SlideShare a Scribd company logo

Webinar - PCI PIN, PCI cryptography & key management

VISTA InfoSec
VISTA InfoSec

PCI PIN Security Requirements provide guidelines on protecting PIN during offline and online transactions in ATM’s and POS terminals. This standard has serious overlaps with PCI DSS, POS Management and HSM utilization in a secure card environment.

Technology
1 of 62
PCI PIN, PCI CRYPTOGRAPHY & KEY MANAGEMENT
Webinar Objectives Introduction to PCI PIN Scope and Applicability of PCI PIN Basics of cryptography Best practices in Key Management PCI PIN certification process. QnA
FREE COMPLIANCE CONTENT Subscribe to our YouTube channel: https://www.youtube.com/c/vistainfosecofficial View up-to-date informative videos free on -PCI DSS -HIPAA -GDPR -SOC 1/2 -Ethical Hacking
•It is not the answer that enlightens, but the question. Decouvertes
ABOUT M E Mr.Sahoo carries over 25 years of experience in the IT industry, out of which the last 15 years has been dedicated to VISTA InfoSec. His professional qualifications include PCI QSA, CISA, CISSP, CRISC, ISO 27001 Lead Assessor. Starting off as an assembly language programmer, with the advent of networking and the Internet in India, he moved on into networking and IT management of which InfoSec was a natural progression. A very well versed professional with proficiency in globally recognized standards such as ISO27001, PCI DSS, ITIL/ISO 20000, COBIT and many international regulations such as HIPAA, CSV, SOX, SSAE16, SOC, etc., Mr.Sahoo has conducted IT consulting and assessments for large Banks, Software development organizations, Banks, Research & Development companies and BPOs in India and overseas. Well versed with strategy development and an astute Technical background, he has audited, designed and strategized for a wide variety of Information security and networking technologies. He has provided consulting services for premier organizations such as Tata Group, Shell Oil, Cipla, numerous payment processing organisations and a host of banks including the Reserve Bank of India and the Indian armed forces. He has recently been awarded the “Crest of Honor” by the Indian Navy for his contributions. He was inducted into the CSI – Hall of Fame for his significant contributions to the fraternity. Sectors: Worked in all vertical ranging from Government/PSU, BFSI, Pharma, Manufacturing, ITES etc. NARENDRA SAHOO Designation Director Certifications PCI QPA, PCI QSA, CISSP, CISA, CRISC, ISO27001 LA Experience 25 Years
Ending Survey pls… Please do complete our brief survey at the end and leave your comments
PCI SSC STANDARDS
PCI SSC - The Standards PC I PED PC I PA-DS S PC I DS S PCI PED addresses device characteristics impacting security of PIN Entry Device (PED) during financ ial transactions PA- DSS applies to software vendors and others who develop payment applications that store, process, or transmit cardholder data as part of authorization or settlement, where those applications are sold, distributed, or licensed to third parties. PCI DSS applies to any entity that stores, proc es s es, and/ or trans mits c ardholder data, and specifically to those system components included in or connected to the cardholder data environment (the part of the network with cardholder data) PEDs Integrated with payment applications (POS , ATM) Stand Alone PED Device PCI PED applies - PED device only PA DSS may apply* PCI DSS applies – systems & networks Payment A pplic ations (e.g. Shopping cart, POS) Payment Applications in merchants/ service providers environment** Merchants’ and Service Providers’ cardholder data environment
Standards Overview
PCI Standards Framework
Objective of PCI PIN Identifies minimum security requirements for PIN- based interchange transactions. Outlines the minimum acceptable requirements for securing PINs and encryption keys. Assists all retail electronic payment system participants in establishing assurances that cardholder PINs will not be compromised.
Applicability of PCI PIN Secure management, processing, and transmission of personal identification number (PIN) data during online and offline payment card transaction processing at ATMs and attended and unattended point- of- sale (POS) terminals.
S tandard layout Transaction Processing Operations - 7 Control Objectives Normative Annex A – Symmetric Key Distribution using Asymmetric Keys Ac quiring entities involved in the implementation of s ymmetric key distribution using asymmetric keys (remote key dis tribution) or thos e entities involved in the operation of Certification Authorities for such purposes - A1 – 6 C ontrol Objec tives. Remote Key Dis tribution Us ing Asymmetric Techniques Operations - A2 – 7 C ontrol Objec tives. C ertific ation and Regis tration Authority Operations Normative Annex B – Key- Injection Facilities - Entities that operate key- injection facilities for the injec tion of keys ⎯ key-enc ipherment keys (KEKs ), PIN- encipherment keys (PEKs), etc. ⎯that are used for the acquisition of PIN data - 7 Control Objectives Normative Annex C – Minimum and Equivalent Key Sizes and Strengths for Approved Algorithms
Requirements layout
Transaction Processing Operations Control Objective 1: PINs used in transactions governed by these requirements are processed using equipment and methodologies that ensure they are kept secure. Control Objective 2: Cryptographic keys used for PIN encryption/decryption and related key management are created using processes that ensure that it is not possible to predict any key or determine that certain keys are more probable than other keys. Control Objective 3: Keys are conveyed or transmitted in a secure manner Control Objective 4: Key-loading to HSMs and POI PIN-acceptance devices is handled in a secure manner. Control Objective 5: Keys are used in a manner that prevents or detects their unauthorized usage. Control Objective 6: Keys are administered in a secure manner. Control Objective 7: Equipment used to process PINs and keys is managed in a secure manner
Normative Annex A – Symmetric Key Distribution using Asymmetric Techniques A1 – Remote Key Distribution Using Asymmetric Techniques Operations Control Objective 1: PINs used in transactions governed by these requirements are processed using equipment and methodologies that ensure they are kept secure. Control Objective 2: Cryptographic keys used for PIN encryption/decryption and related key management are created using processes that ensure that it is not possible to predict any key or determine that certain keys are more probable than other keys. Control Objective 3: Keys are conveyed or transmitted in a secure manner Control Objective 4: Key-loading to HSMs and POI PIN-acceptance devices is handled in a secure manner. Control Objective 5: Keys are used in a manner that prevents or detects their unauthorized usage Control Objective 6: Keys are administered in a secure manner
Normative Annex A – Symmetric Key Distribution using Asymmetric Techniques A2 – Certification and Registration Authority Operations Control Objective 3: Keys are conveyed or transmitted in a secure manner Control Objective 4: Key-loading to HSMs and POI PIN-acceptance devices is handled in a secure manner. Control Objective 5: Keys are used in a manner that prevents or detects their unauthorized usage. Control Objective 6: Keys are administered in a secure manner. Control Objective 7: Equipment used to process PINs and keys is managed in a secure manner
Normative Annex B – Key Injection Facilities Control Objective 1: PINs used in transactions governed by these requirements are processed using equipment and methodologies that ensure they are kept secure. Control Objective 2: Cryptographic keys used for PIN encryption/decryption and related key management are created using processes that ensure that it is not possible to predict any key or determine that certain keys are more probable than other keys. Control Objective 3: Keys are conveyed or transmitted in a secure manner Control Objective 4: Key-loading to HSMs and POI PIN-acceptance devices is handled in a secure manner. Control Objective 5: Keys are used in a manner that prevents or detects their unauthorized usage. Control Objective 6: Keys are administered in a secure manner. Control Objective 7: Equipment used to process PINs and keys is managed in a secure manner
Minimum and Equivalent Key Sizes and Strengths for Approved Algorithms The following are the minimum key sizes and parameters for the algorithm(s) in question that must be used in connection with key transport, exchange, or establishment and for key or data protection: Normative Annex C
Basics of Cryptography
I ndex Introduction What is Cryptography? Purpose Of cryptography Architecture of cryptography Types of Cryptography Process of cryptography Types Of cryptography Algorithms Attacks of cryptography Conclusion References
I NTRODUCTI ON The Internet is a global connection of computer network with its various addresses administered by the IANA (Internet address and Naming Authority). There are many aspects to internet security which involves a range of applications, including secure commerce and payments to private communications and protecting passwords. Cryptography is one critical aspect for secure communications.
What is Cryptography? Cryptography is a term derived from a Greek word called “Krypto” which means “Hidden Secrets”. Cryptography is a technique of hiding information. The method involves securing of communication/data by encrypting readable data into a coded format, using special characters in replacement of simple letters. This process or technique facilitates Confidentiality, Integrity, and Accuracy.
PURPOSE OF CRYPTOGRAPHY Authentication: Proves one's identity. (The primary forms of host-to-host authentication on the Internet today are name-based or address-based, both of which are notoriously weak.) Privacy/confidentiality: Ensures confidentiality of data, for the text is encrypted and can only be read by the intended person. Integrity: It assure the data received by the receiver is not compromised or altered in any way from the original. Non-repudiation: A mechanism to prove that the data/message was originally sent by sender himself.
Architecture of cryptography Public Key Crypto Hash Function Secret Key Crypto Public Key Crypto Alice's Private Key Alice's Message Random Session Key Bob's Public Key Digital Signature Digital Envelope Encrypted Message Encrypted Session Key Sent to Bob
Types of Cryptography Both the sender and receiver needs to be aware of the key. Assuming we live in a hostile environment (otherwise - why the need for cryptography?), it may be hard to share a secret key. Secret Key Cryptography Single key used to encrypt and decrypt data.
Public Key Cryptography One of the keys allocated to each person is called the "public key", It is published in an open directory where it is visible/accessible to everyone. ( example by email address) Each entity has 2 keys: - Private Key (a secret) - Public key (well known).
Using Keys Private keys are used for decrypting. Public keys are used for encrypting.
Process of cryptography
TYPES OF CRYPTOGRAPHIC ALGORITHMS
PUBLIC/PRIVATE KEY CRYPTOGRAPHY Asymmetric key cryptography which involves using of different encryption and decryption key pair helps overcome key management problem. Knowing just a single key, say the encryption key, is not sufficient to determine the other decryption key. The mathematical relationship between the public/private key pair has a standard rule. The rule suggests that any message encrypted with one key of the pair can only be decrypted with its counterpart key.
Hash Functions It is a one-way function, fundamental to most parts of cryptography. A one way function simply means it is easy to calculate, but hard to invert. Calculation of the input to the function maybe difficult, given its output. Meanings of "easy" and "hard" can be precisely defined mathematically. With rare exceptions, almost the entire field of public key cryptography rests on the existence of one-way functions.
Attacks of cryptography Cipher text only attack - The only data available is a target cipher text Known plaintext attack - A target cipher text - Pairs of other cipher text and plaintext (say, previously broken or guessing)
Attacks of cryptography Chosen plaintext attacks - A target cipher text - I t can obtain the matching cipher text by feeding on encryption algorithm using plaintexts. Chosen cipher text attack - A target cipher text - I t can obtain the matching plaintext and matching cipher text by feeding on decryption algorithm.
Certification Process
Basics of key management
Key M anag ement in Cryptography What is Key Management? Why is Key Management a topic of disc ussion? Different Key Management Techniques About Key Management Life Cycle
Key M anag ement in Cryptography Definition: Key Management is a set of technique and procedure that supports the establishment and maintenance of keying relationships between authorized parties. A keying relationship is a process wherein two entities who share a common data (Keying material) enable the technique of cryptography. The data shared between both the parties may include public or sec ret keys, initialization values, and additional non- secret parameters.
Key M anag ement in Cryptography ( cont.) ? Key Management techniques and procedures support: Initialization of systems users within a domain; Generation, dis tribution, and ins tallation of keying material; Controlling the use of keying material; U pdate, revocation, and des truction of keying material; S torag e, backup/recovery, and archival of keying material.
WHY IS KEY MANAGEMENT A TOPIC OF DICUSSION ? Most attacks are aimed at Key Management level rather than Cryptographic Algorithm itself. Key Management objectives, threats, and policy. Objectives of Key Management- Maintain keying relationships and keying material in a manner that counters relevant threats. Practically in conformance to relevant Security Policy
WHY IS KEY MANAGEMENT A TOPIC OF DICUSSION ? Threats Compromise the confidentiality of secret keys. Compromise the authenticity of secret or public keys. Unauthorized use of public or secret keys.
WHY IS KEY MANAGEMENT A TOPIC OF DICUSSION ? Security policy Explicitly or implicitly defines the potential threat a system is intended to address. Possibly affect the stringency of cryptographic requirements, depending on the susceptibility of the environment in questions to various types of attack.
WHY IS KEY MANAGEMENT A TOPIC OF DICUSSION ? Security Policies specify: Practices and procedures to be followed while carrying out technical and administrative aspects of Key Management, both automated and manual; The responsibilities and accountability of each party involved; The types of records to be kept, support subsequent reports or review security-related events.
PUBLIC/PRIVATE KEY CRYPTOGRAPHY O N E - O N - O N E M E E T I N G P r e s e n t a t i o n s a r e c o m m u n i c a t i o n t o o l s t h a t c a n b e u s e d a s l e c t u r e s . T E A M B U I L D I N G E X E R C I S E S P r e s e n t a t i o n s a r e c o m m u n i c a t i o n t o o l s t h a t c a n b e u s e d a s l e c t u r e s . F I R S T W E E K C H E C K L I S T P r e s e n t a t i o n s a r e c o m m u n i c a t i o n t o o l s t h a t c a n b e u s e d a s l e c t u r e s . I N T E R D E P A R T M E N T A L P r e s e n t a t i o n s a r e c o m m u n i c a t i o n t o o l s t h a t c a n b e u s e d a s l e c t u r e s .
Public-Key vs. Symmetric-Key Techniques Primary advantage of Public-Key (vs. symmetric-key) techniques for applications related to key management include: Key Management Techniques Simplified Key Management Online Trusted Serve Not Required Enhanced Functionality.
Key management a) Symmetric-key encryption Key Management Techniques
b) Public-key encryption Key Management Techniques
Techniques for distributing confidential keys Key layering and symmetric-key certificates Key layering: Master keys at the highest level in the hierarchy. Key-encrypting keys are symmetric keys or encryption public keys used for key transport or storage of other keys. Data keys are provides cryptographic operations on user data. Key Management Techniques
Key Management Life Cycle Key Management is simplest when all cryptographic keys are fixed for all time. Cryptoperiods necessitate the update of keys. It further necessitates additional procedures and protocols which include communications with third parties in public-key systems. The sequence of states in which keying material progresses through over its lifetime is called the key management life cycle. Key Management Life Cycle
Life Cycle Stages may include- User registration User initialization Key generation Key installation Key registration Normal use Key backup Key update Archival Key de-registration and destruction Key recovery Key revocation Key Management Life Cycle
Thank You Please do complete our brief survey at the end and leave your comments
Past Webinars PCI DSS - Managing your outsourced vendor. Log Management and reporting for the PCI environment. Best practices in Ecommerce security. PCI DSS and the Cloud – Top risks and Mitigations Wireless in the PCI environment – Top risks and Mitigations PCI DSS in the virtualized environment – Top risks and Mitigations Targeted attacks: Spear Phishing and Social Engineering. PCI DSS Scoping and Segmentation. Managing Data Leakage in your PCI environment. Strategies for migration from early TLS and SSL. Using PCI DSS for GDPR Compliance Using ISO27001 for PCI DSS SOC2 and YOU GDPR – Are you ready SOC2 – Beyond the myth GDPR – Steps to a successful DPIA Blockchain – A crash course – What is it, potential uses and pitfalls
Past Webinars Tackling Security in the Cloud: CASB to the rescue HIPAA – Basics and Beyond… Using SOC2 for HIPAA Compliance Developing a Cyber Security framework using NIST SOC for CyberSecurity Rights of Data Subjects – GDPR and PDPA SOC2 Compliance and the Cloud Debunking Top 10 myths of PCI DSS Achieving PCI DSS in 90 days FDA CFR Part 11 - Whats the hype all about Achieving SOC2 Compliance in 90 days – Is it possible? Step by step approach to PDPA compliance steps for Compliance with NIST 800-171 compliance PCI DSS - 5 Simple Techniques to reduce scope SOC2 and CCM Intalks with Nitin Bhatnagar (PCI Council) - Meeting Payment Security Needs Now and for the Future
Past Webinars Covid 19 and Business Continuity PA DSS and PCI SSF – How they match up and how they map PCI PIN, PCI Cryptography & Key Management
YouTube:
Facebook:
Linkedin:
Webinar - PCI PIN, PCI cryptography & key management

Recommended

Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSS
Saumya Vishnoi
 
Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates
VISTA InfoSec
 
PCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management CompliancePCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management Compliance
ControlCase
 
CompTIA Security+ Guide
CompTIA Security+ GuideCompTIA Security+ Guide
CompTIA Security+ Guide
Smithjulia33
 
PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdf
ControlCase
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018
Schellman & Company
 
Pcidss qr gv3_1
Pcidss qr gv3_1Pcidss qr gv3_1
Pcidss qr gv3_1
leon bonilla
 

Recommended

Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSS
Saumya Vishnoi
 
Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates
VISTA InfoSec
 
PCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management CompliancePCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management Compliance
ControlCase
 
CompTIA Security+ Guide
CompTIA Security+ GuideCompTIA Security+ Guide
CompTIA Security+ Guide
Smithjulia33
 
PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdf
ControlCase
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018
Schellman & Company
 
Pcidss qr gv3_1
Pcidss qr gv3_1Pcidss qr gv3_1
Pcidss qr gv3_1
leon bonilla
 
Key management
Key managementKey management
Key management
Brandon Byungyong Jo
 
PCI-DSS_Overview
PCI-DSS_OverviewPCI-DSS_Overview
PCI-DSS_Overview
sameh Abulfotooh
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
Vigilant Software
 
CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security Benchmark
Rahul Khengare
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
PECB
 
PCI DSS
PCI DSSPCI DSS
PCI DSS
Duy Do Phan
 
Webinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdfWebinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdf
ControlCase
 
ISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_List
SriramITISConsultant
 
Passwordless auth
Passwordless authPasswordless auth
Passwordless auth
Lesha Bhansali
 
Two Factor Authentication
Two Factor AuthenticationTwo Factor Authentication
Two Factor Authentication
Nikhil Shaw
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance Checklist
ControlCase
 
BATbern48_Zero Trust Architektur des ISC-EJPD.pdf
BATbern48_Zero Trust Architektur des ISC-EJPD.pdfBATbern48_Zero Trust Architektur des ISC-EJPD.pdf
BATbern48_Zero Trust Architektur des ISC-EJPD.pdf
BATbern
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
Birendra Negi ☁️
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
PECB
 
PCI DSS Compliance
PCI DSS CompliancePCI DSS Compliance
PCI DSS Compliance
Saumya Vishnoi
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018
Will Adams
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
Fahmi Albaheth
 
Introduction to Integration Technologies
Introduction to Integration TechnologiesIntroduction to Integration Technologies
Introduction to Integration Technologies
BizTalk360
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
PCI DSS for Penetration Testing
PCI DSS for Penetration TestingPCI DSS for Penetration Testing
PCI DSS for Penetration Testing
Network Intelligence India
 

More Related Content

What's hot

Key management
Key managementKey management
Key management
Brandon Byungyong Jo
 
PCI-DSS_Overview
PCI-DSS_OverviewPCI-DSS_Overview
PCI-DSS_Overview
sameh Abulfotooh
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
Vigilant Software
 
CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security Benchmark
Rahul Khengare
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
PECB
 
PCI DSS
PCI DSSPCI DSS
PCI DSS
Duy Do Phan
 
Webinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdfWebinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdf
ControlCase
 
ISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_List
SriramITISConsultant
 
Passwordless auth
Passwordless authPasswordless auth
Passwordless auth
Lesha Bhansali
 
Two Factor Authentication
Two Factor AuthenticationTwo Factor Authentication
Two Factor Authentication
Nikhil Shaw
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance Checklist
ControlCase
 
BATbern48_Zero Trust Architektur des ISC-EJPD.pdf
BATbern48_Zero Trust Architektur des ISC-EJPD.pdfBATbern48_Zero Trust Architektur des ISC-EJPD.pdf
BATbern48_Zero Trust Architektur des ISC-EJPD.pdf
BATbern
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
Birendra Negi ☁️
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
PECB
 
PCI DSS Compliance
PCI DSS CompliancePCI DSS Compliance
PCI DSS Compliance
Saumya Vishnoi
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018
Will Adams
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
Fahmi Albaheth
 
Introduction to Integration Technologies
Introduction to Integration TechnologiesIntroduction to Integration Technologies
Introduction to Integration Technologies
BizTalk360
 

What's hot (20)

Key management
Key managementKey management
Key management
 
PCI-DSS_Overview
PCI-DSS_OverviewPCI-DSS_Overview
PCI-DSS_Overview
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
 
CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security Benchmark
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
 
PCI DSS
PCI DSSPCI DSS
PCI DSS
 
Webinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdfWebinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdf
 
ISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_List
 
Passwordless auth
Passwordless authPasswordless auth
Passwordless auth
 
Two Factor Authentication
Two Factor AuthenticationTwo Factor Authentication
Two Factor Authentication
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance Checklist
 
BATbern48_Zero Trust Architektur des ISC-EJPD.pdf
BATbern48_Zero Trust Architektur des ISC-EJPD.pdfBATbern48_Zero Trust Architektur des ISC-EJPD.pdf
BATbern48_Zero Trust Architektur des ISC-EJPD.pdf
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
 
PCI DSS Compliance
PCI DSS CompliancePCI DSS Compliance
PCI DSS Compliance
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
 
Introduction to Integration Technologies
Introduction to Integration TechnologiesIntroduction to Integration Technologies
Introduction to Integration Technologies
 

Similar to Webinar - PCI PIN, PCI cryptography & key management

PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
PCI DSS for Penetration Testing
PCI DSS for Penetration TestingPCI DSS for Penetration Testing
PCI DSS for Penetration Testing
Network Intelligence India
 
PCI DSS for Pentesting
PCI DSS for PentestingPCI DSS for Pentesting
PCI DSS for Pentesting
n|u - The Open Security Community
 
Pci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewPci standards, from participation to implementation and review
Pci standards, from participation to implementation and review
isc2-hellenic
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
ControlCase
 
PCI Compliance (for developers)
PCI Compliance (for developers)PCI Compliance (for developers)
PCI Compliance (for developers)
Maksim Djackov
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2
SafeNet
 
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS Compliance
ControlCase
 
Point-to-Point Encryption: Best Practices and PCI Compliance Update
Point-to-Point Encryption: Best Practices and PCI Compliance UpdatePoint-to-Point Encryption: Best Practices and PCI Compliance Update
Point-to-Point Encryption: Best Practices and PCI Compliance Update
Merchant Link
 
Understanding the Role of Hardware Data Encryption in EMV and P2PE
Understanding the Role of Hardware Data Encryption in EMV and P2PEUnderstanding the Role of Hardware Data Encryption in EMV and P2PE
Understanding the Role of Hardware Data Encryption in EMV and P2PE
Greg Stone
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation services
Tariq Juneja
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
SafeNet
 
PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)
Kimberly Simon MBA
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as Usual
Kimberly Simon MBA
 
All You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxAll You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptx
ITIO Innovex
 
PCI DSS Business as Usual
PCI DSS Business as UsualPCI DSS Business as Usual
PCI DSS Business as Usual
ControlCase
 
IRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor Authentication
IRJET Journal
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
Ulf Mattsson
 
Security and Encryption for CAN Keypads
Security and Encryption for CAN Keypads Security and Encryption for CAN Keypads
Security and Encryption for CAN Keypads
DorleControls
 
Credit Card Processing for Small Business
Credit Card Processing for Small BusinessCredit Card Processing for Small Business
Credit Card Processing for Small Business
Mark Ginnebaugh
 

Similar to Webinar - PCI PIN, PCI cryptography & key management (20)

PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
PCI DSS for Penetration Testing
PCI DSS for Penetration TestingPCI DSS for Penetration Testing
PCI DSS for Penetration Testing
 
PCI DSS for Pentesting
PCI DSS for PentestingPCI DSS for Pentesting
PCI DSS for Pentesting
 
Pci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewPci standards, from participation to implementation and review
Pci standards, from participation to implementation and review
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
 
PCI Compliance (for developers)
PCI Compliance (for developers)PCI Compliance (for developers)
PCI Compliance (for developers)
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2
 
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS Compliance
 
Point-to-Point Encryption: Best Practices and PCI Compliance Update
Point-to-Point Encryption: Best Practices and PCI Compliance UpdatePoint-to-Point Encryption: Best Practices and PCI Compliance Update
Point-to-Point Encryption: Best Practices and PCI Compliance Update
 
Understanding the Role of Hardware Data Encryption in EMV and P2PE
Understanding the Role of Hardware Data Encryption in EMV and P2PEUnderstanding the Role of Hardware Data Encryption in EMV and P2PE
Understanding the Role of Hardware Data Encryption in EMV and P2PE
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation services
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
 
PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as Usual
 
All You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxAll You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptx
 
PCI DSS Business as Usual
PCI DSS Business as UsualPCI DSS Business as Usual
PCI DSS Business as Usual
 
IRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor Authentication
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
 
Security and Encryption for CAN Keypads
Security and Encryption for CAN Keypads Security and Encryption for CAN Keypads
Security and Encryption for CAN Keypads
 
Credit Card Processing for Small Business
Credit Card Processing for Small BusinessCredit Card Processing for Small Business
Credit Card Processing for Small Business
 

More from VISTA InfoSec

How to Conduct an ISO 27001 Risk Assessment That Works
How to Conduct an ISO 27001 Risk Assessment That WorksHow to Conduct an ISO 27001 Risk Assessment That Works
How to Conduct an ISO 27001 Risk Assessment That Works
VISTA InfoSec
 
How to Choose Right PCI SAQ for Your Business.pdf
How to Choose Right PCI SAQ for Your Business.pdfHow to Choose Right PCI SAQ for Your Business.pdf
How to Choose Right PCI SAQ for Your Business.pdf
VISTA InfoSec
 
Future of Data Privacy Examining the Impact of GDPR and CPRA on Business Prac...
Future of Data Privacy Examining the Impact of GDPR and CPRA on Business Prac...Future of Data Privacy Examining the Impact of GDPR and CPRA on Business Prac...
Future of Data Privacy Examining the Impact of GDPR and CPRA on Business Prac...
VISTA InfoSec
 
CCPA Compliance Vs CPRA Compliance.pdf
CCPA Compliance Vs CPRA Compliance.pdfCCPA Compliance Vs CPRA Compliance.pdf
CCPA Compliance Vs CPRA Compliance.pdf
VISTA InfoSec
 
HIPAA Compliance Checklist 2022
HIPAA Compliance Checklist 2022HIPAA Compliance Checklist 2022
HIPAA Compliance Checklist 2022
VISTA InfoSec
 
SOC2 Advisory and Attestation
SOC2 Advisory and AttestationSOC2 Advisory and Attestation
SOC2 Advisory and Attestation
VISTA InfoSec
 
What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?
VISTA InfoSec
 
Webinar - PCI DSS Merchant Levels validations and applicable
Webinar - PCI DSS Merchant Levels validations and applicableWebinar - PCI DSS Merchant Levels validations and applicable
Webinar - PCI DSS Merchant Levels validations and applicable
VISTA InfoSec
 
Reducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniquesReducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniques
VISTA InfoSec
 
What to expect from the New York Privacy Act
What to expect from the New York Privacy ActWhat to expect from the New York Privacy Act
What to expect from the New York Privacy Act
VISTA InfoSec
 
Guide on ISO 27001 Controls
Guide on ISO 27001 ControlsGuide on ISO 27001 Controls
Guide on ISO 27001 Controls
VISTA InfoSec
 
Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?
VISTA InfoSec
 
Why should I do SOC2?
Why should I do SOC2?Why should I do SOC2?
Why should I do SOC2?
VISTA InfoSec
 
What is GDPR Data Flow Mapping
What is GDPR Data Flow MappingWhat is GDPR Data Flow Mapping
What is GDPR Data Flow Mapping
VISTA InfoSec
 
What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?
VISTA InfoSec
 
Which SOC Report Do I need?
Which SOC Report Do I need?Which SOC Report Do I need?
Which SOC Report Do I need?
VISTA InfoSec
 
Key additions and amendments introduced under the CPRA
Key additions and amendments introduced under the CPRAKey additions and amendments introduced under the CPRA
Key additions and amendments introduced under the CPRA
VISTA InfoSec
 
6 Amazing Key Elements To Consider The PCI DSS Card Data Discovery Process
6 Amazing Key Elements To Consider The PCI DSS Card Data Discovery Process6 Amazing Key Elements To Consider The PCI DSS Card Data Discovery Process
6 Amazing Key Elements To Consider The PCI DSS Card Data Discovery Process
VISTA InfoSec
 
SOC 2 Type 1 Vs. Type 2: Do You Really Need It? This Will Help You Decide!
SOC 2 Type 1 Vs. Type 2: Do You Really Need It? This Will Help You Decide! SOC 2 Type 1 Vs. Type 2: Do You Really Need It? This Will Help You Decide!
SOC 2 Type 1 Vs. Type 2: Do You Really Need It? This Will Help You Decide!
VISTA InfoSec
 
Why is gdpr essential for small businesses with links
Why is gdpr essential for small businesses with linksWhy is gdpr essential for small businesses with links
Why is gdpr essential for small businesses with links
VISTA InfoSec
 

More from VISTA InfoSec (20)

How to Conduct an ISO 27001 Risk Assessment That Works
How to Conduct an ISO 27001 Risk Assessment That WorksHow to Conduct an ISO 27001 Risk Assessment That Works
How to Conduct an ISO 27001 Risk Assessment That Works
 
How to Choose Right PCI SAQ for Your Business.pdf
How to Choose Right PCI SAQ for Your Business.pdfHow to Choose Right PCI SAQ for Your Business.pdf
How to Choose Right PCI SAQ for Your Business.pdf
 
Future of Data Privacy Examining the Impact of GDPR and CPRA on Business Prac...
Future of Data Privacy Examining the Impact of GDPR and CPRA on Business Prac...Future of Data Privacy Examining the Impact of GDPR and CPRA on Business Prac...
Future of Data Privacy Examining the Impact of GDPR and CPRA on Business Prac...
 
CCPA Compliance Vs CPRA Compliance.pdf
CCPA Compliance Vs CPRA Compliance.pdfCCPA Compliance Vs CPRA Compliance.pdf
CCPA Compliance Vs CPRA Compliance.pdf
 
HIPAA Compliance Checklist 2022
HIPAA Compliance Checklist 2022HIPAA Compliance Checklist 2022
HIPAA Compliance Checklist 2022
 
SOC2 Advisory and Attestation
SOC2 Advisory and AttestationSOC2 Advisory and Attestation
SOC2 Advisory and Attestation
 
What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?
 
Webinar - PCI DSS Merchant Levels validations and applicable
Webinar - PCI DSS Merchant Levels validations and applicableWebinar - PCI DSS Merchant Levels validations and applicable
Webinar - PCI DSS Merchant Levels validations and applicable
 
Reducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniquesReducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniques
 
What to expect from the New York Privacy Act
What to expect from the New York Privacy ActWhat to expect from the New York Privacy Act
What to expect from the New York Privacy Act
 
Guide on ISO 27001 Controls
Guide on ISO 27001 ControlsGuide on ISO 27001 Controls
Guide on ISO 27001 Controls
 
Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?
 
Why should I do SOC2?
Why should I do SOC2?Why should I do SOC2?
Why should I do SOC2?
 
What is GDPR Data Flow Mapping
What is GDPR Data Flow MappingWhat is GDPR Data Flow Mapping
What is GDPR Data Flow Mapping
 
What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?
 
Which SOC Report Do I need?
Which SOC Report Do I need?Which SOC Report Do I need?
Which SOC Report Do I need?
 
Key additions and amendments introduced under the CPRA
Key additions and amendments introduced under the CPRAKey additions and amendments introduced under the CPRA
Key additions and amendments introduced under the CPRA
 
6 Amazing Key Elements To Consider The PCI DSS Card Data Discovery Process
6 Amazing Key Elements To Consider The PCI DSS Card Data Discovery Process6 Amazing Key Elements To Consider The PCI DSS Card Data Discovery Process
6 Amazing Key Elements To Consider The PCI DSS Card Data Discovery Process
 
SOC 2 Type 1 Vs. Type 2: Do You Really Need It? This Will Help You Decide!
SOC 2 Type 1 Vs. Type 2: Do You Really Need It? This Will Help You Decide! SOC 2 Type 1 Vs. Type 2: Do You Really Need It? This Will Help You Decide!
SOC 2 Type 1 Vs. Type 2: Do You Really Need It? This Will Help You Decide!
 
Why is gdpr essential for small businesses with links
Why is gdpr essential for small businesses with linksWhy is gdpr essential for small businesses with links
Why is gdpr essential for small businesses with links
 

Recently uploaded

Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
TIPNGVN2
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Zilliz
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 

Recently uploaded (20)

Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 

Webinar - PCI PIN, PCI cryptography & key management

  • 1. PCI PIN, PCI CRYPTOGRAPHY & KEY MANAGEMENT
  • 2. Webinar Objectives Introduction to PCI PIN Scope and Applicability of PCI PIN Basics of cryptography Best practices in Key Management PCI PIN certification process. QnA
  • 3. FREE COMPLIANCE CONTENT Subscribe to our YouTube channel: https://www.youtube.com/c/vistainfosecofficial View up-to-date informative videos free on -PCI DSS -HIPAA -GDPR -SOC 1/2 -Ethical Hacking
  • 4. •It is not the answer that enlightens, but the question. Decouvertes
  • 5. ABOUT M E Mr.Sahoo carries over 25 years of experience in the IT industry, out of which the last 15 years has been dedicated to VISTA InfoSec. His professional qualifications include PCI QSA, CISA, CISSP, CRISC, ISO 27001 Lead Assessor. Starting off as an assembly language programmer, with the advent of networking and the Internet in India, he moved on into networking and IT management of which InfoSec was a natural progression. A very well versed professional with proficiency in globally recognized standards such as ISO27001, PCI DSS, ITIL/ISO 20000, COBIT and many international regulations such as HIPAA, CSV, SOX, SSAE16, SOC, etc., Mr.Sahoo has conducted IT consulting and assessments for large Banks, Software development organizations, Banks, Research & Development companies and BPOs in India and overseas. Well versed with strategy development and an astute Technical background, he has audited, designed and strategized for a wide variety of Information security and networking technologies. He has provided consulting services for premier organizations such as Tata Group, Shell Oil, Cipla, numerous payment processing organisations and a host of banks including the Reserve Bank of India and the Indian armed forces. He has recently been awarded the “Crest of Honor” by the Indian Navy for his contributions. He was inducted into the CSI – Hall of Fame for his significant contributions to the fraternity. Sectors: Worked in all vertical ranging from Government/PSU, BFSI, Pharma, Manufacturing, ITES etc. NARENDRA SAHOO Designation Director Certifications PCI QPA, PCI QSA, CISSP, CISA, CRISC, ISO27001 LA Experience 25 Years
  • 6.
  • 7.
  • 8.
  • 9.
  • 10. Ending Survey pls… Please do complete our brief survey at the end and leave your comments
  • 12. PCI SSC - The Standards PC I PED PC I PA-DS S PC I DS S PCI PED addresses device characteristics impacting security of PIN Entry Device (PED) during financ ial transactions PA- DSS applies to software vendors and others who develop payment applications that store, process, or transmit cardholder data as part of authorization or settlement, where those applications are sold, distributed, or licensed to third parties. PCI DSS applies to any entity that stores, proc es s es, and/ or trans mits c ardholder data, and specifically to those system components included in or connected to the cardholder data environment (the part of the network with cardholder data) PEDs Integrated with payment applications (POS , ATM) Stand Alone PED Device PCI PED applies - PED device only PA DSS may apply* PCI DSS applies – systems & networks Payment A pplic ations (e.g. Shopping cart, POS) Payment Applications in merchants/ service providers environment** Merchants’ and Service Providers’ cardholder data environment
  • 15. Objective of PCI PIN Identifies minimum security requirements for PIN- based interchange transactions. Outlines the minimum acceptable requirements for securing PINs and encryption keys. Assists all retail electronic payment system participants in establishing assurances that cardholder PINs will not be compromised.
  • 16. Applicability of PCI PIN Secure management, processing, and transmission of personal identification number (PIN) data during online and offline payment card transaction processing at ATMs and attended and unattended point- of- sale (POS) terminals.
  • 17. S tandard layout Transaction Processing Operations - 7 Control Objectives Normative Annex A – Symmetric Key Distribution using Asymmetric Keys Ac quiring entities involved in the implementation of s ymmetric key distribution using asymmetric keys (remote key dis tribution) or thos e entities involved in the operation of Certification Authorities for such purposes - A1 – 6 C ontrol Objec tives. Remote Key Dis tribution Us ing Asymmetric Techniques Operations - A2 – 7 C ontrol Objec tives. C ertific ation and Regis tration Authority Operations Normative Annex B – Key- Injection Facilities - Entities that operate key- injection facilities for the injec tion of keys ⎯ key-enc ipherment keys (KEKs ), PIN- encipherment keys (PEKs), etc. ⎯that are used for the acquisition of PIN data - 7 Control Objectives Normative Annex C – Minimum and Equivalent Key Sizes and Strengths for Approved Algorithms
  • 19. Transaction Processing Operations Control Objective 1: PINs used in transactions governed by these requirements are processed using equipment and methodologies that ensure they are kept secure. Control Objective 2: Cryptographic keys used for PIN encryption/decryption and related key management are created using processes that ensure that it is not possible to predict any key or determine that certain keys are more probable than other keys. Control Objective 3: Keys are conveyed or transmitted in a secure manner Control Objective 4: Key-loading to HSMs and POI PIN-acceptance devices is handled in a secure manner. Control Objective 5: Keys are used in a manner that prevents or detects their unauthorized usage. Control Objective 6: Keys are administered in a secure manner. Control Objective 7: Equipment used to process PINs and keys is managed in a secure manner
  • 20. Normative Annex A – Symmetric Key Distribution using Asymmetric Techniques A1 – Remote Key Distribution Using Asymmetric Techniques Operations Control Objective 1: PINs used in transactions governed by these requirements are processed using equipment and methodologies that ensure they are kept secure. Control Objective 2: Cryptographic keys used for PIN encryption/decryption and related key management are created using processes that ensure that it is not possible to predict any key or determine that certain keys are more probable than other keys. Control Objective 3: Keys are conveyed or transmitted in a secure manner Control Objective 4: Key-loading to HSMs and POI PIN-acceptance devices is handled in a secure manner. Control Objective 5: Keys are used in a manner that prevents or detects their unauthorized usage Control Objective 6: Keys are administered in a secure manner
  • 21. Normative Annex A – Symmetric Key Distribution using Asymmetric Techniques A2 – Certification and Registration Authority Operations Control Objective 3: Keys are conveyed or transmitted in a secure manner Control Objective 4: Key-loading to HSMs and POI PIN-acceptance devices is handled in a secure manner. Control Objective 5: Keys are used in a manner that prevents or detects their unauthorized usage. Control Objective 6: Keys are administered in a secure manner. Control Objective 7: Equipment used to process PINs and keys is managed in a secure manner
  • 22. Normative Annex B – Key Injection Facilities Control Objective 1: PINs used in transactions governed by these requirements are processed using equipment and methodologies that ensure they are kept secure. Control Objective 2: Cryptographic keys used for PIN encryption/decryption and related key management are created using processes that ensure that it is not possible to predict any key or determine that certain keys are more probable than other keys. Control Objective 3: Keys are conveyed or transmitted in a secure manner Control Objective 4: Key-loading to HSMs and POI PIN-acceptance devices is handled in a secure manner. Control Objective 5: Keys are used in a manner that prevents or detects their unauthorized usage. Control Objective 6: Keys are administered in a secure manner. Control Objective 7: Equipment used to process PINs and keys is managed in a secure manner
  • 23. Minimum and Equivalent Key Sizes and Strengths for Approved Algorithms The following are the minimum key sizes and parameters for the algorithm(s) in question that must be used in connection with key transport, exchange, or establishment and for key or data protection: Normative Annex C
  • 25. I ndex Introduction What is Cryptography? Purpose Of cryptography Architecture of cryptography Types of Cryptography Process of cryptography Types Of cryptography Algorithms Attacks of cryptography Conclusion References
  • 26. I NTRODUCTI ON The Internet is a global connection of computer network with its various addresses administered by the IANA (Internet address and Naming Authority). There are many aspects to internet security which involves a range of applications, including secure commerce and payments to private communications and protecting passwords. Cryptography is one critical aspect for secure communications.
  • 27. What is Cryptography? Cryptography is a term derived from a Greek word called “Krypto” which means “Hidden Secrets”. Cryptography is a technique of hiding information. The method involves securing of communication/data by encrypting readable data into a coded format, using special characters in replacement of simple letters. This process or technique facilitates Confidentiality, Integrity, and Accuracy.
  • 28. PURPOSE OF CRYPTOGRAPHY Authentication: Proves one's identity. (The primary forms of host-to-host authentication on the Internet today are name-based or address-based, both of which are notoriously weak.) Privacy/confidentiality: Ensures confidentiality of data, for the text is encrypted and can only be read by the intended person. Integrity: It assure the data received by the receiver is not compromised or altered in any way from the original. Non-repudiation: A mechanism to prove that the data/message was originally sent by sender himself.
  • 29. Architecture of cryptography Public Key Crypto Hash Function Secret Key Crypto Public Key Crypto Alice's Private Key Alice's Message Random Session Key Bob's Public Key Digital Signature Digital Envelope Encrypted Message Encrypted Session Key Sent to Bob
  • 30. Types of Cryptography Both the sender and receiver needs to be aware of the key. Assuming we live in a hostile environment (otherwise - why the need for cryptography?), it may be hard to share a secret key. Secret Key Cryptography Single key used to encrypt and decrypt data.
  • 31. Public Key Cryptography One of the keys allocated to each person is called the "public key", It is published in an open directory where it is visible/accessible to everyone. ( example by email address) Each entity has 2 keys: - Private Key (a secret) - Public key (well known).
  • 32. Using Keys Private keys are used for decrypting. Public keys are used for encrypting.
  • 35. PUBLIC/PRIVATE KEY CRYPTOGRAPHY Asymmetric key cryptography which involves using of different encryption and decryption key pair helps overcome key management problem. Knowing just a single key, say the encryption key, is not sufficient to determine the other decryption key. The mathematical relationship between the public/private key pair has a standard rule. The rule suggests that any message encrypted with one key of the pair can only be decrypted with its counterpart key.
  • 36. Hash Functions It is a one-way function, fundamental to most parts of cryptography. A one way function simply means it is easy to calculate, but hard to invert. Calculation of the input to the function maybe difficult, given its output. Meanings of "easy" and "hard" can be precisely defined mathematically. With rare exceptions, almost the entire field of public key cryptography rests on the existence of one-way functions.
  • 37. Attacks of cryptography Cipher text only attack - The only data available is a target cipher text Known plaintext attack - A target cipher text - Pairs of other cipher text and plaintext (say, previously broken or guessing)
  • 38. Attacks of cryptography Chosen plaintext attacks - A target cipher text - I t can obtain the matching cipher text by feeding on encryption algorithm using plaintexts. Chosen cipher text attack - A target cipher text - I t can obtain the matching plaintext and matching cipher text by feeding on decryption algorithm.
  • 41. Key M anag ement in Cryptography What is Key Management? Why is Key Management a topic of disc ussion? Different Key Management Techniques About Key Management Life Cycle
  • 42. Key M anag ement in Cryptography Definition: Key Management is a set of technique and procedure that supports the establishment and maintenance of keying relationships between authorized parties. A keying relationship is a process wherein two entities who share a common data (Keying material) enable the technique of cryptography. The data shared between both the parties may include public or sec ret keys, initialization values, and additional non- secret parameters.
  • 43. Key M anag ement in Cryptography ( cont.) ? Key Management techniques and procedures support: Initialization of systems users within a domain; Generation, dis tribution, and ins tallation of keying material; Controlling the use of keying material; U pdate, revocation, and des truction of keying material; S torag e, backup/recovery, and archival of keying material.
  • 44. WHY IS KEY MANAGEMENT A TOPIC OF DICUSSION ? Most attacks are aimed at Key Management level rather than Cryptographic Algorithm itself. Key Management objectives, threats, and policy. Objectives of Key Management- Maintain keying relationships and keying material in a manner that counters relevant threats. Practically in conformance to relevant Security Policy
  • 45. WHY IS KEY MANAGEMENT A TOPIC OF DICUSSION ? Threats Compromise the confidentiality of secret keys. Compromise the authenticity of secret or public keys. Unauthorized use of public or secret keys.
  • 46. WHY IS KEY MANAGEMENT A TOPIC OF DICUSSION ? Security policy Explicitly or implicitly defines the potential threat a system is intended to address. Possibly affect the stringency of cryptographic requirements, depending on the susceptibility of the environment in questions to various types of attack.
  • 47. WHY IS KEY MANAGEMENT A TOPIC OF DICUSSION ? Security Policies specify: Practices and procedures to be followed while carrying out technical and administrative aspects of Key Management, both automated and manual; The responsibilities and accountability of each party involved; The types of records to be kept, support subsequent reports or review security-related events.
  • 48. PUBLIC/PRIVATE KEY CRYPTOGRAPHY O N E - O N - O N E M E E T I N G P r e s e n t a t i o n s a r e c o m m u n i c a t i o n t o o l s t h a t c a n b e u s e d a s l e c t u r e s . T E A M B U I L D I N G E X E R C I S E S P r e s e n t a t i o n s a r e c o m m u n i c a t i o n t o o l s t h a t c a n b e u s e d a s l e c t u r e s . F I R S T W E E K C H E C K L I S T P r e s e n t a t i o n s a r e c o m m u n i c a t i o n t o o l s t h a t c a n b e u s e d a s l e c t u r e s . I N T E R D E P A R T M E N T A L P r e s e n t a t i o n s a r e c o m m u n i c a t i o n t o o l s t h a t c a n b e u s e d a s l e c t u r e s .
  • 49. Public-Key vs. Symmetric-Key Techniques Primary advantage of Public-Key (vs. symmetric-key) techniques for applications related to key management include: Key Management Techniques Simplified Key Management Online Trusted Serve Not Required Enhanced Functionality.
  • 50. Key management a) Symmetric-key encryption Key Management Techniques
  • 51. b) Public-key encryption Key Management Techniques
  • 52. Techniques for distributing confidential keys Key layering and symmetric-key certificates Key layering: Master keys at the highest level in the hierarchy. Key-encrypting keys are symmetric keys or encryption public keys used for key transport or storage of other keys. Data keys are provides cryptographic operations on user data. Key Management Techniques
  • 53. Key Management Life Cycle Key Management is simplest when all cryptographic keys are fixed for all time. Cryptoperiods necessitate the update of keys. It further necessitates additional procedures and protocols which include communications with third parties in public-key systems. The sequence of states in which keying material progresses through over its lifetime is called the key management life cycle. Key Management Life Cycle
  • 54. Life Cycle Stages may include- User registration User initialization Key generation Key installation Key registration Normal use Key backup Key update Archival Key de-registration and destruction Key recovery Key revocation Key Management Life Cycle
  • 55. Thank You Please do complete our brief survey at the end and leave your comments
  • 56. Past Webinars PCI DSS - Managing your outsourced vendor. Log Management and reporting for the PCI environment. Best practices in Ecommerce security. PCI DSS and the Cloud – Top risks and Mitigations Wireless in the PCI environment – Top risks and Mitigations PCI DSS in the virtualized environment – Top risks and Mitigations Targeted attacks: Spear Phishing and Social Engineering. PCI DSS Scoping and Segmentation. Managing Data Leakage in your PCI environment. Strategies for migration from early TLS and SSL. Using PCI DSS for GDPR Compliance Using ISO27001 for PCI DSS SOC2 and YOU GDPR – Are you ready SOC2 – Beyond the myth GDPR – Steps to a successful DPIA Blockchain – A crash course – What is it, potential uses and pitfalls
  • 57. Past Webinars Tackling Security in the Cloud: CASB to the rescue HIPAA – Basics and Beyond… Using SOC2 for HIPAA Compliance Developing a Cyber Security framework using NIST SOC for CyberSecurity Rights of Data Subjects – GDPR and PDPA SOC2 Compliance and the Cloud Debunking Top 10 myths of PCI DSS Achieving PCI DSS in 90 days FDA CFR Part 11 - Whats the hype all about Achieving SOC2 Compliance in 90 days – Is it possible? Step by step approach to PDPA compliance steps for Compliance with NIST 800-171 compliance PCI DSS - 5 Simple Techniques to reduce scope SOC2 and CCM Intalks with Nitin Bhatnagar (PCI Council) - Meeting Payment Security Needs Now and for the Future
  • 58. Past Webinars Covid 19 and Business Continuity PA DSS and PCI SSF – How they match up and how they map PCI PIN, PCI Cryptography & Key Management