Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin

Anton Chuvakin
Security Strategy
Feb. 11, 2011
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin
1 of 30

Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin

Feb. 11, 2011
Technology

by Dr. Anton Chuvakin, SecurityWarrior, LLC Current compliance methods are reactive and do little to improve security. In place of annual audits and document-heavy processes, a new, Proactive/Continous Compliance model makes compliance an element of normal information security operations. Compliance is managed day to day and minute to minute, providing clear visibility of compliance posture at any given time. Efficiency is increased, costs are reduced and the annual audit becomes a simple formality. In this presentation we'll cover the requirements, capabilities and benefits of this new compliance model.

Anton Chuvakin
Security Strategy

Recommended

Log Standards & Future Trends by Dr. Anton ChuvakinLog Standards & Future Trends by Dr. Anton Chuvakin
Log Standards & Future Trends by Dr. Anton ChuvakinAnton Chuvakin2.2K views27 slides
SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...
SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...Anton Chuvakin16 views22 slides
SOC Lessons from DevOps and SRE by Anton ChuvakinSOC Lessons from DevOps and SRE by Anton Chuvakin
SOC Lessons from DevOps and SRE by Anton ChuvakinAnton Chuvakin249 views18 slides
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 BoothHey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 BoothAnton Chuvakin130 views10 slides
20 Years of SIEM - SANS Webinar 202220 Years of SIEM - SANS Webinar 2022
20 Years of SIEM - SANS Webinar 2022Anton Chuvakin271 views21 slides
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton ChuvakinAnton Chuvakin379 views25 slides

More Related Content

More from Anton Chuvakin

Modern SOC Trends 2020Modern SOC Trends 2020
Modern SOC Trends 2020Anton Chuvakin750 views12 slides
Anton's 2020 SIEM Best and Worst Practices - in BriefAnton's 2020 SIEM Best and Worst Practices - in Brief
Anton's 2020 SIEM Best and Worst Practices - in BriefAnton Chuvakin339 views8 slides
Generic siem how_2017Generic siem how_2017
Generic siem how_2017Anton Chuvakin1K views29 slides
Tips on SIEM Ops 2015Tips on SIEM Ops 2015
Tips on SIEM Ops 2015Anton Chuvakin364 views21 slides
Five SIEM Futures (2012)Five SIEM Futures (2012)
Five SIEM Futures (2012)Anton Chuvakin607 views21 slides
RSA 2016 Security Analytics PresentationRSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics PresentationAnton Chuvakin494 views31 slides

More from Anton Chuvakin(20)

Modern SOC Trends 2020Modern SOC Trends 2020
Modern SOC Trends 2020
Anton Chuvakin750 views
Anton's 2020 SIEM Best and Worst Practices - in BriefAnton's 2020 SIEM Best and Worst Practices - in Brief
Anton's 2020 SIEM Best and Worst Practices - in Brief
Anton Chuvakin339 views
Generic siem how_2017Generic siem how_2017
Generic siem how_2017
Anton Chuvakin1K views
Tips on SIEM Ops 2015Tips on SIEM Ops 2015
Tips on SIEM Ops 2015
Anton Chuvakin364 views
Five SIEM Futures (2012)Five SIEM Futures (2012)
Five SIEM Futures (2012)
Anton Chuvakin607 views
RSA 2016 Security Analytics PresentationRSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics Presentation
Anton Chuvakin494 views
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Anton Chuvakin10K views
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Anton Chuvakin14K views
Practical Strategies to Compliance and Security with SIEM by Dr. Anton ChuvakinPractical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin
Practical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin
Anton Chuvakin3.4K views
SIEM Primer:SIEM Primer:
SIEM Primer:
Anton Chuvakin4.7K views
Log management and compliance: What's the real story? by Dr. Anton ChuvakinLog management and compliance: What's the real story? by Dr. Anton Chuvakin
Log management and compliance: What's the real story? by Dr. Anton Chuvakin
Anton Chuvakin1.5K views
On Content-Aware SIEM by Dr. Anton ChuvakinOn Content-Aware SIEM by Dr. Anton Chuvakin
On Content-Aware SIEM by Dr. Anton Chuvakin
Anton Chuvakin1.7K views
Making Log Data Useful: SIEM and Log Management Together by Dr. Anton ChuvakinMaking Log Data Useful: SIEM and Log Management Together by Dr. Anton Chuvakin
Making Log Data Useful: SIEM and Log Management Together by Dr. Anton Chuvakin
Anton Chuvakin2.6K views
PCI 2.0 What's Next for PCI DSS by Dr. Anton ChuvakinPCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
PCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
Anton Chuvakin1.2K views
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
Anton Chuvakin934 views
Navigating the Data Stream without Boiling the Ocean:: Case Studies in Effec...Navigating the Data Stream without Boiling the Ocean:: Case Studies in Effec...
Navigating the Data Stream without Boiling the Ocean:: Case Studies in Effec...
Anton Chuvakin994 views
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Anton Chuvakin1.1K views
What PCI DSS Taught Us About Security by Dr. Anton ChuvakinWhat PCI DSS Taught Us About Security by Dr. Anton Chuvakin
What PCI DSS Taught Us About Security by Dr. Anton Chuvakin
Anton Chuvakin1.8K views
PCI DSS and Logging: What You Need To Know by Dr. Anton ChuvakinPCI DSS and Logging: What You Need To Know by Dr. Anton Chuvakin
PCI DSS and Logging: What You Need To Know by Dr. Anton Chuvakin
Anton Chuvakin20.2K views
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinSo You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
Anton Chuvakin6K views

Recently uploaded

Empowering City ClerksEmpowering City Clerks
Empowering City ClerksOnBoard101 views12 slides
Common WordPress APIs_ Settings APICommon WordPress APIs_ Settings API
Common WordPress APIs_ Settings APIJonathan Bossenger32 views10 slides
Solving today’s Traffic Problems with Sustainable Ride Hailing SolutionSolving today’s Traffic Problems with Sustainable Ride Hailing Solution
Solving today’s Traffic Problems with Sustainable Ride Hailing SolutionOn Demand Clone44 views9 slides
Brisbane MuleSoft Meetup 13 MuleSoft Maven and Managing Dependencies Part 1.pptxBrisbane MuleSoft Meetup 13 MuleSoft Maven and Managing Dependencies Part 1.pptx
Brisbane MuleSoft Meetup 13 MuleSoft Maven and Managing Dependencies Part 1.pptxBrianFraser2917 views52 slides
Recommendation Modeling with Impression Data at NetflixRecommendation Modeling with Impression Data at Netflix
Recommendation Modeling with Impression Data at NetflixJiangwei Pan95 views24 slides
Reward Innovation for long-term member satisfactionReward Innovation for long-term member satisfaction
Reward Innovation for long-term member satisfactionJiangwei Pan46 views18 slides

Recently uploaded(20)

Empowering City ClerksEmpowering City Clerks
Empowering City Clerks
OnBoard101 views
Common WordPress APIs_ Settings APICommon WordPress APIs_ Settings API
Common WordPress APIs_ Settings API
Jonathan Bossenger32 views
Solving today’s Traffic Problems with Sustainable Ride Hailing SolutionSolving today’s Traffic Problems with Sustainable Ride Hailing Solution
Solving today’s Traffic Problems with Sustainable Ride Hailing Solution
On Demand Clone44 views
Brisbane MuleSoft Meetup 13 MuleSoft Maven and Managing Dependencies Part 1.pptxBrisbane MuleSoft Meetup 13 MuleSoft Maven and Managing Dependencies Part 1.pptx
Brisbane MuleSoft Meetup 13 MuleSoft Maven and Managing Dependencies Part 1.pptx
BrianFraser2917 views
Recommendation Modeling with Impression Data at NetflixRecommendation Modeling with Impression Data at Netflix
Recommendation Modeling with Impression Data at Netflix
Jiangwei Pan95 views
Reward Innovation for long-term member satisfactionReward Innovation for long-term member satisfaction
Reward Innovation for long-term member satisfaction
Jiangwei Pan46 views
Product Research Presentation-Maidy Veloso.pptxProduct Research Presentation-Maidy Veloso.pptx
Product Research Presentation-Maidy Veloso.pptx
MaidyVeloso41 views
Mastering Automation Quality: Exploring UiPath's Test Suite for Seamless Test...Mastering Automation Quality: Exploring UiPath's Test Suite for Seamless Test...
Mastering Automation Quality: Exploring UiPath's Test Suite for Seamless Test...
DianaGray1044 views
10 reasons to choose Galaxy Tab S9 for work on the go10 reasons to choose Galaxy Tab S9 for work on the go
10 reasons to choose Galaxy Tab S9 for work on the go
Samsung Business USA95 views
Dennis Wendland_The i4Trust Collaboration Programme.pptxDennis Wendland_The i4Trust Collaboration Programme.pptx
Dennis Wendland_The i4Trust Collaboration Programme.pptx
FIWARE16 views
"Stateful app as an efficient way to build dispatching for riders and drivers..."Stateful app as an efficient way to build dispatching for riders and drivers...
"Stateful app as an efficient way to build dispatching for riders and drivers...
Fwdays48 views
"Architecture assessment from classics to details", Dmytro Ovcharenko"Architecture assessment from classics to details", Dmytro Ovcharenko
"Architecture assessment from classics to details", Dmytro Ovcharenko
Fwdays55 views
EuroBSDCon 2023 - (auto)Installing BSD Systems - Cases using pfSense, TrueNAS...EuroBSDCon 2023 - (auto)Installing BSD Systems - Cases using pfSense, TrueNAS...
EuroBSDCon 2023 - (auto)Installing BSD Systems - Cases using pfSense, TrueNAS...
Vinícius Zavam81 views
"Software Architecture for Humans!", Eberhard Wolff "Software Architecture for Humans!", Eberhard Wolff
"Software Architecture for Humans!", Eberhard Wolff
Fwdays22 views
GIT AND GITHUB (1).pptxGIT AND GITHUB (1).pptx
GIT AND GITHUB (1).pptx
GDSCCVRGUPoweredbyGo57 views
"Exploring MACH Principles", Nikita Galkin"Exploring MACH Principles", Nikita Galkin
"Exploring MACH Principles", Nikita Galkin
Fwdays21 views
Deep Dive Microsoft Viva Insights - Collabdays Bletchley Park 2023Deep Dive Microsoft Viva Insights - Collabdays Bletchley Park 2023
Deep Dive Microsoft Viva Insights - Collabdays Bletchley Park 2023
Chirag Patel18 views
9C Monthly Newsletter - SEPT 20239C Monthly Newsletter - SEPT 2023
9C Monthly Newsletter - SEPT 2023
PublishingTeam258 views
Product Research Presentation-Maidy Veloso.pptxProduct Research Presentation-Maidy Veloso.pptx
Product Research Presentation-Maidy Veloso.pptx
MaidyVeloso43 views
Product Research PresentationProduct Research Presentation
Product Research Presentation
DeahJadeArellano34 views

Proactive / Continuous Compliance Approach to PCI DSS by Dr. Anton Chuvakin

Editor's Notes

  1. “Clarified that identification of all locations of cardholder data should include instructions for configuring the underlying software to prevent inadvertent capture or retention of cardholder data”“Updated requirement to ensure that identified vulnerabilities are ranked according to risk.”
  2. See, How to STAY PCI DSS compliant:http://chuvakin.blogspot.com/2009/01/how-to-stay-compliant-or-ongoing-tasks.html
  3. PCI assessment case studyfrom Branden Williams (my co-author for “PCI Compliance” http://www.pcicompliancebook.info)
  4. Auditor-proof security SUCKS!
  5. Not getting daily compliance/security Process of complianceOperationalize – internalizeCompliance is seen as forced, not needed