Tizor_Data-Best-Practices.ppt

Best Practices for PCI Compliance New England ISSA Chapter Meeting July 19, 2007

The PCI-DSS Requirement ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],* Best Practice until June 30, 2008 when it becomes a requirement

What is PCI SSC? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Best Practices for Data Protection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

What are Assessors looking for? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

A Closer Look at PCI and Data Protection File Server Mainframe Database Log Encrypt External Users Internal Users Requirement 1: Install and Maintain a Firewall Configuration Requirement 8: Assign a Unique ID to Each Person Firewall IAM Requirement 3: Protect Stored Cardholder Data Data Protection Requirement 4: Encrypt Network Transmissions of Data Requirement 7: Implement Strong Access Control Requirement 10: Track and Monitor All Access to Cardholder Data

Challenges With PCI & Data Protection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Its Time to Re-Think Data Protection The Layered Data Defense System ,[object Object],[object Object],CMF email FTP Other Data Auditing End Point Monitoring PC Laptop Server File Server Mainframe Database Monitor Audit Alert Users Encryption Foundation Security Event Management

Data Auditing & Protection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],How Do You Protect Your Data ? What Are They Doing With the Data? Where is Your Data & Who’s Accessing It?

A New Approach to Data Auditing ,[object Object],[object Object],Decode network and local SQL and file server traffic Policy-driven audit of activity by location, operation, content, users, etc. Intelligent analytics to identify anomalous user behavior and issue alerts Reports provide detailed and summary view into activity

The importance of discovery ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Automate Data Policies ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Monitor Activity ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Protect Data ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Beyond PCI ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Questions? Michael Semaniuk 978-243-3212 [email_address]

Tizor_Data-Best-Practices.ppt

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Tizor_Data-Best-Practices.ppt

Similar to Tizor_Data-Best-Practices.ppt (20)

More from webhostingguy

More from webhostingguy (20)

Tizor_Data-Best-Practices.ppt