JARED BIRD Nagios: Providing Value Throughout the Organization.

Slides:

Advertisements

Similar presentations

Complying With Payment Card Industry Data Security Standards (PCI DSS)

Advertisements

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

Audit Issues regarding Passwords on Elevated Privilege Accounts Gene Scheckel Global Internal Audit.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

The Regulation Zoo: Dealing With Compliance Within The Firewall World

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Jeff Williams Information Security Officer CSU, Sacramento

Security Controls – What Works

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Kevin R Perry August 12, Part 1: High Level Changes & Clarifications.

Why Comply with PCI Security Standards?

Introduction to PCI DSS

Payment Card Industry (PCI) Data Security Standard

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP

Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger

Incident Response Updated 03/20/2015

Website Hardening HUIT IT Security | Sep

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

Securing Information Systems

An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

PCI requirements in business language What can happen with the cardholder data?

Information Security Update CTC 18 March 2015 Julianne Tolson.

PCI: As complicated as it sounds? Gerry Lawrence CTO

HIPAA COMPLIANCE WITH DELL

Introduction to Payment Card Industry Data Security Standard

Introduction To Plastic Card Industry (PCI) Data Security Standards (DSS) April 28,2012 Cathy Pettis, SVP ICUL Service Corporation.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

ACM 511 Introduction to Computer Networks. Computer Networks.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

Chapter 2 Securing Network Server and User Workstations.

Introduction to Information Security

ThankQ Solutions Pty Ltd Tech Forum 2013 PCI Compliance.

Chapter 1: Information Security Fundamentals Security+ Guide to Network Security Fundamentals Second Edition.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

BUSINESS CLARITY ™ PCI – The Pathway to Compliance.

HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.

Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.

Standards in Use. EMV June 16Caribbean Electronic Payments LLC2.

By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.

Introduction to PCI DSS

Payment Card Industry (PCI) Rules and Standards

Payment Card Industry (PCI) Rules and Standards

Performing Risk Analysis and Testing: Outsource or In-house

PCI-DSS Security Awareness

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Payment card industry data security standards

Security Standard: “reasonable security”

Larry Brownfield, CPO, OHE – KOA, Inc.

Secure Software Confidentiality Integrity Data Security Authentication

Internet Payment.

Managing Multi-user Databases

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

ISO/IEC 27001:2005 A brief introduction Kaushik Majumder

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

INFORMATION SYSTEMS SECURITY and CONTROL

Contact Center Security Strategies

Drew Hunt Network Security Analyst Valley Medical Center

Cybersecurity Threat Assessment

PLANNING A SECURE BASELINE INSTALLATION

Compliance in the Cloud

Presentation transcript:

JARED BIRD Nagios: Providing Value Throughout the Organization

Introduction Who is Jared Bird?

Nagios

Providing Value Provide knowledge Assist other departments Strengthen inter-department relationships Achieve company wide goals Reduce costs

Understanding What are the goals of the other departments?

Infrastructure Network, Server, and Desktop Teams Concerns include:  Availability  Capacity  Utilization  Functioning Properly

Security Prevent data theft Deter identity theft Avoid legal issues Protect brand “CIA Triad”  Confidentiality  Integrity  Availability

Threats Default configurations Website defacement Missing patches DNS redirection Unauthorized use Many, many more

Default Configurations Default passwords blank sa account  Once password is set, monitor with new credentials XI Auto-discovery check for insecure protocols Scheduled scans and output to Nagios

Website Monitor for defacement  check_http –H –s “sekret”  Checks for “sekret” string Check certificate  check_http –H –C 21  Checks certificate for 21 days of validity

Software Installed Check url for content (version) Ex:  Check for string “ ”

DNS Have DNS entries changed? DNS hijacked High Impact

Unauthorized Use LDAP check for account creation Syslog output from infrastructure SNMP Alerts

Audit & Compliance PCI SOX HIPPA Almost every regulation* * Note: Speaker will not be held responsible if Nagios does not help achieve compliance with a specific regulation

PCI PCI DSS Any organization that processes, stores, or transmits credit card data Requirements  12 overall requirements  287 individual requirements

PCI Reqs 1&2: Build and Maintain a Secure Network  Auto-discovery to look for services  Checks to verify that vendor defaults have been changed Reqs 3&4: Protect Cardholder Data  Scan for insecure protocols  Check for expiration of SSL certificates Reqs 5&6: Maintain a Vulnerability Management Program  Check the anti-virus process to ensure it is running

PCI Reqs 7,8,& 9: Implement Strong Access Control Measures  LDAP checks to ensure LDAP server is functioning  Web Transaction Monitoring can be used to check two factor Reqs 10&11: Regularly Monitor and Test Networks  Check NTP  Event logs from servers Req 12: Maintain an Information Security Program  Use device listings as well as contact info (incident response plan)

SOX Sarbanes-Oxley or Public Company Accounting Reform and Investors Protection Act Section 404: Assessment of internal control Nagios can help management show that controls for assuring the integrity of the financial reports are effective.

HIPAA Headlines

HIPAA Technical Safeguards:  Access Control  Audit Control  Integrity Controls  Transmission Security

Questions? Jared Bird Thank You