• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
PCI DSS Prioritized Webcast Presentation

PCI DSS Prioritized Webcast Presentation



Using the recently released PCI Council “Prioritized Approach” guidance, this briefing will discuss how organizations can effectively focus their PCI DSS implementation efforts in order to ensure ...

Using the recently released PCI Council “Prioritized Approach” guidance, this briefing will discuss how organizations can effectively focus their PCI DSS implementation efforts in order to ensure the security of cardholder data, reduce information risk and protect the organization --- all while on the shortest path towards PCI DSS validation. The session will also cover how to use the new guidance to save time and money on compliance projects as well as how decide where to start with PCI DSS.

There will be a Q&A session at the end of the briefing - which will then be posted on http://chuvakin.blogspot.com



Total Views
Views on SlideShare
Embed Views



1 Embed 11

http://www.slideshare.net 11



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • Basics: What Is the Prioritized Approach?   The Prioritized Approach provides six security milestones that will help merchants and other organizations incrementally protect against the highest risk factors and escalating threats while on the road to PCI DSS compliance. The Prioritized Approach and its milestones (described on page 2) are intended to provide the following benefits:   • Roadmap that an organization can use to address its risks in priority order • Pragmatic approach that allows for “quick wins” • Supports financial and operational planning • Promotes objective and measurable progress indicators • Helps promote consistency among Qualified Security Assessors Objectives of the Prioritized Approach   The Prioritized Approach provides a roadmap of compliance activities based on risk associated with storing, processing, and/or transmitting cardholder data. The roadmap helps to prioritize efforts to achieve compliance, establish milestones, lower the risk of cardholder data breaches sooner in the compliance process, and help acquirers objectively measure compliance activities and risk reduction by merchants, service providers, and others.   The Prioritized Approach is suitable for merchants who choose an on-site assessment or use SAQ D.

PCI DSS Prioritized Webcast Presentation PCI DSS Prioritized Webcast Presentation Presentation Transcript

  • PCI DSS Prioritized Presented by: Anton Chuvakin - Director, Strategic Alliances Terry Ramos - VP, Strategic Alliances
  • Agenda
    • The Intent of PCI DSS
    • Challenges
    • Prioritizing Compliance Efforts
    • Resources Available
    • Making a Prioritized Approach to PCI DSS Compliance Work for You
    • Summary / Q&A
  • Payment Card Industry Data Security Standard PCI DSS is based on fundamental data security practices
    • Protect stored data
    • Encrypt transmission of cardholder data and sensitive information across public networks
    Protect Cardholder Data
    • Maintain a policy that addresses information security
    Maintain an Information Security Policy
    • Track and monitor all access to network resources and cardholder data
    • Regularly test security systems and processes
    Regularly Monitor and Test Networks
    • Restrict access to data by business need-to-know
    • Assign a unique ID to each person with computer access
    • Restrict physical access to cardholder data
    Implement Strong Access Control Measures
    • Use and regularly update anti-virus software
    • Develop and maintain secure systems and applications
    Maintain a Vulnerability Management Program
    • Install and maintain a firewall confirmation to protect data
    • Do not use vendor-supplied defaults for system passwords and other security parameters
    Build and Maintain a Secure Network
  • PCI Validation: Merchant & Service Provider Levels
  • PCI DSS Challenges
    • How to start the working on a PCI DSS project?
    • How to proceed with compliance efforts? What to do next? When are you “done”?
    • What (exactly) do you need to do?
      
  • Prioritized Approach Resources
      • PCI Council document Prioritized Approach to PCI DSS
      • Prioritized approach tool
    • Available for Download at: https://www.pcisecuritystandards.org/education/prioritized.shtml
    Source: PCI Council website
  • Why a Prioritized Approach?
    • How does it help achieve compliance faster / better / cheaper?
    • Guides you to focus on immediate card data risk
    • Focuses on tasks with biggest gains towards card data security
    • Allows you to track progress in a measurable way
    Source: PCI Council website
  • Prioritized Approach Phases
    • Remove sensitive authentication data and limit data retention.
      • Key Step : Removing card data is easier than protecting it!
    • Protect the perimeter, internal, and wireless networks .
      • Network protection comes only after data scope is reduced.
    • Secure payment card applications .
      • Processing applications is how a lot of data is stolen today; protecting them is important, but difficult.
  • Prioritized Approach Phases Cont.
    • Monitor and control access to your systems.
      • Blocking alone will never make you secure; logging and monitoring must be added.
    • Protect stored cardholder data.
      • If you must store PAN data, implement the safeguards required.
    • Finalize remaining compliance efforts, and ensure all controls are in place.
      • PCI DSS is not only about data security technology, but includes key policy and process pieces .
    • And Finally… everything implemented at Phases 1-6 needs to be maintained!
  • Example: Information Collection Section Source: PCI Council website
  • Example: PCI Compliance Status Source: PCI Council website
  • Conclusions - How To Use It?
    • How to Use PCI Prioritized Resources to make PCI DSS easy for you?
      • Use the document to plan your PCI project from current state to compliant and secure state
      • Use sheet for ongoing planning of the next steps and identifying weak areas / next area to handle
      • Use Excel sheet to track status and create a report of compliance status
  • PCI Compliance for Dummies eBook Read PCI Compliance for Dummies Get as much information as you can about PCI DSS and how it relates to your organization. Get it Free at www.qualys.com