Jeff Williams Information Security Officer CSU, Sacramento

Slides:



Advertisements
Similar presentations
Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Advertisements

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
The Payment Card Industry Data Security Standard (PCI DSS)
Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
Complying With Payment Card Industry Data Security Standards (PCI DSS)
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Property of CampusGuard Compliance With The PCI DSS.
Payment Card PCI DSS Compliance SAQ-D Training Accounts Receivable Services, Controller’s Office 7/1/2012.
JARED BIRD Nagios: Providing Value Throughout the Organization.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.
Visa Cemea Account Information Security (AIS) Programme
1 Goal is protection of sensitive data New Rice policy calls for protection of sensitive personally identifying information Confidential information includes:
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Why Comply with PCI Security Standards?
Introduction to PCI DSS
Northern KY University Merchant Training
Payment Card Industry (PCI) Data Security Standard
Disclaimer Copyright Michael Chapple and Jane Drews, This work is the intellectual property of the authors. Permission is granted for this material.
What to Do if Compromised
Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger
The ABC’s of PCI DSS Eric Beschinski Relationship Manager Utility Payment Conference Kay Limbaugh Specialist, Electronic Bills & Payments &
PCI DSS Managed Service Solution October 18, 2011.
Protecting Your Credit Card Security Environment (PCI) September 26, 2012 Jacob Arthur, CPA, QSA, CEH Timothy Agee, CISA, CGEIT, QSA FDH Consulting Frasier,
EDUCAUSE Security Conference Denver, Colorado April 10 to 12, 2006 Bob Beer Biggs Engineering 117 (419)
An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
The Payment Card Industry (PCI) Data Security Standard: What it is and why you might find it useful Fred Hopper, CISSP TASK - 27 March 2007.
PCI requirements in business language What can happen with the cardholder data?
PCI: As complicated as it sounds? Gerry Lawrence CTO
Credit Card Processing Gail “Montreal” Shoffey Keeler August 14, 2007.
Payment Card PCI DSS Compliance SAQ-A Training Accounts Receivable Services, Controller’s Office 7/1/2012.
Introduction to Payment Card Industry Data Security Standard
Introduction To Plastic Card Industry (PCI) Data Security Standards (DSS) April 28,2012 Cathy Pettis, SVP ICUL Service Corporation.
Management Information Systems The Islamia University of Bahawalpur Delivered by: Tasawar Javed Lecture 17.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
Information Security 2013 Roadshow - PCI. Roadshow Outline  What IS PCI  Why we Care about PCI  What PCI Means to You and Me.
Payment Card PCI DSS Compliance SAQ-B Training Accounts Receivable Services, Controller’s Office 7/1/2012.
PCI Training for PointOS Resellers PointOS Updated September 28, 2010.
ThankQ Solutions Pty Ltd Tech Forum 2013 PCI Compliance.
1 Payment Card Industry (PCI) Security Standard Developed by the PCI Security Council formed by major card issuers: Visa, MasterCard, American Express,
Standards in Use. EMV June 16Caribbean Electronic Payments LLC2.
By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.
Payment Card Industry (PCI) Rules and Standards
Payment Card Industry (PCI) Rules and Standards
Performing Risk Analysis and Testing: Outsource or In-house
PCI-DSS Security Awareness
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Payment card industry data security standards
Larry Brownfield, CPO, OHE – KOA, Inc.
Internet Payment.
Session 11 Other Assurance Services
Payment Card Industry Data Security Compliance
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
PCI Compliance : Whys and wherefores
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Contact Center Security Strategies
Utility Payment Conference
Presented by: Jeff Soukup
Presentation transcript:

Jeff Williams Information Security Officer CSU, Sacramento PCI DSS Roundtable Jeff Williams Information Security Officer CSU, Sacramento

Agenda What is PCI DSS? What are the financial impacts? What are the requirements? How do I become compliant?

PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants (You) Service Providers (Third Third-party vendor, gateways) Systems (Hardware, software) That: Stores cardholder data Transmits cardholder data Processes cardholder data Applies to: Electronic Transactions Paper Transactions

The Financial Impact Forced service outage during incidents Forced service suspension Loss of brand processing Fines as high as $5,000 per card per day Pay for independent investigation (entry fee of ~$30,000) Fines up to $500,000 Large breaches…

Combined fines for all three The Financial Impact $50,000,000 $10,000,000 Combined fines for all three $60,590,000 $590,000

Business Impact Assessment Consider highest total cards processed in one day (disclaimer, numbers picked for easy math, optimistic and assume pre-incident self-assessment and mitigation) 100 total cards $50 per card for notification/communication $100 fine per card $30,000 investigation fee Single Loss Expectancy $45,000 Annualized Rate of Occurrence .10 Annualized Loss Expectancy $4,500

Business Impact Assessment Consider highest total cards processed in one day (disclaimer, numbers picked for easy math, optimistic and assume little to no self-assessment and mitigation activities) 100 total cards $50 per card for notification/communication $1,000 fine per card $30,000 investigation fee Single Loss Expectancy $180,000 Annualized Rate of Occurrence .20 Annualized Loss Expectancy $36,000

Business Impact Assessment Consider Your highest number of cards processed day A multi-day event You are out of compliance and store all cards processed Maximum fines Impact to your reputation/fundraising Impact to your operations

12 High Level Security Requirements Build and Maintain a Secure Network 1. Use firewalls and NAT to protect data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect physical stored data 4. Encrypt transmission of cardholder data and sensitive information across public networks Maintain a Vulnerability Management Program 5. Use and regularly update antivirus software 6. Develop and maintain secure systems and applications

12 High Level Security Requirements Implement Strong Access Control Measures 7. Restrict access to data by business need-to-know 8. Assign a unique ID to each person 9. Restrict physical access to cardholder data Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data 11. Routinely test security systems and processes Maintain an Information Security Policy 12. Establish high-level security principles and procedures

How do I become compliant? It all starts with a Self Assessment Identify and close your gaps http://www.csus.edu/irt/is/pci/presentations/index. html Bottom of the webpage has a matrix of examples, guides, resources and templates PCI Website - www.pcisecuritystandards.org

Questions and Comments Thank you, Jeff Williams jeff.williams@csus.edu 916.278.7733

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.