Advertisement

PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams

Anton Chuvakin
Security Strategy
Apr. 26, 2010
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams

Check these out next

Alcumus ISOQAR PCIDSS Compliance Presentation
Alcumus ISOQAR PCIDSS Compliance Presentation
Bhargav Upadhyay
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Ariel Ben-Harosh
Pcidss
Pcidss
yazsapa
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
himalya sharma
Approach pci- dss
Approach pci- dss
Vikrant Burbure
PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...
John Baines
PCI DSS Essential Guide
PCI DSS Essential Guide
Kim Jensen
PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to Know
AlienVault
1 of 19

PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams

Apr. 26, 2010
Technology
Anton Chuvakin
Security Strategy
Advertisement
Advertisement
Advertisement

Recommended

Webinar - PCI DSS Merchant Levels validations and applicableWebinar - PCI DSS Merchant Levels validations and applicable
Webinar - PCI DSS Merchant Levels validations and applicableVISTA InfoSec34 views57 slides
PCI-DSS explainedPCI-DSS explained
PCI-DSS explainedEdwin_Bos314 views6 slides
Webinar - pci dss 4.0 updates Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates VISTA InfoSec176 views50 slides
Card fraud and compliance trainingCard fraud and compliance training
Card fraud and compliance trainingethnos465 views5 slides
PCI DSS: What it is, and why you should carePCI DSS: What it is, and why you should care
PCI DSS: What it is, and why you should careSean D. Goodwin168 views27 slides
PCI DSS Basics - The Twelve StepsPCI DSS Basics - The Twelve Steps
PCI DSS Basics - The Twelve StepsTerra Verde652 views9 slides

More Related Content

Slideshows for you(20)

Alcumus ISOQAR PCIDSS Compliance PresentationAlcumus ISOQAR PCIDSS Compliance Presentation
Alcumus ISOQAR PCIDSS Compliance Presentation
Bhargav Upadhyay181 views
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarComsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Ariel Ben-Harosh742 views
PcidssPcidss
Pcidss
yazsapa436 views
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
himalya sharma146 views
Approach pci- dssApproach pci- dss
Approach pci- dss
Vikrant Burbure102 views
PCIDSS compliance made easier through a collaboration between NC State and UN...PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...
John Baines706 views
PCI DSS Essential GuidePCI DSS Essential Guide
PCI DSS Essential Guide
Kim Jensen5K views
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to Know
AlienVault5.3K views
P0 Pcidss OverviewP0 Pcidss Overview
P0 Pcidss Overview
b28stu296 views
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder data
InMobi Technology3.7K views
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overview
okrantz6.7K views
PCI DSSPCI DSS
PCI DSS
Duy Do Phan3.2K views
PCI DSS 3.0 – What You Need to KnowPCI DSS 3.0 – What You Need to Know
PCI DSS 3.0 – What You Need to Know
Terra Verde1.3K views
Pcidss qr gv3_1Pcidss qr gv3_1
Pcidss qr gv3_1
leon bonilla156 views
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSS
Saumya Vishnoi10.2K views
Pci ssc quick reference guidePci ssc quick reference guide
Pci ssc quick reference guide
Mohammad Makchudul Alam (Arif)710 views
PCI DSS v3.0: How to Adapt Your Compliance StrategyPCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance Strategy
AlienVault4K views
SFISSA - PCI DSS 3.0 - A QSA PerspectiveSFISSA - PCI DSS 3.0 - A QSA Perspective
SFISSA - PCI DSS 3.0 - A QSA Perspective
Mark Akins2.1K views
Pci dss-for-it-providersPci dss-for-it-providers
Pci dss-for-it-providers
Calyptix Security1.2K views
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as Usual
Kimberly Simon MBA1.8K views

Similar to PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams(20)

PCI DSS Myths 2009: Myths and RealityPCI DSS Myths 2009: Myths and Reality
PCI DSS Myths 2009: Myths and Reality
Anton Chuvakin2.5K views
PCI DSS-based Security: Is This For Real? by Dr. Anton ChuvakinPCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
PCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
Anton Chuvakin1.8K views
PCI DSS Myths 2010: Why Are They STILL Alive by Dr. Anton ChuvakinPCI DSS Myths 2010: Why Are They STILL Alive by Dr. Anton Chuvakin
PCI DSS Myths 2010: Why Are They STILL Alive by Dr. Anton Chuvakin
Anton Chuvakin1.3K views
PCI 2010: Trends and TechnologiesPCI 2010: Trends and Technologies
PCI 2010: Trends and Technologies
Anton Chuvakin1.6K views
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton Chuvakin
Anton Chuvakin2.9K views
What PCI DSS Taught Us About Security by Dr. Anton ChuvakinWhat PCI DSS Taught Us About Security by Dr. Anton Chuvakin
What PCI DSS Taught Us About Security by Dr. Anton Chuvakin
Anton Chuvakin1.8K views
What do I really need to do to STAY compliant with PCI DSS?What do I really need to do to STAY compliant with PCI DSS?
What do I really need to do to STAY compliant with PCI DSS?
Anton Chuvakin717 views
Myths of PCI DSSMyths of PCI DSS
Myths of PCI DSS
Anton Chuvakin368 views
PCI MythsPCI Myths
PCI Myths
Sasha Nunke676 views
"Compliance First" or "Security First""Compliance First" or "Security First"
"Compliance First" or "Security First"
Anton Chuvakin1.4K views
Don’t Fear PCI DSS!Don’t Fear PCI DSS!
Don’t Fear PCI DSS!
Anton Chuvakin777 views
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER VersionPCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
guest3af00b82 views
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER VersionPCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
Anton Chuvakin1.7K views
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER VersionPCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
guest3af00b81 view
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER VersionPCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
guest3af00b8341 views
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER VersionPCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
guest3af00b81 view
SANS WhatWorks - Compliance & DLPSANS WhatWorks - Compliance & DLP
SANS WhatWorks - Compliance & DLP
Nick Selby445 views
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
himalya sharma75 views
PCI Compliance for DummiesPCI Compliance for Dummies
PCI Compliance for Dummies
Liberteks2.5K views
Pondurance pci dss 112014Pondurance pci dss 112014
Pondurance pci dss 112014
Kathy Pelletier663 views
Advertisement

More from Anton Chuvakin(20)

SOC Lessons from DevOps and SRE by Anton ChuvakinSOC Lessons from DevOps and SRE by Anton Chuvakin
SOC Lessons from DevOps and SRE by Anton Chuvakin
Anton Chuvakin223 views
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 BoothHey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth
Anton Chuvakin110 views
20 Years of SIEM - SANS Webinar 202220 Years of SIEM - SANS Webinar 2022
20 Years of SIEM - SANS Webinar 2022
Anton Chuvakin263 views
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
Anton Chuvakin360 views
SOCstock 2020 Groovy SOC Tunes aka Modern SOC TrendsSOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends
SOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends
Anton Chuvakin278 views
SOCstock 2021 The Cloud-native SOC SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC
Anton Chuvakin411 views
Modern SOC Trends 2020Modern SOC Trends 2020
Modern SOC Trends 2020
Anton Chuvakin741 views
Anton's 2020 SIEM Best and Worst Practices - in BriefAnton's 2020 SIEM Best and Worst Practices - in Brief
Anton's 2020 SIEM Best and Worst Practices - in Brief
Anton Chuvakin337 views
Generic siem how_2017Generic siem how_2017
Generic siem how_2017
Anton Chuvakin1K views
Tips on SIEM Ops 2015Tips on SIEM Ops 2015
Tips on SIEM Ops 2015
Anton Chuvakin355 views
Five SIEM Futures (2012)Five SIEM Futures (2012)
Five SIEM Futures (2012)
Anton Chuvakin605 views
RSA 2016 Security Analytics PresentationRSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics Presentation
Anton Chuvakin486 views
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Anton Chuvakin10K views
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Anton Chuvakin14K views
Practical Strategies to Compliance and Security with SIEM by Dr. Anton ChuvakinPractical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin
Practical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin
Anton Chuvakin3.4K views
SIEM Primer:SIEM Primer:
SIEM Primer:
Anton Chuvakin4.7K views
Log management and compliance: What's the real story? by Dr. Anton ChuvakinLog management and compliance: What's the real story? by Dr. Anton Chuvakin
Log management and compliance: What's the real story? by Dr. Anton Chuvakin
Anton Chuvakin1.5K views
On Content-Aware SIEM by Dr. Anton ChuvakinOn Content-Aware SIEM by Dr. Anton Chuvakin
On Content-Aware SIEM by Dr. Anton Chuvakin
Anton Chuvakin1.7K views
Making Log Data Useful: SIEM and Log Management Together by Dr. Anton ChuvakinMaking Log Data Useful: SIEM and Log Management Together by Dr. Anton Chuvakin
Making Log Data Useful: SIEM and Log Management Together by Dr. Anton Chuvakin
Anton Chuvakin2.5K views
PCI 2.0 What's Next for PCI DSS by Dr. Anton ChuvakinPCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
PCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
Anton Chuvakin1.2K views

Recently uploaded(20)

BG CSLTTT C1.pptxBG CSLTTT C1.pptx
BG CSLTTT C1.pptx
MnhQuang140 views
ARDUINO_presentation_by_Bamidele samuel.pptARDUINO_presentation_by_Bamidele samuel.ppt
ARDUINO_presentation_by_Bamidele samuel.ppt
SAMTECH ELECTRONICS CONCEPT 0 views
在哪里可以办美国大学文凭《阿克伦大学毕业证成绩单仿制》在哪里可以办美国大学文凭《阿克伦大学毕业证成绩单仿制》
在哪里可以办美国大学文凭《阿克伦大学毕业证成绩单仿制》
nukotk0 views
Top 12 Benefits of Automated Software Testing.pdfTop 12 Benefits of Automated Software Testing.pdf
Top 12 Benefits of Automated Software Testing.pdf
RohitBhandari660 views
Ini Spesifikasi dan Harga Zenbook S 13 OLED (UX5304)Ini Spesifikasi dan Harga Zenbook S 13 OLED (UX5304)
Ini Spesifikasi dan Harga Zenbook S 13 OLED (UX5304)
Dot Semarang0 views
在哪里可以办英国大学文凭《英博夏尔大学毕业证成绩单仿制》在哪里可以办英国大学文凭《英博夏尔大学毕业证成绩单仿制》
在哪里可以办英国大学文凭《英博夏尔大学毕业证成绩单仿制》
nukotk0 views
Chapter One Method of Teaching.pptxChapter One Method of Teaching.pptx
Chapter One Method of Teaching.pptx
YoomifTube0 views
Akaike Pitch DeckAkaike Pitch Deck
Akaike Pitch Deck
ShilpaRamaswamy30 views
University of Engineering and Technology.docxUniversity of Engineering and Technology.docx
University of Engineering and Technology.docx
MuhammadumairKhan740 views
EU opportunities inputs for FIWARE summit.pptxEU opportunities inputs for FIWARE summit.pptx
EU opportunities inputs for FIWARE summit.pptx
FIWARE0 views
How to Unmute iPhone.pdfHow to Unmute iPhone.pdf
How to Unmute iPhone.pdf
syedmuneebhaider30 views
LangChain Intro by KeyMate.AILangChain Intro by KeyMate.AI
LangChain Intro by KeyMate.AI
OzgurOscarOzkan0 views
Develop Blockchain App - Blocktech BrewDevelop Blockchain App - Blocktech Brew
Develop Blockchain App - Blocktech Brew
Blocktech Brew0 views
University of Engineering and Technology.docxUniversity of Engineering and Technology.docx
University of Engineering and Technology.docx
MuhammadumairKhan740 views
Framework for understanding quantum computing use cases from a multidisciplin...Framework for understanding quantum computing use cases from a multidisciplin...
Framework for understanding quantum computing use cases from a multidisciplin...
Anastasija Nikiforova0 views
在哪里可以办新西兰大学文凭《奥克兰理工大学毕业证成绩单仿制》在哪里可以办新西兰大学文凭《奥克兰理工大学毕业证成绩单仿制》
在哪里可以办新西兰大学文凭《奥克兰理工大学毕业证成绩单仿制》
nukotk0 views
Chapter Three Motivation.pptxChapter Three Motivation.pptx
Chapter Three Motivation.pptx
YoomifTube0 views
FC-7664PRO alarm panel professional security systemFC-7664PRO alarm panel professional security system
FC-7664PRO alarm panel professional security system
Vedard Security Alarm System Store0 views
Week_1_Intro_Internet_arch_Applications.pptWeek_1_Intro_Internet_arch_Applications.ppt
Week_1_Intro_Internet_arch_Applications.ppt
home1070 views
在哪里可以办意大利大学文凭《博洛尼亚大学毕业证成绩单仿制》在哪里可以办意大利大学文凭《博洛尼亚大学毕业证成绩单仿制》
在哪里可以办意大利大学文凭《博洛尼亚大学毕业证成绩单仿制》
nukotk0 views
Advertisement

PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams

  10. Assign a unique ID to each person with computer access

Editor's Notes

  1. Myth: PCI is confusing and not specific!“We don’t know what to do, who to ask, what exactly to change”“Just give us a checklist and we will do it. Promise!”Reality: PCI DSS documents explain both what to do and how to validate it; take some time to read and understand it.<- Also, read our book on PCI! Reality: PCI DSS is basic, common sense, baseline security practice; it is only hard if you were not doing it before.It is no harder than running your business or IT – and you’ve been doing it!
  2. QSA shop = liabilityxfer
  3. Myth: PCI is confusing and not specific!“We don’t know what to do, who to ask, what exactly to change”“Just give us a checklist and we will do it. Promise!”Reality: PCI DSS documents explain both what to do and how to validate it; take some time to read and understand it.<- Also, read our book on PCI! Reality: PCI DSS is basic, common sense, baseline security practice; it is only hard if you were not doing it before.It is no harder than running your business or IT – and you’ve been doing it!
  4. Also: Lie to management about “we are NOT compliant – gimme budget!!”
  5. How to STAY compliant!
Advertisement