Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Getting Ready for PCI DSS 3.0:
Testing Your Assessment Readiness
Kurt Hagerman
Chief Information Security Officer
Today’s Speakers
Kurt Hagerman
Chief Information
Security Officer
Kurt Hagerman oversees all compliance
related and securi...
Agenda
• The Burden of Compliance
• Recent Breaches
• Testing Your Readiness
• 6-Point Final PCI Checklist
• Questions & A...
Organizations lack the required resources
• Budget • FTEs • Technology
The Burden of Compliance
Sophisticated hackers
Comp...
12 / 13
110 million customers’ credit
card and personal data stolen
01 / 14 04 / 14 05 / 14
06 / 14 07 / 14
09 / 14
Expose...
Your PCI Assessment Readiness
Final control checklist:
Run through controls
Identify & correct remaining control gaps
Conf...
Review Cardholder
Data Environment (CDE)
Check accuracy of
diagrams and inventory
PEOPLE PROCES
S
TECHNOLOGY
Testing Your ...
• Test systems to prove data is where it belongs
• Review the results of your previous evaluations
Testing Your Assessment...
• Inventory of all CDE
components
• Data flow and network
diagrams
• Pen test and other results
• Policies that reflect PC...
• Review list of service providers
• Did they undergo their own PCI assessment?
• Understand and define roles & responsibi...
Checkpoint #5: Your Compliance Culture
ProvidersPartners Staff
Testing Your Assessment Readiness
Checkpoint #6: Audit Readiness
Preparation is the key
to faster, easier audits.
Testing Your Assessment Readiness
&
Questions
Answers
To see the complete Getting Ready for PCI 3.0 webinar series, please visit
www.firehost.com/new-pci
Te...
Testing Your Assessment Readiness
Thank You
Kurt Hagerman
Chief Information Security Officer
kurt.hagerman@firehost.com
87...
Upcoming SlideShare
Loading in …5
×

Getting Ready for PCI DSS 3.0

753 views

Published on

An in-depth look at PCI DSS 3.0. Join us as we discuss: the burden of compliance, and recent breaches.

Published in: Technology
  • Be the first to comment

Getting Ready for PCI DSS 3.0

  1. 1. Getting Ready for PCI DSS 3.0: Testing Your Assessment Readiness Kurt Hagerman Chief Information Security Officer
  2. 2. Today’s Speakers Kurt Hagerman Chief Information Security Officer Kurt Hagerman oversees all compliance related and security initiatives. He is responsible for leading FireHost in attaining ISO, PCI, HIPAA and other certifications, which allows FireHost customers to more easily achieve their own compliance requirements. He regularly speaks and writes on information security topics in the payments and healthcare spaces as well as on cloud security. Testing Your Assessment Readiness
  3. 3. Agenda • The Burden of Compliance • Recent Breaches • Testing Your Readiness • 6-Point Final PCI Checklist • Questions & Answers Testing Your Assessment Readiness
  4. 4. Organizations lack the required resources • Budget • FTEs • Technology The Burden of Compliance Sophisticated hackers Complex & evolving data regulations Testing Your Assessment Readiness
  5. 5. 12 / 13 110 million customers’ credit card and personal data stolen 01 / 14 04 / 14 05 / 14 06 / 14 07 / 14 09 / 14 ExposedNames,addresses, emails&paymentcarddetails 145 million users’ passwords affected 1.1 million customers’ credit and debit card data stolen 3 million customers’ credit and debit card data stolen 60 Million Customers Credit Card Data Stolen 180 Southern California Stores hit 08 / 14 JPMorgansuffersdatabreachaffecting76million customers 09 / 14 08 / 14 SocialSecurity#s&Personal Dataof4.5MillionPeople 10 / 14 4.93MillionGmailUserNamesandPasswords Published Who’s Next? ? Customer Data Theft from 33 Locations Testing Your Assessment Readiness
  6. 6. Your PCI Assessment Readiness Final control checklist: Run through controls Identify & correct remaining control gaps Confirm documents meet 3.0 requirements Prepare for 2015 audit Testing Your Assessment Readiness
  7. 7. Review Cardholder Data Environment (CDE) Check accuracy of diagrams and inventory PEOPLE PROCES S TECHNOLOGY Testing Your Assessment Readiness Checkpoint #1: Scoping
  8. 8. • Test systems to prove data is where it belongs • Review the results of your previous evaluations Testing Your Assessment Readiness Checkpoint #2: Validating
  9. 9. • Inventory of all CDE components • Data flow and network diagrams • Pen test and other results • Policies that reflect PCI requirements • Procedures that carry out those policies Testing Your Assessment Readiness Checkpoint #3: Documentation
  10. 10. • Review list of service providers • Did they undergo their own PCI assessment? • Understand and define roles & responsibilities Testing Your Assessment Readiness Checkpoint #4: Third-Party Providers
  11. 11. Checkpoint #5: Your Compliance Culture ProvidersPartners Staff Testing Your Assessment Readiness
  12. 12. Checkpoint #6: Audit Readiness Preparation is the key to faster, easier audits. Testing Your Assessment Readiness
  13. 13. & Questions Answers To see the complete Getting Ready for PCI 3.0 webinar series, please visit www.firehost.com/new-pci Testing Your Assessment Readiness
  14. 14. Testing Your Assessment Readiness Thank You Kurt Hagerman Chief Information Security Officer kurt.hagerman@firehost.com 877 262 3473 x8073 Email Phone

×