Getting Ready for PCI DSS 3.0

Post on 08-Feb-2017

661 views 0 download

Preview:

Click to see full reader
Report this document
SHARE

transcript

Getting Ready for PCI DSS 3.0:Testing Your Assessment Readiness

Kurt HagermanChief Information Security Officer

Today’s Speakers

Kurt HagermanChief Information Security Officer

Kurt Hagerman oversees all compliance related and security initiatives. He is responsible for leading FireHost in attaining ISO, PCI, HIPAA and other certifications, which allows FireHost customers to more easily achieve their own compliance requirements. He regularly speaks and writes on information security topics in the payments and healthcare spaces as well as on cloud security.

Testing Your Assessment Readiness

Agenda• The Burden of Compliance• Recent Breaches• Testing Your Readiness• 6-Point Final PCI Checklist • Questions & Answers

Testing Your Assessment Readiness

Organizations lack the required resources • Budget • FTEs • Technology

The Burden of Compliance

Sophisticated hackers

Complex & evolving data regulations

Testing Your Assessment Readiness

12 / 13

110 million customers’ credit card and personal data stolen

01 / 14 04 / 14 05 / 14

06 / 14 07 / 14

09 / 14

Exposed Names, addresses, emails & payment card details

145 million users’ passwords affected

1.1 million customers’ creditand debit card data stolen

3 million customers’ creditand debit card data stolen

60 Million Customers Credit Card Data Stolen

180 Southern California Stores hit

08 / 14

JP Morgan suffers data breach affecting 76 million customers

09 / 14

08 / 14

Social Security #s & Personal Data of 4.5 Million People

10 / 14

4.93 Million Gmail User Names and Passwords Published

Who’s Next?

?

Customer Data Theft from 33 Locations

Testing Your Assessment Readiness

Your PCI Assessment ReadinessFinal control checklist:

Run through controls

Identify & correct remaining control gaps

Confirm documents meet 3.0

requirements

Prepare for 2015 audit

Testing Your Assessment Readiness

Review CardholderData Environment (CDE)

Check accuracy of diagrams and inventory

PEOPLE PROCESS

TECHNOLOGY

Testing Your Assessment Readiness

Checkpoint #1: Scoping

• Test systems to prove data is where it belongs • Review the results of your previous evaluations 

Testing Your Assessment Readiness

Checkpoint #2: Validating

• Inventory of all CDE components

• Data flow and network diagrams

• Pen test and other results• Policies that reflect PCI

requirements• Procedures that carry out

those policies

Testing Your Assessment Readiness

Checkpoint #3: Documentation

• Review list of service providers • Did they undergo their own PCI assessment?• Understand and define roles & responsibilities

Testing Your Assessment Readiness

Checkpoint #4: Third-Party Providers

Checkpoint #5: Your Compliance Culture

ProvidersPartners Staff

Testing Your Assessment Readiness

Checkpoint #6: Audit ReadinessPreparation is the key to faster, easier audits.

Testing Your Assessment Readiness

&QuestionsAnswers

To see the complete Getting Ready for PCI 3.0 webinar series, please visit www.firehost.com/new-pci

Testing Your Assessment Readiness

Testing Your Assessment Readiness

Thank You

Kurt HagermanChief Information Security Officerkurt.hagerman@firehost.com877 262 3473 x8073

Email

Phone

Top related

PCI DSS 3.0 Overview and Key Updates
Technology
Payment Card Industry (PCI) Data Security Standard Self ... · For details of PCI DSS changes, see PCI DSS – Summary of Changes from PCI DSS Version 3.0 to 3.1. July 2015 3.1 1.1
Documents
Payment Card Industry (PCI) Data Security Standardo PCI DSS – Summary of Changes from PCI DSS version 2.0 to 3.0 o PCI DSS Quick Reference Guide o PCI DSS and PA-DSS Glossary of
Documents
NEW PCI DSS 3.0 Requirements (PCI Compliance)
Documents
PCI DSS 3.0 Overview - Oregon State University · Source: PCI DSS Version 3.0: The five most important changes for merchants 14 . Changes to SAQs 15 . Incorporation of New/Changed
Documents
PCI DSS 3.0 Branden R. Williams, 12 September 2013 DSS 3.0.pdf · Agenda Introductions PCI DSS to Date PCI DSS 3.0 Preview Challenges & Issues Keep in Touch! Questions!
Documents
PCI DSS 3.0 Compliance - Trend Micro · 2014-05-15 · PCI DSS 3.0 Compliance: How Trend Micro Cloud and Data Center Security Solutions Can Help Trend Micro Deep Security firewall
Documents
Analysis of the PCI-DSS 3.0 Encryption & Key Management Analysis
Documents
PCI DSS v 3.0 and Oracle Security Mapping
Retail
PCI DSS 3.0 – What You Need to Know
Technology
Is Your Business PCI DSS 3.0 Compliant?
Technology
Townsend Security Addendum to VMware Product …PCI DSS 3.0, which is documented in the VMware Product Applicability Guide for PCI-DSS 3.0 on the VMware Solutions Exchange under the
Documents
Sask 3.0 Summit Pci dss presentation Bashir Fancy
Technology
PCI PA DSS Implementation Guide · 3.0 Sergejs Melnikovs 2016-01-09 Updated according to PCI DSS & PCI PA DSS version 3.2 requirements. Redesign content of the document to improve
Documents
PCI DSS 3.0: Don’t Shortchange Your PCI Readiness
Technology
 · Moving from PCI DSS Version 2.0 to 3.0 A complete Summary of Changes from PCI DSS Version 2.0 to 3.0 was released in November 2013. The majority of the requirements are clarification-related
Documents
whitepaper PCI DSS Reporting - Alert Logic · > PCI DSS REPORTS 2 Executive Summary With large data breaches affecting retailers in 2013 and the PCI DSS 3.0 January 1, 2015 deadline
Documents
PCI DSS 3.0 Compliance...Page 2 of 10 | Trend Micro White Paper PCI DSS 3.0 Compliance: How Trend Micro Cloud and Data Center Security Solutions Can Help INTRODUCTION Merchants and
Documents
PCI DSS and PA DSS
News & Politics
PCI DSS 3.0: What the New Regulations Mean to You
Technology

Copyright © 2018 DOCUMENTS