How to Achieve PCI Compliance with an Enterprise Job Scheduler

How to Achieve

PCI Compliance with an

Enterprise Job Scheduler

© HelpSystems. Company Confidential.

All trademarks and registered trademarks contained herein are the property of their respective owners.

© HelpSystems3/9/2015 2

Pat CameronDirector of Automation Technology

Compliance and Automation

Robin Tatam, CISMDirector of Security Technologies


• PCI Security Standards

– What is PCI?

– PCI Requirements

• Job Scheduler

– How can automation help?

– Secure systems

– Documentation

– System availability

Today’s Agenda


What is PCI?


• What is PCI DSS?

– Payment Card Industry (PCI) Data Security Standard (DSS)

• Developed to encourage and enhance cardholder data security

• Facilitates the broad adoption of consistent data security measures globally

– PCI DSS Requirements & Security Assessment Procedures

• Uses the 12 PCI DSS requirements as its foundation

• Combines them with corresponding testing procedures

– Designed for use by assessors conducting on-site reviews for:

• Merchants

• Service providers

Overview of PCI


• Each card issuing brand has its own

set of validation & reporting requirements:

– Any entity that stores, processes, and/or transmits

cardholder data must comply with PCI DSS

– Entities may include but are not limited to:

• Merchants

• Service providers

Who must comply with PCI DSS?


JANUARY 1

ALL YEAR

NOVEMBER

DECEMBER 31

APRIL-AUGUST

NOVEMBER-APRIL

MAY-JULY

NOVEMBER

KEY DATES

Best practices

for v3 become

requirements

June 2015

PCI = 3yr Lifecycle


V3 = More Clarity and Guidance


Build and Maintain a

Secure Network

1. Install and maintain a firewall configuration to protect cardholder data

2. Do not use vendor-supplied defaults for system passwords and

other security parameters

Protect Cardholder Data 3. Protect stored cardholder data

4. Encrypt transmission of cardholder data across open, public networks

Maintain Vulnerability

Management Program

5. Use and regularly update anti-virus software or programs

6. Develop and maintain secure systems and applications

Implement Strong Access

Control Measures

7. Restrict access to cardholder data by business need-to-know

8. Assign a unique ID to each person with computer access

9. Restrict physical access to cardholder data

Regularly Monitor and

Test Networks

10. Track and monitor all access to network resources and cardholder data

11. Regularly test security systems and processes

Maintain an Information

Security Policy12. Maintain a policy that addresses information security for all personnel

The 12 Requirements of PCI DSS


• Develop and maintain

secure systems and

applications

– Change control

– Development and test

separate from production

– Control access to production

systems

– Database replication for

disaster recovery

Requirement #6


Control access to production systems High Availability option

Requirement #6


• Restrict access to cardholder

data by business need-to-

know

– Limit access to system

components and cardholder

data

– Establish access control for

systems with multiple users

Requirement #7


Limit access to system components Limit access for multiple users

Requirement #7


• Track and monitor all access

to network resources and

cardholder data

– Audit history trail

– Exception reports

• Job history

• Job monitors

• Agent event history

– Archive logs

Requirement #10


Audit history

Exception Reports

Requirement #10


• Maintain a policy that

addresses information

security

– Documentation

– Role security

– Audit

– Reporting

– Exceptions

Requirement #12


Requirement #10

Audit history

Role Security

Exception

Reports


Skybot Scheduler


800-328-1000 or +1 952-933-0609

www.helpsystems.com

[email protected]

[email protected]

Thank You for Joining Us!Thank you for joining us!

Date post:	17-Jul-2015
Category:	Software
Upload:	helpsystems-llc
View:	49 times
Download:	4 times

How to Achieve PCI Compliance with an Enterprise Job Scheduler

Software