+ All Categories
Home > Documents > PCI - It's an Open Book Test

PCI - It's an Open Book Test

Date post: 10-Feb-2017
Category:

Documents
Upload: lamtuyen
View: 234 times
Download: 5 times
Download Report this document
Share this document with a friend
12
By Mark D. Gelhardt, Sr. PCIP, C|CIO, CISM, PMP, ITIL, CC [email protected] 7/22/2016 1
Transcript
Page 1: PCI - It's an Open Book Test

By Mark D. Gelhardt, Sr. PCIP, C|CIO, CISM, PMP, ITIL, CC

[email protected]

7/22/2016 1

//elavonglobal@SSL/DavWWWRoot/sites/sc4/gp/go/Shared Documents/Global Envision Elavon 2015 Facilitation PowerPoint/Shailesh Intro v4-SD.mp4
Page 2: PCI - It's an Open Book Test

Why should you care about PCI compliance?

PCI compliance can be hard – So what are you doing to improve – year over year?

How are you using PCI to make your company more secure (not just compliant)?

Author: Mark Gelhardt, [email protected] 2 7/22/2016

Page 3: PCI - It's an Open Book Test

3

Page 4: PCI - It's an Open Book Test

4

Page 5: PCI - It's an Open Book Test

5

Page 6: PCI - It's an Open Book Test

Credit Cards are the primary target 2/10 were Processors 5/10 were stolen credit cards at Retailers

Page 7: PCI - It's an Open Book Test

7

Page 8: PCI - It's an Open Book Test

7/22/2016 Author: Mark Gelhardt,

[email protected] 8

•Application owners don't know their own app set up

•What servers the app’s are on, what IP’s,

•In cloud or not Application

•No true asset management system

•Your company doesn’t even know its own full network

•Network not segmented well, stuff all over the place

Complex IT Environments

•Business wants fast paced change

•New products more than they want security Business Needs

•Ever changing PCI compliance requirements - v3.2

•What’s next in compliance, privacy, EU Safe Harbor??

Compliance changes

Page 9: PCI - It's an Open Book Test

Author: Mark Gelhardt, [email protected] 9

Gap item – remediation

Projects – to fix items

Budget/Money to become compliant

Monthly reviews of PCI items

Company focuses on compliance at lest

annually

Page 10: PCI - It's an Open Book Test

Author: Mark Gelhardt, [email protected] 10

Project Plan – Time Line

Scope - Executive Summary

Data Flow Diagrams

Third Party Service Providers

SME Meetings – several

Page 11: PCI - It's an Open Book Test

Author: Mark Gelhardt, [email protected] 11

•Two weeks for iRoC

•Two weeks for QSA QA review

•Two weeks for VISA review

Time

•Take your time to research your CDE

•Use your Data Flow diagram discussions

•Use SME interviews

Scope

•SME interviews

•Research your own system/enterprise Data Flow

Diagrams

•SME prep-interviews – prior to assessment

•SME Data Flow interviews

•Sit in on QSA assessment with SME

Subject Matter

Experts

Page 12: PCI - It's an Open Book Test

Author: Mark Gelhardt, [email protected] 12

•Project Plan – Prior Planning works Planning

•Do PCI Stuff Monthly – don’t wait until the annual assessment Monthly

•Get the SMEs involved early and often SMEs

•You cant do it all yourself – use networking, app’s team, SMEs Teamwork

•PCI Compliance isn’t security – but it can sure help improve your system Security

•Help your company – get out of your box – do more then compliance Get out of your Box


Recommended
PCI Express 3.0 and 4.0 Test Tim Fairfield FAE Challenges: Tim … · 2015-04-22 · PCI Express 3.0 and 4.0 Test Challenges: Link Equalization Testing 8Gbps vs 16Gbps Rx Testing

PCI Express 3.0 and 4.0 Test Tim Fairfield FAE Challenges: Tim … · 2015-04-22 · PCI Express 3.0 and 4.0 Test Challenges: Link Equalization Testing 8Gbps vs 16Gbps Rx Testing

Documents

Next Generation I/O Bus PCI-Express BER Test Solutionliterature.cdn.keysight.com/litweb/pdf/5989-2690EN.pdfNext Generation I/O Bus PCI-Express BER Test Solution Page 1 Introduction

Next Generation I/O Bus PCI-Express BER Test Solutionliterature.cdn.keysight.com/litweb/pdf/5989-2690EN.pdfNext Generation I/O Bus PCI-Express BER Test Solution Page 1 Introduction

Documents

PCI-Proto Lab/PLX-M · 5 2.2. JTAG Support The PCI bus has connections which may be used for `boundary scan` test processes. PCI-Proto LAB/PLX-M also designated as `JTAG pins`, makes

PCI-Proto Lab/PLX-M · 5 2.2. JTAG Support The PCI bus has connections which may be used for `boundary scan` test processes. PCI-Proto LAB/PLX-M also designated as `JTAG pins`, makes

Documents

Test Methodology for Performing the PCISIG PCI Express ...read.pudn.com/downloads794/doc/project/3133918/Agilent PCI Expr… · 1. Overview This document describes a test procedure

Test Methodology for Performing the PCISIG PCI Express ...read.pudn.com/downloads794/doc/project/3133918/Agilent PCI Expr… · 1. Overview This document describes a test procedure

Documents

The Most Comprehensive and Only Protocol Aware Test Tools for PCI

The Most Comprehensive and Only Protocol Aware Test Tools for PCI

Documents

Now It's Really Game Time (test)

Now It's Really Game Time (test)

Documents

Executive Summary - PEI · VM1 VM2 VM3 VM4 PCI PCI PCI PCI PCI PCI PCI PCI VM1 VM2 3 The Future of Network Security: Cisco’s SecureX Architecture 4 Data center environmental changes

Executive Summary - PEI · VM1 VM2 VM3 VM4 PCI PCI PCI PCI PCI PCI PCI PCI VM1 VM2 3 The Future of Network Security: Cisco’s SecureX Architecture 4 Data center environmental changes

Documents

PCI Express Connector High Speed Electrical Test Procedure Revision 1 · 2007. 11. 8. · PCI EXPRESS CONNECTOR HIGH SPEED ELECTRICAL TEST PROCEDURE, REVISION 1.0 6 3. Test Fixture

PCI Express Connector High Speed Electrical Test Procedure Revision 1 · 2007. 11. 8. · PCI EXPRESS CONNECTOR HIGH SPEED ELECTRICAL TEST PROCEDURE, REVISION 1.0 6 3. Test Fixture

Documents

Test Report P131-L1X8S-V0.9wfcache.advantech.com/www/certified-peripherals/... · Bus Support PCI-Express 2.0 1X PCI-Express 2.0 1X ... 08 Motherboard Compatibility Test Passed ...

Test Report P131-L1X8S-V0.9wfcache.advantech.com/www/certified-peripherals/... · Bus Support PCI-Express 2.0 1X PCI-Express 2.0 1X ... 08 Motherboard Compatibility Test Passed ...

Documents

Keysight Technologies Master Your Next PCI Express Test J … · 2017. 12. 1. · 02 | Keysight | Master Your Next PCI® Express Test J-BERT M8020A High-Performance BERT - Application

Keysight Technologies Master Your Next PCI Express Test J … · 2017. 12. 1. · 02 | Keysight | Master Your Next PCI® Express Test J-BERT M8020A High-Performance BERT - Application

Documents

B. TECH. ELECTRONICS AND COMMUNICATION … · Matrix and it's Properties — Concepts of Controllability and ... (PCI) Bus, Introduction to Standard Serial Communication Protocols

B. TECH. ELECTRONICS AND COMMUNICATION … · Matrix and it's Properties — Concepts of Controllability and ... (PCI) Bus, Introduction to Standard Serial Communication Protocols

Documents

It's Too Darn Big to Test SASQAG April 2005 Keith Stobie Microsoft Test Architect, XWS Indigo.

It's Too Darn Big to Test SASQAG April 2005 Keith Stobie Microsoft Test Architect, XWS Indigo.

Documents

Montena's EMP PCI test system

Montena's EMP PCI test system

Documents

PCI Express™ Architecture - Rajamangala University of ...teacher.en.rmutt.ac.th/ktw/MicroProcessor/buses/Intel PCI Express... · 70 PCI Express Compliance Clear Test Output Maps

PCI Express™ Architecture - Rajamangala University of ...teacher.en.rmutt.ac.th/ktw/MicroProcessor/buses/Intel PCI Express... · 70 PCI Express Compliance Clear Test Output Maps

Documents

It's a myth: High stakes cause test score inflation

It's a myth: High stakes cause test score inflation

Education

After eureka!: 7 questions to test if it's a good business idea.

After eureka!: 7 questions to test if it's a good business idea.

Business

PCI Express Configuration - cl.cam.ac.uk fileThis page is intentionally left blank. PCI Express Configuration Test Methodology, Rev 1.1 2

PCI Express Configuration - cl.cam.ac.uk fileThis page is intentionally left blank. PCI Express Configuration Test Methodology, Rev 1.1 2

Documents

PCI & PCI-E

PCI & PCI-E

Documents