How to Achieve PCI Compliance with an Enterprise Job Scheduler
•Download as PPTX, PDF•
1 like•402 views
This document discusses how an enterprise job scheduler can help achieve PCI compliance. It begins with an overview of PCI, including its 12 key requirements around secure networks, access control, monitoring and testing. It then shows how a job scheduler can address several of these requirements by automating tasks like limiting access to systems and data, auditing access histories, generating exception reports, and maintaining documentation. The presentation concludes by thanking attendees and providing contact information for further discussion.
More Related Content
What's hot
What's hot (19)
Similar to How to Achieve PCI Compliance with an Enterprise Job Scheduler
Similar to How to Achieve PCI Compliance with an Enterprise Job Scheduler (20)
More from HelpSystems
More from HelpSystems (20)
Recently uploaded
Recently uploaded (20)
How to Achieve PCI Compliance with an Enterprise Job Scheduler
- 1. How to Achieve PCI Compliance with an Enterprise Job Scheduler © HelpSystems. Company Confidential. All trademarks and registered trademarks contained herein are the property of their respective owners.
- 2. © HelpSystems3/9/2015 2 Pat Cameron Director of Automation Technology Compliance and Automation Robin Tatam, CISM Director of Security Technologies
- 3. © HelpSystems3/9/2015 3 • PCI Security Standards – What is PCI? – PCI Requirements • Job Scheduler – How can automation help? – Secure systems – Documentation – System availability Today’s Agenda
- 4. © HelpSystems3/9/2015 4 What is PCI?
- 5. © HelpSystems3/9/2015 5 • What is PCI DSS? – Payment Card Industry (PCI) Data Security Standard (DSS) • Developed to encourage and enhance cardholder data security • Facilitates the broad adoption of consistent data security measures globally – PCI DSS Requirements & Security Assessment Procedures • Uses the 12 PCI DSS requirements as its foundation • Combines them with corresponding testing procedures – Designed for use by assessors conducting on-site reviews for: • Merchants • Service providers Overview of PCI
- 6. © HelpSystems3/9/2015 6 • Each card issuing brand has its own set of validation & reporting requirements: – Any entity that stores, processes, and/or transmits cardholder data must comply with PCI DSS – Entities may include but are not limited to: • Merchants • Service providers Who must comply with PCI DSS?
- 7. © HelpSystems3/9/2015 7 JANUARY 1 ALL YEAR NOVEMBER DECEMBER 31 APRIL-AUGUST NOVEMBER-APRIL MAY-JULY NOVEMBER KEY DATES Best practices for v3 become requirements June 2015 PCI = 3yr Lifecycle
- 8. © HelpSystems3/9/2015 8 V3 = More Clarity and Guidance
- 9. © HelpSystems3/9/2015 9 Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks Maintain Vulnerability Management Program 5. Use and regularly update anti-virus software or programs 6. Develop and maintain secure systems and applications Implement Strong Access Control Measures 7. Restrict access to cardholder data by business need-to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes Maintain an Information Security Policy 12. Maintain a policy that addresses information security for all personnel The 12 Requirements of PCI DSS
- 10. © HelpSystems3/9/2015 10 • Develop and maintain secure systems and applications – Change control – Development and test separate from production – Control access to production systems – Database replication for disaster recovery Requirement #6
- 11. © HelpSystems3/9/2015 11 Control access to production systems High Availability option Requirement #6
- 12. © HelpSystems3/9/2015 12 • Restrict access to cardholder data by business need-to- know – Limit access to system components and cardholder data – Establish access control for systems with multiple users Requirement #7
- 13. © HelpSystems3/9/2015 13 Limit access to system components Limit access for multiple users Requirement #7
- 14. © HelpSystems3/9/2015 14 • Track and monitor all access to network resources and cardholder data – Audit history trail – Exception reports • Job history • Job monitors • Agent event history – Archive logs Requirement #10
- 15. © HelpSystems3/9/2015 15 Audit history Exception Reports Requirement #10
- 16. © HelpSystems3/9/2015 16 • Maintain a policy that addresses information security – Documentation – Role security – Audit – Reporting – Exceptions Requirement #12
- 17. © HelpSystems3/9/2015 17 Requirement #10 Audit history Role Security Exception Reports
- 18. © HelpSystems3/9/2015 18 Skybot Scheduler
- 19. © HelpSystems3/9/2015 19 800-328-1000 or +1 952-933-0609 www.helpsystems.com pat.cameron@helpsystems.com robin.tatam@powertech.com Thank You for Joining Us!Thank you for joining us!