Using a Risk Assessmentto become PCI Compliant                    .com
Using a Risk Assessment to become PCI CompliantLogistics All lines are in listen-only mode. We will answer questions at th...
THE THREE PILLARS OF PCIPresenter                                    Mark A. Wayne                                    Exec...
Using a Risk Assessment to become PCI CompliantPCI DSS Requirements – the Digital Dozen1. Install and maintain a firewall ...
Using a Risk Assessment to become PCI CompliantPCI DSS Requirements1. Install and maintain a firewall configuration to pro...
Using a Risk Assessment to become PCI Compliant12. Maintain a policy that address information security          CONFIDENTI...
Using a Risk Assessment to become PCI Compliant12. Maintain a policy that address information security          CONFIDENTI...
Using a Risk Assessment to become PCI Compliant12. Maintain a policy that address information security                 12....
Using a Risk Assessment to become PCI Compliant12. Maintain a policy that address information security                 12....
Using a Risk Assessment to become PCI Compliant  DefinitionRisk As•sess•ment      [risk uh-ses-muhnt]                 1. D...
Using a Risk Assessment to become PCI CompliantTwo Parts            CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBu...
Using a Risk Assessment to become PCI CompliantTwo Parts            CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBu...
Using a Risk Assessment to become PCI CompliantWhy is a Risk Assessment  important          CONFIDENTIAL | www.ANX.com | 4...
Using a Risk Assessment to become PCI CompliantSteps of a Risk Assessment                CONFIDENTIAL | www.ANX.com | 4/20...
Using a Risk Assessment to become PCI CompliantSteps of a Risk Assessment                                                 ...
Using a Risk Assessment to become PCI CompliantSteps of a Risk Assessment                                                 ...
Using a Risk Assessment to become PCI CompliantSteps of a Risk Assessment                                                 ...
Using a Risk Assessment to become PCI CompliantSteps of a Risk Assessment                                                 ...
Using a Risk Assessment to become PCI CompliantLevel 4 Merchants the Target of Choice                                     ...
Using a Risk Assessment to become PCI CompliantPCI DSS Requirements1. Install and maintain a firewall configuration to pro...
Using a Risk Assessment to become PCI CompliantPCI DSS Requirements1. Install and maintain a firewall configuration to pro...
Using a Risk Assessment to become PCI CompliantPCI DSS Requirements1. Install and maintain a firewall configuration to pro...
Using a Risk Assessment to become PCI CompliantPCI DSS Requirements12. Maintain a policy that address information security...
Using a Risk Assessment to become PCI CompliantPCI DSS Requirements12. Maintain a policy that address information security...
Using a Risk Assessment to become PCI Compliant      How do I       conduct         a Risk    Assessment          CONFIDEN...
Using a Risk Assessment to become PCI Compliant         REQUIREMENTS          CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2...
Using a Risk Assessment to become PCI Compliant          CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp...
Using a Risk Assessment to become PCI Compliant                                                            Identify and tr...
Using a Risk Assessment to become PCI Compliant  What can   ANX do    for me          CONFIDENTIAL | www.ANX.com | 4/20/20...
Using a Risk Assessment to become PCI Compliant      .com             CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXe...
Using a Risk Assessment to become PCI Compliant      .com             CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXe...
Using a Risk Assessment to become PCI Compliant      .com             CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXe...
Using a Risk Assessment to become PCI Compliant      .com                                                              Ide...
Using a Risk Assessment to become PCI Compliant       .comManaged                Data Breach                              ...
Using a Risk Assessment to become PCI CompliantDrawing and Questions   E-mail us atwaynem@anx.com    Call us 248-447-4050 ...
Upcoming SlideShare
Loading in …5
×

ANX Risk Assessment Tips Webinar

1,188 views

Published on

PCI DSS Requirement 12.1.2 emphasizes a need for a formal risk assessment methodology. Utilizing a risk assessment within your organization can be very helpful when determining whether to implement new technologies or determining the next steps in your on-going security process. A “set it and forget it” mentality is one of the biggest myths when it comes to Payment Card Industry Data Security Standard (PCI DSS) compliance. A recent study showed that only 37% of companies in 2010 regularly test their security systems and processes. Unfortunately, this mindset creates the vulnerability that hackers seek out.

A January 2012 report revealed:
• Only 21% of companies were PCI Compliant at their initial risk assessment
• Companies met an average of 78% test procedures

This webinar will cover the process of implementing a Risk Assessment for your business and regularly capitalizing on the findings to create a secure environment and achieving PCI compliance. Learn how to take the first step in becoming PCI DSS compliant by eliminating the gaps in your company’s security that cyber criminals seek out.

Published in: Economy & Finance, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,188
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
6
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

ANX Risk Assessment Tips Webinar

  1. 1. Using a Risk Assessmentto become PCI Compliant .com
  2. 2. Using a Risk Assessment to become PCI CompliantLogistics All lines are in listen-only mode. We will answer questions at the end of the event. But feel free to ask questions at any time. A link to the webinar recording will be e-mailed shortly after the event, and it will be available on-demand at: www.anx.com Every attendee receives One attendee will receive a All series attendees will be a $5 Starbucks Gift Card $50 Amazon.com Gift Certificate Entered to win a Kindle Fire CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
  3. 3. THE THREE PILLARS OF PCIPresenter Mark A. Wayne Executive Vice President CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
  4. 4. Using a Risk Assessment to become PCI CompliantPCI DSS Requirements – the Digital Dozen1. Install and maintain a firewall configuration to protect data.2. Do not use vendor-supplied defaults for system passwords and other security parameters3. Protect Stored Data4. Encrypt transmission of cardholder data and sensitive information across public networks5. Use and regularly update anti-virus software6. Develop and maintain secure systems and applications7. Restrict access to data by business need-to-know8. Assign a unique ID to each person with computer access9. Restrict physical access to cardholder data10. Track and monitor all access to network resources and cardholder data11. Regularly test security systems and processes12. Maintain a policy that address information security CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
  5. 5. Using a Risk Assessment to become PCI CompliantPCI DSS Requirements1. Install and maintain a firewall configuration to protect data.2. Do not use vendor-supplied defaults for system passwords and other security parameters3. Protect Stored Data4. Encrypt transmission of cardholder data and sensitive information across public networks5. Use and regularly update anti-virus software6. Develop and maintain secure systems and applications7. Restrict access to data by business need-to-know8. Assign a unique ID to each person with computer access9. Restrict physical access to cardholder data10. Track and monitor all access to network resources and cardholder data11. Regularly test security systems and processes12. Maintain a policy that address information security CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
  6. 6. Using a Risk Assessment to become PCI Compliant12. Maintain a policy that address information security CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
  7. 7. Using a Risk Assessment to become PCI Compliant12. Maintain a policy that address information security CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
  8. 8. Using a Risk Assessment to become PCI Compliant12. Maintain a policy that address information security 12.1.2 Establish, publish, maintain, and disseminate a security policy that includes an annual process that identifies threats and vulnerabilities, and results in a formal risk assessment CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
  9. 9. Using a Risk Assessment to become PCI Compliant12. Maintain a policy that address information security 12.1.2 Establish, publish, maintain, and disseminate a security policy that includes an annual process that identifies threats and vulnerabilities, and results in a formal risk assessment CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
  10. 10. Using a Risk Assessment to become PCI Compliant DefinitionRisk As•sess•ment [risk uh-ses-muhnt] 1. Define the Environment 2. Identify Threats 3. Identify Vulnerabilities 4. Evaluate and Address Risk CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
  11. 11. Using a Risk Assessment to become PCI CompliantTwo Parts CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
  12. 12. Using a Risk Assessment to become PCI CompliantTwo Parts CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
  13. 13. Using a Risk Assessment to become PCI CompliantWhy is a Risk Assessment important CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
  14. 14. Using a Risk Assessment to become PCI CompliantSteps of a Risk Assessment CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
  15. 15. Using a Risk Assessment to become PCI CompliantSteps of a Risk Assessment Define the Environment CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
  16. 16. Using a Risk Assessment to become PCI CompliantSteps of a Risk Assessment Define the Environment Identify Threats CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
  17. 17. Using a Risk Assessment to become PCI CompliantSteps of a Risk Assessment Define the Environment Identify Threats Identify Vulnerabilities CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
  18. 18. Using a Risk Assessment to become PCI CompliantSteps of a Risk Assessment Define the Environment Identify Threats Identify Vulnerabilities Evaluate and Address Risk CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
  19. 19. Using a Risk Assessment to become PCI CompliantLevel 4 Merchants the Target of Choice Level 1-3 10% RISK LEVEL Level 4 90% CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved. 19
  20. 20. Using a Risk Assessment to become PCI CompliantPCI DSS Requirements1. Install and maintain a firewall configuration to protect data.2. Do not use vendor-supplied defaults for system passwords and other security parameters3. Protect Stored Data4. Encrypt transmission of cardholder data and sensitive information across public networks5. Use and regularly update anti-virus software6. Develop and maintain secure systems and applications7. Restrict access to data by business need-to-know8. Assign a unique ID to each person with computer access9. Restrict physical access to cardholder data10. Track and monitor all access to network resources and cardholder data11. Regularly test security systems and processes12. Maintain a policy that address information security CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
  21. 21. Using a Risk Assessment to become PCI CompliantPCI DSS Requirements1. Install and maintain a firewall configuration to protect data.2. Do not use vendor-supplied defaults for system passwords and other security parameters3. Protect Stored Data4. Encrypt transmission of cardholder data and sensitive information across public networks5. Use and regularly update anti-virus software6. Develop and maintain secure systems and applications7. Restrict access to data by business need-to-know8. Assign a unique ID to each person with computer access9. Restrict physical access to cardholder data10. Track and monitor all access to network resources and cardholder data11. Regularly test security systems and processes12. Maintain a policy that address information security CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
  22. 22. Using a Risk Assessment to become PCI CompliantPCI DSS Requirements1. Install and maintain a firewall configuration to protect data.2. Do not use vendor-supplied defaults for system passwords and other security parameters3. Protect Stored Data4. Encrypt transmission of cardholder data and sensitive information across public networks5. Use and regularly update anti-virus software6. Develop and maintain secure systems and applications7. Restrict access to data by business need-to-know8. Assign a unique ID to each person with computer access9. Restrict physical access to cardholder data10. Track and monitor all access to network resources and cardholder data11. Regularly test security systems and processes CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
  23. 23. Using a Risk Assessment to become PCI CompliantPCI DSS Requirements12. Maintain a policy that address information security1. Install and maintain a firewall configuration to protect data.2. Do not use vendor-supplied defaults for system passwords and other security parameters3. Protect Stored Data4. Encrypt transmission of cardholder data and sensitive information across public networks5. Use and regularly update anti-virus software6. Develop and maintain secure systems and applications7. Restrict access to data by business need-to-know8. Assign a unique ID to each person with computer access9. Restrict physical access to cardholder data10. Track and monitor all access to network resources and cardholder data11. Regularly test security systems and processes CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
  24. 24. Using a Risk Assessment to become PCI CompliantPCI DSS Requirements12. Maintain a policy that address information security CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
  25. 25. Using a Risk Assessment to become PCI Compliant How do I conduct a Risk Assessment CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
  26. 26. Using a Risk Assessment to become PCI Compliant REQUIREMENTS CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
  27. 27. Using a Risk Assessment to become PCI Compliant CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
  28. 28. Using a Risk Assessment to become PCI Compliant Identify and track regulations Create of organized framework Develop policies Perform assessments Prioritize deficiencies Manage remediation activity CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
  29. 29. Using a Risk Assessment to become PCI Compliant What can ANX do for me CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
  30. 30. Using a Risk Assessment to become PCI Compliant .com CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved. 30
  31. 31. Using a Risk Assessment to become PCI Compliant .com CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved. 31
  32. 32. Using a Risk Assessment to become PCI Compliant .com CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved. 32
  33. 33. Using a Risk Assessment to become PCI Compliant .com Identify and track regulations Create of organized framework Develop policies Perform assessments Prioritize deficiencies Manage remediation activity CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved. 33
  34. 34. Using a Risk Assessment to become PCI Compliant .comManaged Data Breach PCI Support RemoteSecurity Protection Access One Affordable Monthly Charge CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved. 34
  35. 35. Using a Risk Assessment to become PCI CompliantDrawing and Questions E-mail us atwaynem@anx.com Call us 248-447-4050 www.facebook.com/anxebusiness Or visit us at .com anx CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved. 35

×