14
Getting Ready for PCI DSS 3.0: Testing Your Assessment Readiness Kurt Hagerman Chief Information Security Officer
| Date post: | 08-Feb-2017 |
| Category: |
Technology |
| Upload: | armor |
| View: | 661 times |
| Download: | 0 times |
Getting Ready for PCI DSS 3.0:Testing Your Assessment Readiness
Kurt HagermanChief Information Security Officer
Today’s Speakers
Kurt HagermanChief Information Security Officer
Kurt Hagerman oversees all compliance related and security initiatives. He is responsible for leading FireHost in attaining ISO, PCI, HIPAA and other certifications, which allows FireHost customers to more easily achieve their own compliance requirements. He regularly speaks and writes on information security topics in the payments and healthcare spaces as well as on cloud security.
Testing Your Assessment Readiness
Agenda• The Burden of Compliance• Recent Breaches• Testing Your Readiness• 6-Point Final PCI Checklist • Questions & Answers
Testing Your Assessment Readiness
Organizations lack the required resources • Budget • FTEs • Technology
The Burden of Compliance
Sophisticated hackers
Complex & evolving data regulations
Testing Your Assessment Readiness
12 / 13
110 million customers’ credit card and personal data stolen
01 / 14 04 / 14 05 / 14
06 / 14 07 / 14
09 / 14
Exposed Names, addresses, emails & payment card details
145 million users’ passwords affected
1.1 million customers’ creditand debit card data stolen
3 million customers’ creditand debit card data stolen
60 Million Customers Credit Card Data Stolen
180 Southern California Stores hit
08 / 14
JP Morgan suffers data breach affecting 76 million customers
09 / 14
08 / 14
Social Security #s & Personal Data of 4.5 Million People
10 / 14
4.93 Million Gmail User Names and Passwords Published
Who’s Next?
?
Customer Data Theft from 33 Locations
Testing Your Assessment Readiness
Your PCI Assessment ReadinessFinal control checklist:
Run through controls
Identify & correct remaining control gaps
Confirm documents meet 3.0
requirements
Prepare for 2015 audit
Testing Your Assessment Readiness
Review CardholderData Environment (CDE)
Check accuracy of diagrams and inventory
PEOPLE PROCESS
TECHNOLOGY
Testing Your Assessment Readiness
Checkpoint #1: Scoping
• Test systems to prove data is where it belongs • Review the results of your previous evaluations
Testing Your Assessment Readiness
Checkpoint #2: Validating
• Inventory of all CDE components
• Data flow and network diagrams
• Pen test and other results• Policies that reflect PCI
requirements• Procedures that carry out
those policies
Testing Your Assessment Readiness
Checkpoint #3: Documentation
• Review list of service providers • Did they undergo their own PCI assessment?• Understand and define roles & responsibilities
Testing Your Assessment Readiness
Checkpoint #4: Third-Party Providers
Checkpoint #5: Your Compliance Culture
ProvidersPartners Staff
Testing Your Assessment Readiness
Checkpoint #6: Audit ReadinessPreparation is the key to faster, easier audits.
Testing Your Assessment Readiness
&QuestionsAnswers
To see the complete Getting Ready for PCI 3.0 webinar series, please visit www.firehost.com/new-pci
Testing Your Assessment Readiness
Testing Your Assessment Readiness
Thank You
Kurt HagermanChief Information Security [email protected] 262 3473 x8073
Phone
