SlideShare une entreprise Scribd logo

PCI Challenges

Shahar Geiger Maor
Shahar Geiger Maor

Trends and market status in Israel

Technologie
1  sur  26
Télécharger pour lire hors ligne
PCI-DSS: Israeli Market and Challenges Requirement 1 POS Terminals Requirement 2 PIN Pads Requirement 3 DSL Router Requirement 4 Network Requirement 5 Your Text here Your TextRequirement 6 here Requirement 7 3rd Party Requirement 8 Scan Vendor Requirement 9 Policies POS Server Requirement 10 Requirement 11 Requirement 12 Shahar Geiger Maor CISSP, Senior Analyst, STKI www.shaharmaor.blogspot.com Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 1
Presentation’s Agenda A short review of the Israeli market The Idea here Your Text behind PCI DSS Your Text here PCI trends and challenges Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 2
Information Security: Israeli Market Size (M$) 2009 changes 2010 changes 2011 changes 2012 Security 85.0 23.53% 105.0 4.76% 110.0 9.09% 120.0 Software GRC &Your Text here Your Text here 50.0 50.00% 75.0 9.33% 82.0 9.76% 90.0 BCP Security 85.0 11.76% 95.0 8.42% 103.0 6.80% 110.0 VAS totals 220.0 25.00% 275.0 7.27% 295.0 8.47% 320.0 Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 3
What’s on the CISO’s Agenda? (STKI Index 2009) Sec Tools SIEM/SOC 5% Miscellaneous 5% 5% NAC Encryption 18% 9% Access/Authent Market/Trends ication 10% 15% Your Text here Your Text here DB/DC SEC 10% EPS/mobile DLP 15% 10% Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 4
What’s on the PCI DSS Agenda? Control Objectives PCI DSS Requirements 1. Install and maintain a firewall configuration to protect Build and Maintain a Secure Network cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks 5. Use and regularly update anti-virus software on all Maintain a Vulnerability Management Program systems commonly affected by malware Your Text here Your Text here 6. Develop and maintain secure systems and applications 7. Restrict access to cardholder data by business need- Implement Strong Access Control Measures to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data 10. Track and monitor all access to network resources Regularly Monitor and Test Networks and cardholder data 11. Regularly test security systems and processes Maintain an Information Security Policy 12. Maintain a policy that addresses information security Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 5
What’s on the CISO’s Agenda? (STKI Index 2009) Build and Maintain a Sec Tools Regularly Monitor and Secure Network SIEM/SOC Test Networks 5% Miscellaneous 5% 5% NAC Encryption 18% 9% Protect Access/Authent Cardholder Data ication Market/Trends 10% Maintain a Vulnerability 15% Your Text here Management Program Your Text here Maintain an Information Security Policy DB/DC SEC 10% EPS/mobile DLP 15% 10% Implement Strong Protect Access Control Cardholder Data Measures Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 6
What’s on the CISO’s Agenda? (STKI Index 2009) Sec Tools SIEM/SOC 5% Miscellaneous 5% 5% NAC Encryption 18% 9% Access/Authent Market/Trends ication 10% 15% Your Text here Your Text here DB/DC SEC 10% EPS/mobile DLP 15% 10% Protect Cardholder Data Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 7
Presentation’s Agenda A short review of the Israeli market The Idea here Your Text behind PCI DSS Your Text here PCI trends and challenges Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 8
What is the Incentive? Your Text here Your Text here Shahar Maor’s work Copyright 2010 @STKI Source: http://datalossdb.org/statistics?timeframe=all_time Do not remove source or attribution from any graphic or portion of graphic 9
What is the Incentive? 2,754 • Data loss incidents 396 (35%) • Credit-card related data loss Hack (48%) • How? Your Text here Your Text here 297,704,392 • CCN compromised 751,779 • …CCNsIncident ? • Actual $$$ loss… Shahar Maor’s work Copyright 2010 @STKI Source: http://datalossdb.org/statistics?timeframe=all_time (2000-2010) Do not remove source or attribution from any graphic or portion of graphic 10
Data Loss Analysis –Answering the “How?” Q Hack Fraud LostStolen X Web General Your Text here Your Text here Unknown CCN Disposal_Document Email Virus 0% 10% 20% 30% 40% 50% 60% Shahar Maor’s work Copyright 2010 @STKI Source: http://datalossdb.org/statistics?timeframe=all_time (2000-2010) Do not remove source or attribution from any graphic or portion of graphic 11
Who’s Who PCI Council (By the PCI DSS): • outlined the MINIMUM data security protections measures for payment card data • Defined merchants and service providersYour Text here Your Text here levels and compliance validation requirements Cards brands(PCI Regime): • Initiated PCI DSS • Will enforce PCI Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 12
Who’s Who Your Text here Your Text here merchants and service providers Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 13
PCI DSS Payment Card Payment Card Industry Your Text here Your Text here (Data security) Data Security Standard Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 14
PCI DSS (in other words…) PCI DSS Your Text here Your Text here Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 15
Presentation’s Agenda A short review of the Israeli market The Idea here Your Text behind PCI DSS Your Text here PCI trends and challenges Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 16
Israeli PCI: Market Status (May 2010) RetailWhole saleManu’ Sector PCI Financial Compliance Sector TelcoServices Sector 1-4 4+ Milestones Milestones Your Text here PCI work Your Text here plan (Prioritized Healthcare Sector Gap Approach?) Analysis PCI “Newborns” Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 17
PCI Challenges: Requirement No 3 Control Objectives PCI DSS Requirements 1. Install and maintain a firewall configuration to protect Build and Maintain a Secure Network cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks 5. Use and regularly update anti-virus software on all Maintain a Vulnerability Management Program systems commonly affected by malware Your Text here Your Text here 6. Develop and maintain secure systems and applications 7. Restrict access to cardholder data by business need- Implement Strong Access Control Measures to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data 10. Track and monitor all access to network resources Regularly Monitor and Test Networks and cardholder data 11. Regularly test security systems and processes Maintain an Information Security Policy 12. Maintain a policy that addresses information security Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 18
PCI Challenges: Requirement No 3 Control Objectives PCI DSS Requirements 1. Install and maintain a firewall configuration to protect Build and Maintain a Secure Network cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks 5. Use and regularly update anti-virus software on all Maintain a Vulnerability Management Program systems commonly affected by malware Your Text here Your Text here 6. Develop and maintain secure systems and applications 7. Restrict access to cardholder data by business need- Implement Strong Access Control Measures to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data 10. Track and monitor all access to network resources Regularly Monitor and Test Networks and cardholder data 11. Regularly test security systems and processes Maintain an Information Security Policy 12. Maintain a policy that addresses information security Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 19
PCI Challenges: Requirement No 3 R 3.3: • Masking -mask PAN (Primary Account Number) when displayed (the first six and last four digits are the maximum number of digits to be displayed). R 3.4: • Index Token -A cryptographic token that replaces the PAN, Your Text here Your Text here based on a given index for an unpredictable value. • One-way hashes based on strong cryptography • Truncation -only a portion (not to exceed the first six and last four digits) of the PAN is stored. • Strong cryptography with associated key management processes Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 20
PCI Challenges: The “New trend Syndrome” Your Text here Your Text here Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 21
PCI Challenges: End-User Experience System heterogeneity –Sensitive data is scattered around in all sorts of formats Main-Frame here other legacy systems –how Textit possible Your Text and Your is here to protect sensitive data without changing the source code? What happened to risk management??? (PCI vs. SOX) Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 22
PCI Challenges: End-User Experience 2 “My DB does not support PCI” –the “Upgrade vs. pay the fine” dilemma “Index token is cheaper than other alternatives” –True or false? Your Text here Your Text here should be Inadequate knowledge of the QSAs? answered by Who audit the auditors? the PCI Council Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 23
PCI Challenges -The PCI paradox PCI compliance Remember 1 security that security patch is Your Text herepatch? Your missing Text here An A data loss investigation incident starts occurs… Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 24
Conclusions and Opportunities Needs a house cleaning? PCI can help PCI is basic security. Almost nothing new here… Think “security & risk” instead of “compliance & audit” PCI (and other regulations) are the “floor” andhere the Your Text here Your Text not “ceiling” of security measures Stop waiting! act now (….but not before 11.7.2010) Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 25
Thank you! shahar@stki.info Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 26

Recommandé

Suprema device web
Suprema device webSuprema device web
Suprema device web
Suprema Inc
 
エンタープライズの視点からFIDOとFederationのビジネスを考える
エンタープライズの視点からFIDOとFederationのビジネスを考えるエンタープライズの視点からFIDOとFederationのビジネスを考える
エンタープライズの視点からFIDOとFederationのビジネスを考える
Masaru Kurahayashi
 
Cyber economics v2 -Measuring the true cost of Cybercrime
Cyber economics v2 -Measuring the true cost of CybercrimeCyber economics v2 -Measuring the true cost of Cybercrime
Cyber economics v2 -Measuring the true cost of Cybercrime
Shahar Geiger Maor
 
Infrastructure Trends -Jan 2010
Infrastructure Trends -Jan 2010Infrastructure Trends -Jan 2010
Infrastructure Trends -Jan 2010
Shahar Geiger Maor
 
Social Sec infosec -pptx
Social Sec infosec -pptxSocial Sec infosec -pptx
Social Sec infosec -pptx
Shahar Geiger Maor
 
Green Security
Green SecurityGreen Security
Green Security
Shahar Geiger Maor
 
Summit 2011 trends in infrastructure services
Summit 2011 trends in infrastructure servicesSummit 2011 trends in infrastructure services
Summit 2011 trends in infrastructure services
Shahar Geiger Maor
 
Trends In The Israeli Information Security Market 2008
Trends In The Israeli Information Security Market 2008Trends In The Israeli Information Security Market 2008
Trends In The Israeli Information Security Market 2008
Shahar Geiger Maor
 

Recommandé

Suprema device web
Suprema device webSuprema device web
Suprema device web
Suprema Inc
 
エンタープライズの視点からFIDOとFederationのビジネスを考える
エンタープライズの視点からFIDOとFederationのビジネスを考えるエンタープライズの視点からFIDOとFederationのビジネスを考える
エンタープライズの視点からFIDOとFederationのビジネスを考える
Masaru Kurahayashi
 
Cyber economics v2 -Measuring the true cost of Cybercrime
Cyber economics v2 -Measuring the true cost of CybercrimeCyber economics v2 -Measuring the true cost of Cybercrime
Cyber economics v2 -Measuring the true cost of Cybercrime
Shahar Geiger Maor
 
Infrastructure Trends -Jan 2010
Infrastructure Trends -Jan 2010Infrastructure Trends -Jan 2010
Infrastructure Trends -Jan 2010
Shahar Geiger Maor
 
Social Sec infosec -pptx
Social Sec infosec -pptxSocial Sec infosec -pptx
Social Sec infosec -pptx
Shahar Geiger Maor
 
Green Security
Green SecurityGreen Security
Green Security
Shahar Geiger Maor
 
Summit 2011 trends in infrastructure services
Summit 2011 trends in infrastructure servicesSummit 2011 trends in infrastructure services
Summit 2011 trends in infrastructure services
Shahar Geiger Maor
 
Trends In The Israeli Information Security Market 2008
Trends In The Israeli Information Security Market 2008Trends In The Israeli Information Security Market 2008
Trends In The Israeli Information Security Market 2008
Shahar Geiger Maor
 
Risk, regulation and data protection
Risk, regulation and data protectionRisk, regulation and data protection
Risk, regulation and data protection
Shahar Geiger Maor
 
PCI Compliance The Circuit
PCI Compliance The Circuit PCI Compliance The Circuit
PCI Compliance The Circuit
The Circuit
 
PCI Compliance Fundamentals The Circuit
PCI Compliance Fundamentals The CircuitPCI Compliance Fundamentals The Circuit
PCI Compliance Fundamentals The Circuit
The Circuit
 
Cisco connect winnipeg 2018 introducing the network intuitive
Cisco connect winnipeg 2018 introducing the network intuitiveCisco connect winnipeg 2018 introducing the network intuitive
Cisco connect winnipeg 2018 introducing the network intuitive
Cisco Canada
 
Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010
Erik Ginalick
 
Adventures in Open Banking: Understanding OAuth and OpenID Client Ecosystems
Adventures in Open Banking: Understanding OAuth and OpenID Client EcosystemsAdventures in Open Banking: Understanding OAuth and OpenID Client Ecosystems
Adventures in Open Banking: Understanding OAuth and OpenID Client Ecosystems
Priyanka Aash
 
Cisco Connect 2018 Thailand - Cisco aci delivering intent for data center net...
Cisco Connect 2018 Thailand - Cisco aci delivering intent for data center net...Cisco Connect 2018 Thailand - Cisco aci delivering intent for data center net...
Cisco Connect 2018 Thailand - Cisco aci delivering intent for data center net...
NetworkCollaborators
 
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
NetworkCollaborators
 
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assuranceCisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assurance
Cisco Canada
 
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WAN
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WANCisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WAN
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WAN
Cisco Canada
 
Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012
gaborvodics
 
Latests status on pci and pcipa 2010
Latests status on pci and pcipa 2010Latests status on pci and pcipa 2010
Latests status on pci and pcipa 2010
Retail Trends
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
AlgoSec
 
TechWiseTV Workshop: Cisco DNA Center Assurance
TechWiseTV Workshop: Cisco DNA Center AssuranceTechWiseTV Workshop: Cisco DNA Center Assurance
TechWiseTV Workshop: Cisco DNA Center Assurance
Robb Boyd
 
Cloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksCloud Security Primer - F5 Networks
Cloud Security Primer - F5 Networks
Harry Gunns
 
Coinsquad_ppt_deck_v1
Coinsquad_ppt_deck_v1Coinsquad_ppt_deck_v1
Coinsquad_ppt_deck_v1
Frederic Rough
 
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Canada
 
Cisco Connect 2018 Indonesia - Introducing cisco dna assurance
Cisco Connect 2018 Indonesia - Introducing cisco dna assurance Cisco Connect 2018 Indonesia - Introducing cisco dna assurance
Cisco Connect 2018 Indonesia - Introducing cisco dna assurance
NetworkCollaborators
 
Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892
Risk Crew
 
The DevOps PaaS Infusion - May meetup
The DevOps PaaS Infusion - May meetupThe DevOps PaaS Infusion - May meetup
The DevOps PaaS Infusion - May meetup
Norm Leitman
 
From creeper to stuxnet
From creeper to stuxnetFrom creeper to stuxnet
From creeper to stuxnet
Shahar Geiger Maor
 
Mobile payment v3
Mobile payment v3Mobile payment v3
Mobile payment v3
Shahar Geiger Maor
 

Contenu connexe

Similaire à PCI Challenges

Risk, regulation and data protection
Risk, regulation and data protectionRisk, regulation and data protection
Risk, regulation and data protection
Shahar Geiger Maor
 
PCI Compliance The Circuit
PCI Compliance The Circuit PCI Compliance The Circuit
PCI Compliance The Circuit
The Circuit
 
Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010
Erik Ginalick
 
Adventures in Open Banking: Understanding OAuth and OpenID Client Ecosystems
Adventures in Open Banking: Understanding OAuth and OpenID Client EcosystemsAdventures in Open Banking: Understanding OAuth and OpenID Client Ecosystems
Adventures in Open Banking: Understanding OAuth and OpenID Client Ecosystems
Priyanka Aash
 
Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012
gaborvodics
 
Latests status on pci and pcipa 2010
Latests status on pci and pcipa 2010Latests status on pci and pcipa 2010
Latests status on pci and pcipa 2010
Retail Trends
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
AlgoSec
 
Cloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksCloud Security Primer - F5 Networks
Cloud Security Primer - F5 Networks
Harry Gunns
 
Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892
Risk Crew
 
The DevOps PaaS Infusion - May meetup
The DevOps PaaS Infusion - May meetupThe DevOps PaaS Infusion - May meetup
The DevOps PaaS Infusion - May meetup
Norm Leitman
 

Similaire à PCI Challenges (20)

Risk, regulation and data protection
Risk, regulation and data protectionRisk, regulation and data protection
Risk, regulation and data protection
 
PCI Compliance The Circuit
PCI Compliance The Circuit PCI Compliance The Circuit
PCI Compliance The Circuit
 
PCI Compliance Fundamentals The Circuit
PCI Compliance Fundamentals The CircuitPCI Compliance Fundamentals The Circuit
PCI Compliance Fundamentals The Circuit
 
Cisco connect winnipeg 2018 introducing the network intuitive
Cisco connect winnipeg 2018 introducing the network intuitiveCisco connect winnipeg 2018 introducing the network intuitive
Cisco connect winnipeg 2018 introducing the network intuitive
 
Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010
 
Adventures in Open Banking: Understanding OAuth and OpenID Client Ecosystems
Adventures in Open Banking: Understanding OAuth and OpenID Client EcosystemsAdventures in Open Banking: Understanding OAuth and OpenID Client Ecosystems
Adventures in Open Banking: Understanding OAuth and OpenID Client Ecosystems
 
Cisco Connect 2018 Thailand - Cisco aci delivering intent for data center net...
Cisco Connect 2018 Thailand - Cisco aci delivering intent for data center net...Cisco Connect 2018 Thailand - Cisco aci delivering intent for data center net...
Cisco Connect 2018 Thailand - Cisco aci delivering intent for data center net...
 
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
 
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assuranceCisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assurance
 
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WAN
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WANCisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WAN
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WAN
 
Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012
 
Latests status on pci and pcipa 2010
Latests status on pci and pcipa 2010Latests status on pci and pcipa 2010
Latests status on pci and pcipa 2010
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
 
TechWiseTV Workshop: Cisco DNA Center Assurance
TechWiseTV Workshop: Cisco DNA Center AssuranceTechWiseTV Workshop: Cisco DNA Center Assurance
TechWiseTV Workshop: Cisco DNA Center Assurance
 
Cloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksCloud Security Primer - F5 Networks
Cloud Security Primer - F5 Networks
 
Coinsquad_ppt_deck_v1
Coinsquad_ppt_deck_v1Coinsquad_ppt_deck_v1
Coinsquad_ppt_deck_v1
 
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
 
Cisco Connect 2018 Indonesia - Introducing cisco dna assurance
Cisco Connect 2018 Indonesia - Introducing cisco dna assurance Cisco Connect 2018 Indonesia - Introducing cisco dna assurance
Cisco Connect 2018 Indonesia - Introducing cisco dna assurance
 
Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892
 
The DevOps PaaS Infusion - May meetup
The DevOps PaaS Infusion - May meetupThe DevOps PaaS Infusion - May meetup
The DevOps PaaS Infusion - May meetup
 

Plus de Shahar Geiger Maor

Networking stki summit 2012 -shahar geiger maor
Networking stki summit 2012 -shahar geiger maorNetworking stki summit 2012 -shahar geiger maor
Networking stki summit 2012 -shahar geiger maor
Shahar Geiger Maor
 
Information security stki summit 2012-shahar geiger maor
Information security stki summit 2012-shahar geiger maorInformation security stki summit 2012-shahar geiger maor
Information security stki summit 2012-shahar geiger maor
Shahar Geiger Maor
 
Endpoints stki summit 2012-shahar geiger maor
Endpoints stki summit 2012-shahar geiger maorEndpoints stki summit 2012-shahar geiger maor
Endpoints stki summit 2012-shahar geiger maor
Shahar Geiger Maor
 
Info Sec C T O Forum Nov 2009 V1
Info Sec C T O Forum Nov 2009 V1Info Sec C T O Forum Nov 2009 V1
Info Sec C T O Forum Nov 2009 V1
Shahar Geiger Maor
 
Green IT Trends in Israel July 2008
Green IT Trends in Israel July 2008Green IT Trends in Israel July 2008
Green IT Trends in Israel July 2008
Shahar Geiger Maor
 

Plus de Shahar Geiger Maor (20)

From creeper to stuxnet
From creeper to stuxnetFrom creeper to stuxnet
From creeper to stuxnet
 
Mobile payment v3
Mobile payment v3Mobile payment v3
Mobile payment v3
 
Networking stki summit 2012 -shahar geiger maor
Networking stki summit 2012 -shahar geiger maorNetworking stki summit 2012 -shahar geiger maor
Networking stki summit 2012 -shahar geiger maor
 
Information security stki summit 2012-shahar geiger maor
Information security stki summit 2012-shahar geiger maorInformation security stki summit 2012-shahar geiger maor
Information security stki summit 2012-shahar geiger maor
 
Endpoints stki summit 2012-shahar geiger maor
Endpoints stki summit 2012-shahar geiger maorEndpoints stki summit 2012-shahar geiger maor
Endpoints stki summit 2012-shahar geiger maor
 
STKI Mobile brainstorming -MDM Panel
STKI Mobile brainstorming -MDM PanelSTKI Mobile brainstorming -MDM Panel
STKI Mobile brainstorming -MDM Panel
 
Cloud Security CISO club -April 2011 v2
Cloud Security CISO club -April 2011 v2Cloud Security CISO club -April 2011 v2
Cloud Security CISO club -April 2011 v2
 
Summit 2011 trends in information security
Summit 2011 trends in information securitySummit 2011 trends in information security
Summit 2011 trends in information security
 
DLP Trends -Dec 2010
DLP Trends -Dec 2010DLP Trends -Dec 2010
DLP Trends -Dec 2010
 
כנס אבטחת מידע מוטו תקשורת V2
כנס אבטחת מידע מוטו תקשורת V2כנס אבטחת מידע מוטו תקשורת V2
כנס אבטחת מידע מוטו תקשורת V2
 
Cloud security v2
Cloud security v2Cloud security v2
Cloud security v2
 
Stki Summit 2010 Infra Services V8
Stki Summit 2010 Infra Services V8Stki Summit 2010 Infra Services V8
Stki Summit 2010 Infra Services V8
 
Info Sec C T O Forum Nov 2009 V1
Info Sec C T O Forum Nov 2009 V1Info Sec C T O Forum Nov 2009 V1
Info Sec C T O Forum Nov 2009 V1
 
Security Summit July 2009
Security Summit July 2009Security Summit July 2009
Security Summit July 2009
 
IPv6
IPv6IPv6
IPv6
 
STKI Summit 2009 -Infrastructure Services Trends
STKI Summit 2009 -Infrastructure Services TrendsSTKI Summit 2009 -Infrastructure Services Trends
STKI Summit 2009 -Infrastructure Services Trends
 
Trends in the World and Israeli Green Data Centers (2008)
Trends in the World and Israeli Green Data Centers (2008)Trends in the World and Israeli Green Data Centers (2008)
Trends in the World and Israeli Green Data Centers (2008)
 
Trends in the Israeli Infrastructure Services/STKI Summit -Update June 2008
Trends in the Israeli Infrastructure Services/STKI Summit -Update June 2008Trends in the Israeli Infrastructure Services/STKI Summit -Update June 2008
Trends in the Israeli Infrastructure Services/STKI Summit -Update June 2008
 
Green IT Trends in Israel July 2008
Green IT Trends in Israel July 2008Green IT Trends in Israel July 2008
Green IT Trends in Israel July 2008
 
Round Tables Summary
Round Tables SummaryRound Tables Summary
Round Tables Summary
 

Dernier

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Dernier (20)

MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 

PCI Challenges

  • 1. PCI-DSS: Israeli Market and Challenges Requirement 1 POS Terminals Requirement 2 PIN Pads Requirement 3 DSL Router Requirement 4 Network Requirement 5 Your Text here Your TextRequirement 6 here Requirement 7 3rd Party Requirement 8 Scan Vendor Requirement 9 Policies POS Server Requirement 10 Requirement 11 Requirement 12 Shahar Geiger Maor CISSP, Senior Analyst, STKI www.shaharmaor.blogspot.com Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 1
  • 2. Presentation’s Agenda A short review of the Israeli market The Idea here Your Text behind PCI DSS Your Text here PCI trends and challenges Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 2
  • 3. Information Security: Israeli Market Size (M$) 2009 changes 2010 changes 2011 changes 2012 Security 85.0 23.53% 105.0 4.76% 110.0 9.09% 120.0 Software GRC &Your Text here Your Text here 50.0 50.00% 75.0 9.33% 82.0 9.76% 90.0 BCP Security 85.0 11.76% 95.0 8.42% 103.0 6.80% 110.0 VAS totals 220.0 25.00% 275.0 7.27% 295.0 8.47% 320.0 Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 3
  • 4. What’s on the CISO’s Agenda? (STKI Index 2009) Sec Tools SIEM/SOC 5% Miscellaneous 5% 5% NAC Encryption 18% 9% Access/Authent Market/Trends ication 10% 15% Your Text here Your Text here DB/DC SEC 10% EPS/mobile DLP 15% 10% Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 4
  • 5. What’s on the PCI DSS Agenda? Control Objectives PCI DSS Requirements 1. Install and maintain a firewall configuration to protect Build and Maintain a Secure Network cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks 5. Use and regularly update anti-virus software on all Maintain a Vulnerability Management Program systems commonly affected by malware Your Text here Your Text here 6. Develop and maintain secure systems and applications 7. Restrict access to cardholder data by business need- Implement Strong Access Control Measures to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data 10. Track and monitor all access to network resources Regularly Monitor and Test Networks and cardholder data 11. Regularly test security systems and processes Maintain an Information Security Policy 12. Maintain a policy that addresses information security Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 5
  • 6. What’s on the CISO’s Agenda? (STKI Index 2009) Build and Maintain a Sec Tools Regularly Monitor and Secure Network SIEM/SOC Test Networks 5% Miscellaneous 5% 5% NAC Encryption 18% 9% Protect Access/Authent Cardholder Data ication Market/Trends 10% Maintain a Vulnerability 15% Your Text here Management Program Your Text here Maintain an Information Security Policy DB/DC SEC 10% EPS/mobile DLP 15% 10% Implement Strong Protect Access Control Cardholder Data Measures Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 6
  • 7. What’s on the CISO’s Agenda? (STKI Index 2009) Sec Tools SIEM/SOC 5% Miscellaneous 5% 5% NAC Encryption 18% 9% Access/Authent Market/Trends ication 10% 15% Your Text here Your Text here DB/DC SEC 10% EPS/mobile DLP 15% 10% Protect Cardholder Data Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 7
  • 8. Presentation’s Agenda A short review of the Israeli market The Idea here Your Text behind PCI DSS Your Text here PCI trends and challenges Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 8
  • 9. What is the Incentive? Your Text here Your Text here Shahar Maor’s work Copyright 2010 @STKI Source: http://datalossdb.org/statistics?timeframe=all_time Do not remove source or attribution from any graphic or portion of graphic 9
  • 10. What is the Incentive? 2,754 • Data loss incidents 396 (35%) • Credit-card related data loss Hack (48%) • How? Your Text here Your Text here 297,704,392 • CCN compromised 751,779 • …CCNsIncident ? • Actual $$$ loss… Shahar Maor’s work Copyright 2010 @STKI Source: http://datalossdb.org/statistics?timeframe=all_time (2000-2010) Do not remove source or attribution from any graphic or portion of graphic 10
  • 11. Data Loss Analysis –Answering the “How?” Q Hack Fraud LostStolen X Web General Your Text here Your Text here Unknown CCN Disposal_Document Email Virus 0% 10% 20% 30% 40% 50% 60% Shahar Maor’s work Copyright 2010 @STKI Source: http://datalossdb.org/statistics?timeframe=all_time (2000-2010) Do not remove source or attribution from any graphic or portion of graphic 11
  • 12. Who’s Who PCI Council (By the PCI DSS): • outlined the MINIMUM data security protections measures for payment card data • Defined merchants and service providersYour Text here Your Text here levels and compliance validation requirements Cards brands(PCI Regime): • Initiated PCI DSS • Will enforce PCI Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 12
  • 13. Who’s Who Your Text here Your Text here merchants and service providers Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 13
  • 14. PCI DSS Payment Card Payment Card Industry Your Text here Your Text here (Data security) Data Security Standard Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 14
  • 15. PCI DSS (in other words…) PCI DSS Your Text here Your Text here Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 15
  • 16. Presentation’s Agenda A short review of the Israeli market The Idea here Your Text behind PCI DSS Your Text here PCI trends and challenges Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 16
  • 17. Israeli PCI: Market Status (May 2010) RetailWhole saleManu’ Sector PCI Financial Compliance Sector TelcoServices Sector 1-4 4+ Milestones Milestones Your Text here PCI work Your Text here plan (Prioritized Healthcare Sector Gap Approach?) Analysis PCI “Newborns” Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 17
  • 18. PCI Challenges: Requirement No 3 Control Objectives PCI DSS Requirements 1. Install and maintain a firewall configuration to protect Build and Maintain a Secure Network cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks 5. Use and regularly update anti-virus software on all Maintain a Vulnerability Management Program systems commonly affected by malware Your Text here Your Text here 6. Develop and maintain secure systems and applications 7. Restrict access to cardholder data by business need- Implement Strong Access Control Measures to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data 10. Track and monitor all access to network resources Regularly Monitor and Test Networks and cardholder data 11. Regularly test security systems and processes Maintain an Information Security Policy 12. Maintain a policy that addresses information security Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 18
  • 19. PCI Challenges: Requirement No 3 Control Objectives PCI DSS Requirements 1. Install and maintain a firewall configuration to protect Build and Maintain a Secure Network cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks 5. Use and regularly update anti-virus software on all Maintain a Vulnerability Management Program systems commonly affected by malware Your Text here Your Text here 6. Develop and maintain secure systems and applications 7. Restrict access to cardholder data by business need- Implement Strong Access Control Measures to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data 10. Track and monitor all access to network resources Regularly Monitor and Test Networks and cardholder data 11. Regularly test security systems and processes Maintain an Information Security Policy 12. Maintain a policy that addresses information security Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 19
  • 20. PCI Challenges: Requirement No 3 R 3.3: • Masking -mask PAN (Primary Account Number) when displayed (the first six and last four digits are the maximum number of digits to be displayed). R 3.4: • Index Token -A cryptographic token that replaces the PAN, Your Text here Your Text here based on a given index for an unpredictable value. • One-way hashes based on strong cryptography • Truncation -only a portion (not to exceed the first six and last four digits) of the PAN is stored. • Strong cryptography with associated key management processes Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 20
  • 21. PCI Challenges: The “New trend Syndrome” Your Text here Your Text here Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 21
  • 22. PCI Challenges: End-User Experience System heterogeneity –Sensitive data is scattered around in all sorts of formats Main-Frame here other legacy systems –how Textit possible Your Text and Your is here to protect sensitive data without changing the source code? What happened to risk management??? (PCI vs. SOX) Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 22
  • 23. PCI Challenges: End-User Experience 2 “My DB does not support PCI” –the “Upgrade vs. pay the fine” dilemma “Index token is cheaper than other alternatives” –True or false? Your Text here Your Text here should be Inadequate knowledge of the QSAs? answered by Who audit the auditors? the PCI Council Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 23
  • 24. PCI Challenges -The PCI paradox PCI compliance Remember 1 security that security patch is Your Text herepatch? Your missing Text here An A data loss investigation incident starts occurs… Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 24
  • 25. Conclusions and Opportunities Needs a house cleaning? PCI can help PCI is basic security. Almost nothing new here… Think “security & risk” instead of “compliance & audit” PCI (and other regulations) are the “floor” andhere the Your Text here Your Text not “ceiling” of security measures Stop waiting! act now (….but not before 11.7.2010) Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 25
  • 26. Thank you! shahar@stki.info Shahar Maor’s work Copyright 2010 @STKI Do not remove source or attribution from any graphic or portion of graphic 26