logging in or signing up PCI DSS Security and Compliance Taking on the Worl AustralianComputerSo Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 368 Category: Education License: All Rights Reserved Like it (2) Dislike it (0) Added: October 27, 2009 This Presentation is Public Favorites: 0 Presentation Description Australian Computer Society, Inc. Event Name: Information Security SIG - PCI DSS - Security and Compliance Taking On the World Event Date: 27 October 2009 Comments Posting comment... Premium member Presentation Transcript Shearwater Solutions: Shearwater Solutions Protecting your Information Assets ACS Security SIG Stephan Overbeek 27 October 2009Agenda: AgendaSecuring credit card transactions: Securing credit card transactionsPCI DSS – History: Visa / Mastercard PCI DSS – History AIS CISP SDP PCIPurpose of PCI =: Purpose of PCI = Protect cardholder dataPayments – Stakeholders and parties: Payments – Stakeholders and parties Merchant Customer Acquiring bank Issuing bank Various other parties Various other partiesStakeholders: StakeholdersApplicability of PCI DSS: Applicability of PCI DSS Merchant Customer Acquiring bank Issuing bank Various other parties Various other parties Service providersCredit card lifecycle: Credit card lifecycle Processing Capture Storage Cardholder data Disposal Transmit Customer Merchant AcquirerPCI-SSC website: PCI-SSC websiteSlide133: https://www.pcisecuritystandards.org/pdfs/pci_ssc_quick_guide.pdfMinimising storage and protecting stored data: Minimising storage and protecting stored dataMinimising storage and protecting stored data: Minimising storage and protecting stored dataPCI SSC – Three standards: PCI SSC – Three standards MANUFACTURERS PCI PTS Payment Transaction SecurityComplying with PCI DSS: PCI’s twelve requirementsComplying with PCI DSS – example: Complying with PCI DSS So organisations need to comply with 211 requirements And auditors need to conduct 261 testing proceduresValidation requirements: Complying with PCI DSS – exampleValidation requirements: Validation requirementsValidation versus Compliance: Validation requirements Validation requirements At all times, you need to comply with all 211 requirements in PCI DSS!Determing level (for merchants, example): Validation versus ComplianceWhat if you do not validate compliance?: Determing level (for merchants, example)What if you do not validate compliance?: What if you do not validate compliance?What if you do not validate compliance?: What if you do not validate compliance?What if you do not validate compliance?: Complying with PCI DSSSlide137: 29 PCI remediation and compliance – Three phases PCI pre-review assessment Remediation PCI on-site review by QSAPCI remediation and compliance – Three phases: Remediation modelsRemediation models: Remediation for PCI DSS: Shearwater’s Layered Remediation ModelRemediation for PCI DSS:Shearwater’s Layered Remediation Model: Physical security Systems security Network security Storage security Application security Management Documentation Layered design Identity and access managementLayered design: Physical security Layered design Identity and access managementLayered design: Physical security Implementation – step 1 Identity and access managementImplementation – step 1: Physical security Implementation – step 2 Identity and access managementImplementation – step 2: Physical security Implementation – step 3 Identity and access managementImplementation – step 3: PCI SSC’s Prioritised ApproachPCI SSC’s Prioritised Approach: Prioritised ApproachPrioritised Approach: PCI DSS for increased securityPCI DSS for increased security: PCI DSS for increased securityPCI DSS for increased security: Alternatives for PCI DSSAlternatives for PCI DSS: Total PCI offering PCI auditing services PCI consulting services Network security scan (Shearwater is not an ASV) On-site review (QSA) SAQ assistance Network vulnerability scanning Network penetration testing Pre-review assessment Remediation Security design ForensicsSlide125: Contact details You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
PCI DSS Security and Compliance Taking on the Worl AustralianComputerSo Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 368 Category: Education License: All Rights Reserved Like it (2) Dislike it (0) Added: October 27, 2009 This Presentation is Public Favorites: 0 Presentation Description Australian Computer Society, Inc. Event Name: Information Security SIG - PCI DSS - Security and Compliance Taking On the World Event Date: 27 October 2009 Comments Posting comment... Premium member Presentation Transcript Shearwater Solutions: Shearwater Solutions Protecting your Information Assets ACS Security SIG Stephan Overbeek 27 October 2009Agenda: AgendaSecuring credit card transactions: Securing credit card transactionsPCI DSS – History: Visa / Mastercard PCI DSS – History AIS CISP SDP PCIPurpose of PCI =: Purpose of PCI = Protect cardholder dataPayments – Stakeholders and parties: Payments – Stakeholders and parties Merchant Customer Acquiring bank Issuing bank Various other parties Various other partiesStakeholders: StakeholdersApplicability of PCI DSS: Applicability of PCI DSS Merchant Customer Acquiring bank Issuing bank Various other parties Various other parties Service providersCredit card lifecycle: Credit card lifecycle Processing Capture Storage Cardholder data Disposal Transmit Customer Merchant AcquirerPCI-SSC website: PCI-SSC websiteSlide133: https://www.pcisecuritystandards.org/pdfs/pci_ssc_quick_guide.pdfMinimising storage and protecting stored data: Minimising storage and protecting stored dataMinimising storage and protecting stored data: Minimising storage and protecting stored dataPCI SSC – Three standards: PCI SSC – Three standards MANUFACTURERS PCI PTS Payment Transaction SecurityComplying with PCI DSS: PCI’s twelve requirementsComplying with PCI DSS – example: Complying with PCI DSS So organisations need to comply with 211 requirements And auditors need to conduct 261 testing proceduresValidation requirements: Complying with PCI DSS – exampleValidation requirements: Validation requirementsValidation versus Compliance: Validation requirements Validation requirements At all times, you need to comply with all 211 requirements in PCI DSS!Determing level (for merchants, example): Validation versus ComplianceWhat if you do not validate compliance?: Determing level (for merchants, example)What if you do not validate compliance?: What if you do not validate compliance?What if you do not validate compliance?: What if you do not validate compliance?What if you do not validate compliance?: Complying with PCI DSSSlide137: 29 PCI remediation and compliance – Three phases PCI pre-review assessment Remediation PCI on-site review by QSAPCI remediation and compliance – Three phases: Remediation modelsRemediation models: Remediation for PCI DSS: Shearwater’s Layered Remediation ModelRemediation for PCI DSS:Shearwater’s Layered Remediation Model: Physical security Systems security Network security Storage security Application security Management Documentation Layered design Identity and access managementLayered design: Physical security Layered design Identity and access managementLayered design: Physical security Implementation – step 1 Identity and access managementImplementation – step 1: Physical security Implementation – step 2 Identity and access managementImplementation – step 2: Physical security Implementation – step 3 Identity and access managementImplementation – step 3: PCI SSC’s Prioritised ApproachPCI SSC’s Prioritised Approach: Prioritised ApproachPrioritised Approach: PCI DSS for increased securityPCI DSS for increased security: PCI DSS for increased securityPCI DSS for increased security: Alternatives for PCI DSSAlternatives for PCI DSS: Total PCI offering PCI auditing services PCI consulting services Network security scan (Shearwater is not an ASV) On-site review (QSA) SAQ assistance Network vulnerability scanning Network penetration testing Pre-review assessment Remediation Security design ForensicsSlide125: Contact details