• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
ANX Risk Assessment Tips Webinar
 

ANX Risk Assessment Tips Webinar

on

  • 1,031 views

PCI DSS Requirement 12.1.2 emphasizes a need for a formal risk assessment methodology. Utilizing a risk assessment within your organization can be very helpful when determining whether to implement ...

PCI DSS Requirement 12.1.2 emphasizes a need for a formal risk assessment methodology. Utilizing a risk assessment within your organization can be very helpful when determining whether to implement new technologies or determining the next steps in your on-going security process. A “set it and forget it” mentality is one of the biggest myths when it comes to Payment Card Industry Data Security Standard (PCI DSS) compliance. A recent study showed that only 37% of companies in 2010 regularly test their security systems and processes. Unfortunately, this mindset creates the vulnerability that hackers seek out.

A January 2012 report revealed:
• Only 21% of companies were PCI Compliant at their initial risk assessment
• Companies met an average of 78% test procedures

This webinar will cover the process of implementing a Risk Assessment for your business and regularly capitalizing on the findings to create a secure environment and achieving PCI compliance. Learn how to take the first step in becoming PCI DSS compliant by eliminating the gaps in your company’s security that cyber criminals seek out.

Statistics

Views

Total Views
1,031
Views on SlideShare
1,031
Embed Views
0

Actions

Likes
0
Downloads
2
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    ANX Risk Assessment Tips Webinar ANX Risk Assessment Tips Webinar Presentation Transcript

    • Using a Risk Assessmentto become PCI Compliant .com
    • Using a Risk Assessment to become PCI CompliantLogistics All lines are in listen-only mode. We will answer questions at the end of the event. But feel free to ask questions at any time. A link to the webinar recording will be e-mailed shortly after the event, and it will be available on-demand at: www.anx.com Every attendee receives One attendee will receive a All series attendees will be a $5 Starbucks Gift Card $50 Amazon.com Gift Certificate Entered to win a Kindle Fire CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
    • THE THREE PILLARS OF PCIPresenter Mark A. Wayne Executive Vice President CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
    • Using a Risk Assessment to become PCI CompliantPCI DSS Requirements – the Digital Dozen1. Install and maintain a firewall configuration to protect data.2. Do not use vendor-supplied defaults for system passwords and other security parameters3. Protect Stored Data4. Encrypt transmission of cardholder data and sensitive information across public networks5. Use and regularly update anti-virus software6. Develop and maintain secure systems and applications7. Restrict access to data by business need-to-know8. Assign a unique ID to each person with computer access9. Restrict physical access to cardholder data10. Track and monitor all access to network resources and cardholder data11. Regularly test security systems and processes12. Maintain a policy that address information security CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
    • Using a Risk Assessment to become PCI CompliantPCI DSS Requirements1. Install and maintain a firewall configuration to protect data.2. Do not use vendor-supplied defaults for system passwords and other security parameters3. Protect Stored Data4. Encrypt transmission of cardholder data and sensitive information across public networks5. Use and regularly update anti-virus software6. Develop and maintain secure systems and applications7. Restrict access to data by business need-to-know8. Assign a unique ID to each person with computer access9. Restrict physical access to cardholder data10. Track and monitor all access to network resources and cardholder data11. Regularly test security systems and processes12. Maintain a policy that address information security CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
    • Using a Risk Assessment to become PCI Compliant12. Maintain a policy that address information security CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
    • Using a Risk Assessment to become PCI Compliant12. Maintain a policy that address information security CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
    • Using a Risk Assessment to become PCI Compliant12. Maintain a policy that address information security 12.1.2 Establish, publish, maintain, and disseminate a security policy that includes an annual process that identifies threats and vulnerabilities, and results in a formal risk assessment CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
    • Using a Risk Assessment to become PCI Compliant12. Maintain a policy that address information security 12.1.2 Establish, publish, maintain, and disseminate a security policy that includes an annual process that identifies threats and vulnerabilities, and results in a formal risk assessment CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
    • Using a Risk Assessment to become PCI Compliant DefinitionRisk As•sess•ment [risk uh-ses-muhnt] 1. Define the Environment 2. Identify Threats 3. Identify Vulnerabilities 4. Evaluate and Address Risk CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
    • Using a Risk Assessment to become PCI CompliantTwo Parts CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
    • Using a Risk Assessment to become PCI CompliantTwo Parts CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
    • Using a Risk Assessment to become PCI CompliantWhy is a Risk Assessment important CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
    • Using a Risk Assessment to become PCI CompliantSteps of a Risk Assessment CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
    • Using a Risk Assessment to become PCI CompliantSteps of a Risk Assessment Define the Environment CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
    • Using a Risk Assessment to become PCI CompliantSteps of a Risk Assessment Define the Environment Identify Threats CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
    • Using a Risk Assessment to become PCI CompliantSteps of a Risk Assessment Define the Environment Identify Threats Identify Vulnerabilities CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
    • Using a Risk Assessment to become PCI CompliantSteps of a Risk Assessment Define the Environment Identify Threats Identify Vulnerabilities Evaluate and Address Risk CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
    • Using a Risk Assessment to become PCI CompliantLevel 4 Merchants the Target of Choice Level 1-3 10% RISK LEVEL Level 4 90% CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved. 19
    • Using a Risk Assessment to become PCI CompliantPCI DSS Requirements1. Install and maintain a firewall configuration to protect data.2. Do not use vendor-supplied defaults for system passwords and other security parameters3. Protect Stored Data4. Encrypt transmission of cardholder data and sensitive information across public networks5. Use and regularly update anti-virus software6. Develop and maintain secure systems and applications7. Restrict access to data by business need-to-know8. Assign a unique ID to each person with computer access9. Restrict physical access to cardholder data10. Track and monitor all access to network resources and cardholder data11. Regularly test security systems and processes12. Maintain a policy that address information security CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
    • Using a Risk Assessment to become PCI CompliantPCI DSS Requirements1. Install and maintain a firewall configuration to protect data.2. Do not use vendor-supplied defaults for system passwords and other security parameters3. Protect Stored Data4. Encrypt transmission of cardholder data and sensitive information across public networks5. Use and regularly update anti-virus software6. Develop and maintain secure systems and applications7. Restrict access to data by business need-to-know8. Assign a unique ID to each person with computer access9. Restrict physical access to cardholder data10. Track and monitor all access to network resources and cardholder data11. Regularly test security systems and processes12. Maintain a policy that address information security CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
    • Using a Risk Assessment to become PCI CompliantPCI DSS Requirements1. Install and maintain a firewall configuration to protect data.2. Do not use vendor-supplied defaults for system passwords and other security parameters3. Protect Stored Data4. Encrypt transmission of cardholder data and sensitive information across public networks5. Use and regularly update anti-virus software6. Develop and maintain secure systems and applications7. Restrict access to data by business need-to-know8. Assign a unique ID to each person with computer access9. Restrict physical access to cardholder data10. Track and monitor all access to network resources and cardholder data11. Regularly test security systems and processes CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
    • Using a Risk Assessment to become PCI CompliantPCI DSS Requirements12. Maintain a policy that address information security1. Install and maintain a firewall configuration to protect data.2. Do not use vendor-supplied defaults for system passwords and other security parameters3. Protect Stored Data4. Encrypt transmission of cardholder data and sensitive information across public networks5. Use and regularly update anti-virus software6. Develop and maintain secure systems and applications7. Restrict access to data by business need-to-know8. Assign a unique ID to each person with computer access9. Restrict physical access to cardholder data10. Track and monitor all access to network resources and cardholder data11. Regularly test security systems and processes CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
    • Using a Risk Assessment to become PCI CompliantPCI DSS Requirements12. Maintain a policy that address information security CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
    • Using a Risk Assessment to become PCI Compliant How do I conduct a Risk Assessment CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
    • Using a Risk Assessment to become PCI Compliant REQUIREMENTS CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
    • Using a Risk Assessment to become PCI Compliant CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
    • Using a Risk Assessment to become PCI Compliant Identify and track regulations Create of organized framework Develop policies Perform assessments Prioritize deficiencies Manage remediation activity CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
    • Using a Risk Assessment to become PCI Compliant What can ANX do for me CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
    • Using a Risk Assessment to become PCI Compliant .com CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved. 30
    • Using a Risk Assessment to become PCI Compliant .com CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved. 31
    • Using a Risk Assessment to become PCI Compliant .com CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved. 32
    • Using a Risk Assessment to become PCI Compliant .com Identify and track regulations Create of organized framework Develop policies Perform assessments Prioritize deficiencies Manage remediation activity CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved. 33
    • Using a Risk Assessment to become PCI Compliant .comManaged Data Breach PCI Support RemoteSecurity Protection Access One Affordable Monthly Charge CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved. 34
    • Using a Risk Assessment to become PCI CompliantDrawing and Questions E-mail us atwaynem@anx.com Call us 248-447-4050 www.facebook.com/anxebusiness Or visit us at .com anx CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved. 35