Pci V2

761 views

Published on

This presentation describes the features of Riesgo PCI V2 that assists organisations in managing the activities of related to PCI compliance.
Key modules include:
PCI operations radar – real time monitoring of all PCI assets across your network
PCI compliance dashboard - policy compliance in accordance with the PCI DSS
In this presentation:
PCI assessment process
PCI operations radar process
PCI operation log retrieval system
PCI Asset register
PCI Audit process
Project & Business unit PCI assessment

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
761
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Pci V2

  1. 1. PCI v2 PCI operations radar & compliance dashboard Ben Oguntala info@riesgoriskmanagement.com www.riesgoriskmanagement.com 07812039867 For a pilot, email Ben Oguntala - info@riesgoriskmanagement.com
  2. 2. Introduction Objective • This presentation describes the features of Riesgo PCI V2 that assists organisations in managing the activities of related to PCI compliance. Key modules include: • PCI operations radar – real time monitoring of all PCI assets across your network • PCI compliance dashboard - policy compliance in accordance with the PCI DSS In this presentation: • PCI assessment process • PCI operations radar process • PCI operation log retrieval system • PCI Asset register • PCI Audit process • Project & Business unit PCI assessment For a pilot, email Ben Oguntala - info@riesgoriskmanagement.com
  3. 3. Riesgo PCI v2 solution captures the end to end cycle of PCI within your organisation. PCI Audits PCI PCI reports assessments PCI compliance PCI PCI Risk program register Dashboard PCI log PCI Asset retrieval register system PCI operations radar For a pilot, email Ben Oguntala - info@riesgoriskmanagement.com
  4. 4. Overview PCI compliance Dashboard PCI Operations Radar Application server Database server Business logic Business unit assessments assessments assessments Web server Firewalls Routers IPS/IDS server Project Asset PCI Log retrieval PCI asset register system PCI compliance dashboard PCI operations radar Risk Register Radar alerts compliance Likelihood Business Web server logic server Application impact Audits Business Database Database Policy Firewalls Likelihood Business Asset Review Routers impact IPS/IDS server server server Violation PCI ID Asset BU owner date PCI ID Ben 123 Serv1 AG H L Y 2/3/09 3 - - Gee 123 H L 3 3 1 5 Olu 124 Serv3 AG H L N 2/3/09 - - - Gee 124 H L - Mark 125 Serv4 AG H L Y 2/3/09 - - - Seal 125 H L - Olu 126 Serv5 AG H L N 2/5/09 - - - Gee 126 H L 3 3 4 1 Ray 127 Serv6 AG H L N 2/3/09 - - - Ban 127 H L - See 128 Serv7 AG H L Y 2/3/09 - - - More 128 H L - Olu 129 Serv8 AG H L Y 2/3/09 - - - Gee Cee 130 Serv9 AG H L Y 2/3/09 For a pilot,-email Ben Oguntala - - - Cee info@riesgoriskmanagement.com
  5. 5. PCI assessment process Type PCI Assessment Risk rating PCI 1. Do not retain full magnetic stripe, card L MH compliance Project validation code or value Dashboard PCI 2. Protect stored cardholder data registration Business unit 3. Provide secure authentication features form 4. Log payment application activity Asset 5. Develop secure payment applications PCI risk 6. Protect wireless transmissions register 7. Test payment applications to address vulnerabilities 8. Facilitate secure network implementation 9. Cardholder data must never be stored on a server connected to the Internet 10. Facilitate secure remote software updates 11. Facilitate secure remote access to payment application 12. Encrypt sensitive traffic over public networks 13. Encrypt all non-console administrative access 14. Maintain instructional documentation and training programs for customers, resellers, and integrators For a pilot, email Ben Oguntala - info@riesgoriskmanagement.com
  6. 6. PCI operation radar process PCI compliance Dashboard PCI operations radar Project details Web server logic server Application Business Database Database Firewalls Likelihood Business Routers impact IPS/IDS server server server Violation PCI ID Project name Project ID 123 H L 3 3 1 5 Project Manager Project Manager Description Assets Web Servers Asset owner Log interface Business logic Asset owner Log interface Riesgo Log retrieval system Firewalls Asset owner Log interface Databases Asset owner Legal interface For a pilot, email Ben Oguntala - info@riesgoriskmanagement.com
  7. 7. PCI log retrieval system PCI operations radar PCI project ID Web server logic server Application Business Database Database Firewalls Likelihood Business Routers impact IPS/IDS server server server Violation Web server Log PCI ID Application server Log 123 H L 3 3 1 5 Business logic Log server PCI Log retrieval Alert rating system Database server Log Routers Log Firewalls Log IPS/IDS Log For a pilot, email Ben Oguntala - info@riesgoriskmanagement.com
  8. 8. PCI Asset register PCI project ID Web server Log PCI compliance dashboard Application server Log compliance Likelihood Business impact Policy Asset PCI ID Asset BU owner Business logic Log server Ben 123 Serv1 AG H L Y Gee Olu Database server Log 124 Serv3 AG H L N Gee Mark 125 Serv4 AG H L Y Seal Olu Routers Log 126 Serv5 AG H L N Gee Ray 127 Serv6 AG H L N Ban Firewalls Log See 128 Serv7 AG H L Y More Olu 129 Serv8 AG H L Y IPS/IDS Log Gee Cee 130 Serv9 AG H L Y Cee Each PCI project can identify its assets and assessed against the policy compliance and For a pilot, email Ben Oguntala transmitted data via its logs. ready - info@riesgoriskmanagement.com
  9. 9. PCI Audit Business Audit non compliance report units Audit schedule compliance compliance Risk rating Likelihood Business findings impact Policy Audit Asset Asset Non BU owner PCI PCI Policies PCI Assets projects compliance PCI compliance dashboard Risk Register Radar alerts compliance Likelihood Business impact Audits Policy Asset Review PCI ID Asset BU owner date For a pilot, email Ben Oguntala - info@riesgoriskmanagement.com
  10. 10. Project & business Business unit assessments assessments assessments Project Asset unit PCI assessment PCI related PCI related units with Business projects Assets PCI Reports PCI risk Risk Register compliance Risk Likelihood Business assessment form Audits impact Policy rating Review The 14 key PCI date assessments PCI compliance 1. Do not retain full magnetic stripe, card validation code or value dashboard 2. Protect stored cardholder data 3. Provide secure authentication features 4. Log payment application activity 5. Develop secure payment applications 6. Protect wireless transmissions 7. Test payment applications to address vulnerabilities 8. Facilitate secure network implementation 9. Cardholder data must never be stored on a server connected to the Internet 10. Facilitate secure remote software updates 11. Facilitate secure remote access to payment application 12. Encrypt sensitive traffic over public networks 13. Encrypt all non-console administrative access 14. Maintain instructional documentation and training programs for customers, resellers, and integrators For a pilot, email Ben Oguntala - info@riesgoriskmanagement.com
  11. 11. Contact details Interested in PCI v2? Contact us For a pilot, email Ben Oguntala - info@riesgoriskmanagement.com

×