Building The Framework For A Culture Of Security
Building The Framework For A Culture Of SecurityBuilding The Framework For A Culture Of Security
Building The Framework For A Culture Of Securitymguenther
 
Solutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceSolutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceTrend Micro
 
NCC Group C Suite Cyber Security Advisory Services
NCC Group C Suite Cyber Security Advisory ServicesNCC Group C Suite Cyber Security Advisory Services
NCC Group C Suite Cyber Security Advisory ServicesOllie Whitehouse
 
NCC Group Pro-active Breach Discovery: Network Threat Assessment
NCC Group Pro-active Breach Discovery: Network Threat AssessmentNCC Group Pro-active Breach Discovery: Network Threat Assessment
NCC Group Pro-active Breach Discovery: Network Threat AssessmentOllie Whitehouse
 
PCI: A Valuable Security Framework, Not a Punishment
PCI: A Valuable Security Framework, Not a PunishmentPCI: A Valuable Security Framework, Not a Punishment
PCI: A Valuable Security Framework, Not a PunishmentTripwire
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONhimalya sharma
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec
 
Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...
Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...
Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...IJERA Editor
 
Computer Security Policy
Computer Security PolicyComputer Security Policy
Computer Security Policyeverestsky66
 
Protect your critical business information with information security solution...
Protect your critical business information with information security solution...Protect your critical business information with information security solution...
Protect your critical business information with information security solution...IBM India Smarter Computing
 
Protect your critical business information with information security solution...
Protect your critical business information with information security solution...Protect your critical business information with information security solution...
Protect your critical business information with information security solution...IBM India Smarter Computing
 
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec
 
IBM per la sicurezza del Datacenter
IBM per la sicurezza del DatacenterIBM per la sicurezza del Datacenter
IBM per la sicurezza del DatacenterAnna Landolfi
 

Tendances (20)

Security and SMBs
Security and SMBsSecurity and SMBs
Security and SMBs
 
___2360_SP_RBR_4pp_FINAL---Screen
___2360_SP_RBR_4pp_FINAL---Screen___2360_SP_RBR_4pp_FINAL---Screen
___2360_SP_RBR_4pp_FINAL---Screen
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?
 
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
 
Oasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITILOasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITIL
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
 
Building The Framework For A Culture Of Security
Building The Framework For A Culture Of SecurityBuilding The Framework For A Culture Of Security
Building The Framework For A Culture Of Security
 
Solutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceSolutions for PCI DSS Compliance
Solutions for PCI DSS Compliance
 
NCC Group C Suite Cyber Security Advisory Services
NCC Group C Suite Cyber Security Advisory ServicesNCC Group C Suite Cyber Security Advisory Services
NCC Group C Suite Cyber Security Advisory Services
 
NCC Group Pro-active Breach Discovery: Network Threat Assessment
NCC Group Pro-active Breach Discovery: Network Threat AssessmentNCC Group Pro-active Breach Discovery: Network Threat Assessment
NCC Group Pro-active Breach Discovery: Network Threat Assessment
 
PCI: A Valuable Security Framework, Not a Punishment
PCI: A Valuable Security Framework, Not a PunishmentPCI: A Valuable Security Framework, Not a Punishment
PCI: A Valuable Security Framework, Not a Punishment
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
 
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
 
Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...
Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...
Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...
 
Computer Security Policy
Computer Security PolicyComputer Security Policy
Computer Security Policy
 
Protect your critical business information with information security solution...
Protect your critical business information with information security solution...Protect your critical business information with information security solution...
Protect your critical business information with information security solution...
 
Protect your critical business information with information security solution...
Protect your critical business information with information security solution...Protect your critical business information with information security solution...
Protect your critical business information with information security solution...
 
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR Compliance
 
IBM per la sicurezza del Datacenter
IBM per la sicurezza del DatacenterIBM per la sicurezza del Datacenter
IBM per la sicurezza del Datacenter
 

Similaire à Achieving PCI Compliance Long And Short Term Strategies 2009

Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Erik Ginalick
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation servicesTariq Juneja
 
PCI-DSS explained
PCI-DSS explainedPCI-DSS explained
PCI-DSS explainedEdwin_Bos
 
How to Achieve PCI Compliance with an Enterprise Job Scheduler
How to Achieve PCI Compliance with an Enterprise Job Scheduler How to Achieve PCI Compliance with an Enterprise Job Scheduler
How to Achieve PCI Compliance with an Enterprise Job Scheduler HelpSystems
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetSafeNet
 
Best Practices for PCI Scope Reduction - TokenEx & Kyte
Best Practices for PCI Scope Reduction - TokenEx & KyteBest Practices for PCI Scope Reduction - TokenEx & Kyte
Best Practices for PCI Scope Reduction - TokenEx & KyteTokenEx
 
Making Compliance Business as Usual
Making Compliance Business as UsualMaking Compliance Business as Usual
Making Compliance Business as UsualControlCase
 
Pci dss in retail now and into the future
Pci dss in retail now and into the futurePci dss in retail now and into the future
Pci dss in retail now and into the futureVisionID
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataUlf Mattsson
 
Security Beyond Compliance: Using Tokenisation for Data Protection by Design ...
Security Beyond Compliance: Using Tokenisation for Data Protection by Design ...Security Beyond Compliance: Using Tokenisation for Data Protection by Design ...
Security Beyond Compliance: Using Tokenisation for Data Protection by Design ...TokenEx
 
ControlCase Data Discovery and PCI DSS
ControlCase Data Discovery and PCI DSSControlCase Data Discovery and PCI DSS
ControlCase Data Discovery and PCI DSSControlCase
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...Ulf Mattsson
 
Time to re think our security process
Time to re think our security processTime to re think our security process
Time to re think our security processUlf Mattsson
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptwebhostingguy
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptwebhostingguy
 

Similaire à Achieving PCI Compliance Long And Short Term Strategies 2009 (20)

Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation services
 
PCI-DSS explained
PCI-DSS explainedPCI-DSS explained
PCI-DSS explained
 
How to Achieve PCI Compliance with an Enterprise Job Scheduler
How to Achieve PCI Compliance with an Enterprise Job Scheduler How to Achieve PCI Compliance with an Enterprise Job Scheduler
How to Achieve PCI Compliance with an Enterprise Job Scheduler
 
Approach pci- dss
Approach pci- dssApproach pci- dss
Approach pci- dss
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
 
Best Practices for PCI Scope Reduction - TokenEx & Kyte
Best Practices for PCI Scope Reduction - TokenEx & KyteBest Practices for PCI Scope Reduction - TokenEx & Kyte
Best Practices for PCI Scope Reduction - TokenEx & Kyte
 
Making Compliance Business as Usual
Making Compliance Business as UsualMaking Compliance Business as Usual
Making Compliance Business as Usual
 
Pci dss in retail now and into the future
Pci dss in retail now and into the futurePci dss in retail now and into the future
Pci dss in retail now and into the future
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive data
 
Security Beyond Compliance: Using Tokenisation for Data Protection by Design ...
Security Beyond Compliance: Using Tokenisation for Data Protection by Design ...Security Beyond Compliance: Using Tokenisation for Data Protection by Design ...
Security Beyond Compliance: Using Tokenisation for Data Protection by Design ...
 
ControlCase Data Discovery and PCI DSS
ControlCase Data Discovery and PCI DSSControlCase Data Discovery and PCI DSS
ControlCase Data Discovery and PCI DSS
 
PCI DSS for Pentesting
PCI DSS for PentestingPCI DSS for Pentesting
PCI DSS for Pentesting
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...
 
PCI DSSand PA DSS
PCI DSSand PA DSSPCI DSSand PA DSS
PCI DSSand PA DSS
 
PCI DSS for Penetration Testing
PCI DSS for Penetration TestingPCI DSS for Penetration Testing
PCI DSS for Penetration Testing
 
Time to re think our security process
Time to re think our security processTime to re think our security process
Time to re think our security process
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.ppt
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.ppt
 
PCI DSS Compliance
PCI DSS CompliancePCI DSS Compliance
PCI DSS Compliance
 

Plus de Jason Edelstein

Sense of Security Best practice strategies to improve your enterprise security
Sense of Security Best practice strategies to improve your enterprise securitySense of Security Best practice strategies to improve your enterprise security
Sense of Security Best practice strategies to improve your enterprise securityJason Edelstein
 
Sense of security - Virtualisation Security for Regulated Environments
Sense of security - Virtualisation Security for Regulated EnvironmentsSense of security - Virtualisation Security for Regulated Environments
Sense of security - Virtualisation Security for Regulated EnvironmentsJason Edelstein
 
Sense of Security - Securing Virtualised Environments; Focus on the Fundamentals
Sense of Security - Securing Virtualised Environments; Focus on the FundamentalsSense of Security - Securing Virtualised Environments; Focus on the Fundamentals
Sense of Security - Securing Virtualised Environments; Focus on the FundamentalsJason Edelstein
 
PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009Jason Edelstein
 
PCI Compliance What Does This Mean For the Australian Market Place 2007
PCI Compliance What Does This Mean For the Australian Market Place 2007PCI Compliance What Does This Mean For the Australian Market Place 2007
PCI Compliance What Does This Mean For the Australian Market Place 2007Jason Edelstein
 
Addressing Security Challenges of Mobility and Web 2.0 2009
Addressing Security Challenges of Mobility and Web 2.0 2009Addressing Security Challenges of Mobility and Web 2.0 2009
Addressing Security Challenges of Mobility and Web 2.0 2009Jason Edelstein
 
Virtualisation: Pitfalls in Corporate VMware Implementations
Virtualisation: Pitfalls in Corporate VMware ImplementationsVirtualisation: Pitfalls in Corporate VMware Implementations
Virtualisation: Pitfalls in Corporate VMware ImplementationsJason Edelstein
 
VoIP: Attacks & Countermeasures in the Corporate World
VoIP: Attacks & Countermeasures in the Corporate WorldVoIP: Attacks & Countermeasures in the Corporate World
VoIP: Attacks & Countermeasures in the Corporate WorldJason Edelstein
 
Managing and Securing Web 2.0
Managing and Securing Web 2.0Managing and Securing Web 2.0
Managing and Securing Web 2.0Jason Edelstein
 

Plus de Jason Edelstein (9)

Sense of Security Best practice strategies to improve your enterprise security
Sense of Security Best practice strategies to improve your enterprise securitySense of Security Best practice strategies to improve your enterprise security
Sense of Security Best practice strategies to improve your enterprise security
 
Sense of security - Virtualisation Security for Regulated Environments
Sense of security - Virtualisation Security for Regulated EnvironmentsSense of security - Virtualisation Security for Regulated Environments
Sense of security - Virtualisation Security for Regulated Environments
 
Sense of Security - Securing Virtualised Environments; Focus on the Fundamentals
Sense of Security - Securing Virtualised Environments; Focus on the FundamentalsSense of Security - Securing Virtualised Environments; Focus on the Fundamentals
Sense of Security - Securing Virtualised Environments; Focus on the Fundamentals
 
PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009
 
PCI Compliance What Does This Mean For the Australian Market Place 2007
PCI Compliance What Does This Mean For the Australian Market Place 2007PCI Compliance What Does This Mean For the Australian Market Place 2007
PCI Compliance What Does This Mean For the Australian Market Place 2007
 
Addressing Security Challenges of Mobility and Web 2.0 2009
Addressing Security Challenges of Mobility and Web 2.0 2009Addressing Security Challenges of Mobility and Web 2.0 2009
Addressing Security Challenges of Mobility and Web 2.0 2009
 
Virtualisation: Pitfalls in Corporate VMware Implementations
Virtualisation: Pitfalls in Corporate VMware ImplementationsVirtualisation: Pitfalls in Corporate VMware Implementations
Virtualisation: Pitfalls in Corporate VMware Implementations
 
VoIP: Attacks & Countermeasures in the Corporate World
VoIP: Attacks & Countermeasures in the Corporate WorldVoIP: Attacks & Countermeasures in the Corporate World
VoIP: Attacks & Countermeasures in the Corporate World
 
Managing and Securing Web 2.0
Managing and Securing Web 2.0Managing and Securing Web 2.0
Managing and Securing Web 2.0
 

Dernier

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Dernier (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

Achieving PCI Compliance Long And Short Term Strategies 2009

  • 1. Achieving PCI Compliance: Long and Short Term Strategies Murray Goldschmidt - CISSP, QSA PCI DSS Compliance Conference, 3 Dec 2009 1 www.senseofsecurity.com.au Tuesday, August 11, 2009
  • 2. Overview 1. PCI Compliance - A Business or IT Issue? 2. The Key Elements of a Successful PCI DSS Compliance Assessment 3. Building a Roadmap to PCI DSS Compliance 4. Long and Short Term Strategies 5. Conclusion 2 www.senseofsecurity.com.au Thursday, December 3, 2009
  • 3. Why is PCI DSS Seen as an IT Issue? Take a good look at the wording of the 12 core requirements: 3 www.senseofsecurity.com.au Thursday, December 3, 2009
  • 4. PCI DSS Requirements Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored data 4. Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management 5. Use and regularly update anti-virus software Program 6. Develop and maintain secure systems and applications Implement Strong Access Control 7. Restrict access to cardholder data by business need-to-know Measures 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes Maintain an Information Security 12. Maintain a policy that addresses information security Policy 4 www.senseofsecurity.com.au Thursday, December 3, 2009
  • 5. Why is PCI DSS Seen as an IT Issue? • Organisations often do not look beyond the 12 requirements before assigning PCI DSS compliance responsibilities • Therefore PCI DSS becomes an IT “project” • PCI DSS contains ~270 sub-requirements 5 www.senseofsecurity.com.au Thursday, December 3, 2009
  • 6. PCI DSS is a Business Issue • PCI DSS is not a project and should not be treated as one – PCI DSS has no start or finish date – As with security in general, PCI DSS is an ongoing process – IT is a project based culture • PCI DSS addresses business risk, not IT risk – It requires people that understand the business and can align PCI DSS requirements with business risk – PCI DSS should be addressed at the business level via an organisation’s overall compliance framework • Cost of compliance sits with the business – Cost does not sit with an individual department – The risk to business and cost of non-compliance far exceed the implementation costs – Data compromise affects the entire organisation 6 www.senseofsecurity.com.au Thursday, December 3, 2009
  • 7. Key Elements of a Successful Audit • PCI DSS is about policy, process and procedures – Technology provides the tools to help achieve the goal – PCI DSS is about more than just technical issues or finding technical solutions • Do not pass responsibility to the IT department – The scope and size of a PCI DSS audit is too much for one department – Spans other areas not under IT control • Obtain backing from the business – The lead for driving compliance must reside on the business side – Requires support from those that understand the business – The business must remain involved throughout the life of PCI DSS – Resources span departments and requires authority to assign these resources 7 www.senseofsecurity.com.au Thursday, December 3, 2009
  • 8. Key Elements of a Successful Audit • Reduce your scope • Prioritise • PCI DSS requirements should not be addressed in isolation – Individual IT solutions create complex and unmanageable environments – There is no silver bullet – Manageability issues lead to security issues • Choose the right QSA – PCI DSS spans a vast number of disciplines – The QSA should have in-depth knowledge and experience in all areas • Remember: PCI DSS compliance is a snapshot of an organisation’s compliance at a single point in time – Compliance != Security – Ongoing adherence to process and procedures should ensure ongoing compliance 8 www.senseofsecurity.com.au Thursday, December 3, 2009
  • 9. Roadmap to Compliance - Short Term • PCI DSS is based on security best practice • Prioritise – PCI DSS is a set of guidelines to reduce risk – Not all requirements are equal in size or complexity – PCI DSS Prioritised Approach • Reduce your scope, reduce your data – Where is the risk if there is nothing to steal? – Outsourcing: Why and why not • Protect your networks – Perimeter – Internal – Wireless • Lock and secure the front door – Payment applications access sensitive data 9 www.senseofsecurity.com.au Thursday, December 3, 2009
  • 10. Roadmap to Compliance - Long Term • Monitor and control access – Who is accessing your data? • Protect stored data – How will you protect your data? – Stored and in transit • Ongoing policies, processes and procedures – PCI DSS is a process, not a project – If policy, process and procedures are followed, compliance can be maintained 10 www.senseofsecurity.com.au Thursday, December 3, 2009
  • 11. Conclusion • PCI DSS addresses business risk and cannot be solved piecemeal with IT solutions • PCI DSS not a project, it is about policy and processes • Get backing from the business from day one • Reduce your scope • Prioritise • By applying good security practice and following established policy and procedures, the organisation can obtain not only PCI DSS compliance but also overall security 11 www.senseofsecurity.com.au Thursday, December 3, 2009
  • 12. Thank You Questions? Murray Goldschmidt Sense of Security Pty Ltd murrayg@senseofsecurity.com.au Tel: +61 2 9290 4444 http://www.senseofsecurity.com.au 12 www.senseofsecurity.com.au Thursday, December 3, 2009