Webinar pcidsssimplified-140319-140319152520-phpapp01

175 views
87 views

Published on

HOW TO SIMPLIFY PCI DSS WITH UNIFIED SECURITY MANAGEMENT

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
175
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Webinar pcidsssimplified-140319-140319152520-phpapp01

  1. 1. MARCH 2014 HOW TO SIMPLIFY PCI DSS WITH UNIFIED SECURITY MANAGEMENT Jim Hansen Sr. Director, Product Management Tom D’Aquino Sr. Systems Engineer
  2. 2. AGENDA Common challenges / Pre-audit checklist Core capabilities for PCI Automation & consolidation Key Takeaways Q & A
  3. 3. SETTING THE STAGE… Common Challenges & Pre-audit Checklist
  4. 4. PCI DSS IN THE NEWS…
  5. 5. END OF … UH OH. > 1.9 million Point-of- Sale (POS) machines run Windows XP ~ 95% of American ATMS run Windows XP April 8th, 2014
  6. 6. MOST COMMON PCI FAILURES
  7. 7. MOST COMMON PCI FAILURES
  8. 8. 5 MOST COMMON PCI FAILURE AREAS Regularly test security systems and processes Track and monitor all access to network resources and cardholder data Maintain a policy that addresses information security for all personnel. Install and maintain a firewall configuration to protect cardholder data Do not use vendor-supplied defaults for system passwords and other security parameters 93% 91% 87% 86% 84% Requirement 11 Requirement 10 Requirement 12 Requirement 1 Requirement 2
  9. 9. QUESTIONS TO ASK YOURSELF… SOONER RATHER THAN LATER. Pre-audit checklist: ! Where do your PCI-relevant assets live, how are they configured, and how are they segmented from the rest of your network? ! Who accesses these resources (and the other W’s… when, where, what can they do, why and how)? ! What are the vulnerabilities that are in your PCI-defined network – app, OS, etc? ! What constitutes your network baseline? What is considered “normal/ acceptable”? Ask your team… What do we NEVER want to happen in our PCI environment? How do we capture those events when they do happen?
  10. 10. FRENEMIES: SECURITY AND COMPLIANCE
  11. 11. SO…. WHAT DO I NEED FOR PCI-DSS?
  12. 12. Piece it all together Figure out what is valuable Identify ways the target could be compromised Start looking

×