2. INFRAGARD
InfraGard is a partnership between the FBI and the private sector. It is an
association of persons who represent businesses, academic institutions, state
and local law enforcement agencies, and other participants dedicated to
sharing information and intelligence to prevent hostile acts against the U.S.
Disclaimer
The views, opinions, and content of this webinar are solely those of the
speakers and other contributors. These views and opinions do not necessarily
represent those of InfraGard or InfraGard Atlanta Members Alliance (IAMA).
3. RICHARD EMRICH
Rich has been Director of Treasury at Northwestern University since
2007. His responsibilities include management of Treasury (capital
planning, as well as long-term debt portfolio and working capital
strategy); e-Commerce operations (primary oversight of 200
merchants across two campuses and related compliance); and
Bursar operations (various card programs, remote depositing and
cashiering). Prior to joining Northwestern Rich was Global Treasury
Manager at Hewitt Associates, Inc. for 5 years and Senior IT
Manager for Hewitt Associates LLC for 6 years. During his tenure in
Finance he worked to bring Treasury into compliance with
Sarbanes-Oxley following the company’s IPO, implemented a
Treasury workstation, and managed an investment portfolio of $600
million. Rich graduated from Bates College in 1984 pre-med, then
earned his MBA in finance from the University of Illinois / Chicago.
He has been a Certified Treasury Professional (CTP) since 2005.
4. DR. PHILLIP HALLAM-BAKER
Phillip Hallam-Baker is a computer scientist, mostly renowned for his
contributions to Internet security, since the design of HTTP at CERN in
1992. Currently vice-president and principal scientist at Comodo Inc., he
previously worked at Verisign Inc., and at MIT Artificial Intelligence
Laboratory. He is a frequent participant in IETF meetings and discussions,
and has written a number of RFCs. In 2007 he authored the dotCrime
Manifesto: How to Stop Internet Crime. Hallam-Baker has a degree in
electronic engineering from the School of Electronics and Computer
Science, University of Southampton and a doctorate in Computer Science
from the Nuclear Physics Department at Oxford University. He was
appointed a Post Doctoral Research Associate at DESY in 1992 and CERN
Fellow in 1993. Hallam-Baker worked with the Clinton-Gore ’92 Internet
campaign. While at the MIT Laboratory for Artificial Intelligence, he
worked on developing a security plan and performed seminal work on
securing high profile Federal Government Internet sites.
5. TREVOR HORWITZ
Trevor Horwitz is the founder and CISO of TrustNet, a leading
specialized provider of IT Security and Compliance services. Trevor
has designed, developed, and assessed security and compliance
solutions for corporations of all sizes and across multiple industries
for over twenty years. Trevor is a PCI Qualified Security Assessor and
contributing member of the PCI Security Council’s special interest
group on virtualization and cloud security. His career experience
includes roles as the CEO of a pioneering network security company
and a senior consultant at PWC. He is a board member of InfraGard
Atlanta, past Executive Board member of ISACA Atlanta, and has
been active in the Technology Association of Georgia for over fifteen
years. Trevor holds a Bachelor of Commerce from the University of
the Witwatersrand, Johannesburg, South Africa with a triple major
in Accounting, Information Systems, and Business Law.
6. AGENDA
1. EMV and “Chip and Pin” Technologies
2. Mobile Payments
3. Secure Data Transmission - Migrating from SSL and Early TLS
4. Point-to-Point Encryption (P2PE)
5. PCI and the Cloud
6. Designated Entities
7. Two Factor Authentication
8. Hidden Card Holder Data and Shadow IT
Webinar Sponsor
www.TrustNetInc.com
13. DATA TRANSMISSION ENCRYPTION
SSL AND EARLY TLS
Refer to NIST SP 800-52
rev 1 for guidance on
secure TLS configurations
Little Known Fact
Not all implementations of
TLS v1.1 are considered
secure
15. POINT-TO-POINT ENCRYPTION (P2PE)
P2PE SAQ can only be
used when merchants
process cardholder data
only via hardware
payment terminals
within a validated PCI
P2PE solutionThe P2PE Self-Assessment
Questionnaire includes
only 26 PCI DSS
requirements
16. First draft of “Dark Side”
recruiting poster
“Most
misunderstood
villain of all time”
According to his
Mom
aka Mama Vader
17. PCI AND THE CLOUD
Alternate names for cloud
computing that never stuck
Utility Computing
Shared Resource Computing
Pay as you go Computing
Service-oriented Computing
24. HIDDEN CARD HOLDER DATA AND
SHADOW IT
Common Methods used to
find cardholder data
Mod10 verification
Length/Prefix checks
Native format decoding
Contextual data and
statistical analysis -
25. What you do … What your friends think you do …
Information Security
27. For more information about InfraGard Atlanta and upcoming events:
President, Jeff Gaynor
Presiama@gmail.com
Director of Outreach, Lawrence Tobin
Lawrence.Tobin@TrustNetInc.com
www.InfraGardAtlanta.org
