Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

PCI DSS Prioritized Webcast Presentation

Using the recently released PCI Council “Prioritized Approach” guidance, this briefing will discuss how organizations can effectively focus their PCI DSS implementation efforts in order to ensure the security of cardholder data, reduce information risk and protect the organization --- all while on the shortest path towards PCI DSS validation. The session will also cover how to use the new guidance to save time and money on compliance projects as well as how decide where to start with PCI DSS.

There will be a Q&A session at the end of the briefing - which will then be posted on

  • Login to see the comments

PCI DSS Prioritized Webcast Presentation

  1. 1. PCI DSS Prioritized Presented by: Anton Chuvakin - Director, Strategic Alliances Terry Ramos - VP, Strategic Alliances
  2. 2. Agenda <ul><li>The Intent of PCI DSS </li></ul><ul><li>Challenges </li></ul><ul><li>Prioritizing Compliance Efforts </li></ul><ul><li>Resources Available </li></ul><ul><li>Making a Prioritized Approach to PCI DSS Compliance Work for You </li></ul><ul><li>Summary / Q&A </li></ul>
  3. 3. Payment Card Industry Data Security Standard PCI DSS is based on fundamental data security practices <ul><li>Protect stored data </li></ul><ul><li>Encrypt transmission of cardholder data and sensitive information across public networks </li></ul>Protect Cardholder Data <ul><li>Maintain a policy that addresses information security </li></ul>Maintain an Information Security Policy <ul><li>Track and monitor all access to network resources and cardholder data </li></ul><ul><li>Regularly test security systems and processes </li></ul>Regularly Monitor and Test Networks <ul><li>Restrict access to data by business need-to-know </li></ul><ul><li>Assign a unique ID to each person with computer access </li></ul><ul><li>Restrict physical access to cardholder data </li></ul>Implement Strong Access Control Measures <ul><li>Use and regularly update anti-virus software </li></ul><ul><li>Develop and maintain secure systems and applications </li></ul>Maintain a Vulnerability Management Program <ul><li>Install and maintain a firewall confirmation to protect data </li></ul><ul><li>Do not use vendor-supplied defaults for system passwords and other security parameters </li></ul>Build and Maintain a Secure Network
  4. 4. PCI Validation: Merchant & Service Provider Levels
  5. 5. PCI DSS Challenges <ul><li>How to start the working on a PCI DSS project? </li></ul><ul><li>How to proceed with compliance efforts? What to do next? When are you “done”? </li></ul><ul><li>What (exactly) do you need to do? </li></ul>  
  6. 6. Prioritized Approach Resources <ul><ul><li>PCI Council document Prioritized Approach to PCI DSS </li></ul></ul><ul><ul><li>Prioritized approach tool </li></ul></ul><ul><li>Available for Download at: </li></ul>Source: PCI Council website
  7. 7. Why a Prioritized Approach? <ul><li>How does it help achieve compliance faster / better / cheaper? </li></ul><ul><li>Guides you to focus on immediate card data risk </li></ul><ul><li>Focuses on tasks with biggest gains towards card data security </li></ul><ul><li>Allows you to track progress in a measurable way </li></ul>Source: PCI Council website
  8. 8. Prioritized Approach Phases <ul><li>Remove sensitive authentication data and limit data retention. </li></ul><ul><ul><li>Key Step : Removing card data is easier than protecting it! </li></ul></ul><ul><li>Protect the perimeter, internal, and wireless networks . </li></ul><ul><ul><li>Network protection comes only after data scope is reduced. </li></ul></ul><ul><li>Secure payment card applications . </li></ul><ul><ul><li>Processing applications is how a lot of data is stolen today; protecting them is important, but difficult. </li></ul></ul>
  9. 9. Prioritized Approach Phases Cont. <ul><li>Monitor and control access to your systems. </li></ul><ul><ul><li>Blocking alone will never make you secure; logging and monitoring must be added. </li></ul></ul><ul><li>Protect stored cardholder data. </li></ul><ul><ul><li>If you must store PAN data, implement the safeguards required. </li></ul></ul><ul><li>Finalize remaining compliance efforts, and ensure all controls are in place. </li></ul><ul><ul><li>PCI DSS is not only about data security technology, but includes key policy and process pieces . </li></ul></ul><ul><li>And Finally… everything implemented at Phases 1-6 needs to be maintained! </li></ul>
  10. 10. Example: Information Collection Section Source: PCI Council website
  11. 11. Example: PCI Compliance Status Source: PCI Council website
  12. 12. Conclusions - How To Use It? <ul><li>How to Use PCI Prioritized Resources to make PCI DSS easy for you? </li></ul><ul><ul><li>Use the document to plan your PCI project from current state to compliant and secure state </li></ul></ul><ul><ul><li>Use sheet for ongoing planning of the next steps and identifying weak areas / next area to handle </li></ul></ul><ul><ul><li>Use Excel sheet to track status and create a report of compliance status </li></ul></ul>
  13. 13. PCI Compliance for Dummies eBook Read PCI Compliance for Dummies Get as much information as you can about PCI DSS and how it relates to your organization. Get it Free at