North Carolina Community College System IIPS Conference – Spring 2009 Jason Godfrey IT Security Manager (919) 807-7054

Slides:



Advertisements
Similar presentations
Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.
Advertisements

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry (PCI) Compliance
National Bank of Dominica Ltd Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.
Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.
Mobile Payment Security The Good, the Bad and the Ugly
PCI DSS for Retail Industry
Navigating the New SAQs (Helping the 99% validate PCI compliance)
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Property of CampusGuard Compliance With The PCI DSS.
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
Payment Card PCI DSS Compliance SAQ-D Training Accounts Receivable Services, Controller’s Office 7/1/2012.
PCI DSS Version 3.0 For Controllers and Business Users Luke Harris, Office of State the Controller David Reavis, UNC General Administration November 10,
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Visa Cemea Account Information Security (AIS) Programme
Security Controls – What Works
1 Goal is protection of sensitive data New Rice policy calls for protection of sensitive personally identifying information Confidential information includes:
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
Kevin R Perry August 12, Part 1: High Level Changes & Clarifications.
Introduction to PCI DSS
Payment Card Industry (PCI) Data Security Standard
PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP
Disclaimer Copyright Michael Chapple and Jane Drews, This work is the intellectual property of the authors. Permission is granted for this material.
Web Advisory Committee June 17,  Implementing E-commerce at UW  Current Status and Future Plans  PCI Data Security Standard  Questions.
Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger
PCI 3.0 Boot Camp Payment Card Industry Data Security Standards 3.0.
PCI DSS Managed Service Solution October 18, 2011.
Prepared by Jerod Brennen For ISACA – Central Ohio Chapter Meeting 12/9/2010.
Protecting Your Credit Card Security Environment (PCI) September 26, 2012 Jacob Arthur, CPA, QSA, CEH Timothy Agee, CISA, CGEIT, QSA FDH Consulting Frasier,
Doug Landoll, CISSP, CISA, QSA, MBA Sr. Solutions Architect Risk and Compliance Management
An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
PCI requirements in business language What can happen with the cardholder data?
Date goes here PCI COMPLIANCE: What’s All the Fuss? Mark Banbury Vice President and CIO, Plan Canada.
Payment Card PCI DSS Compliance SAQ-A Training Accounts Receivable Services, Controller’s Office 7/1/2012.
Introduction to Payment Card Industry Data Security Standard
Identity Protection (Red Flag/PCI Compliance/SSN Remediation) SACUBO Fall Workshop Savannah, GA November 3, 2009.
Introduction To Plastic Card Industry (PCI) Data Security Standards (DSS) April 28,2012 Cathy Pettis, SVP ICUL Service Corporation.
PAYMENT CARD INDUSTRY REMEDIATION PROJECT Cheryl Wenezenki-Yolland, PCI Project Owner Nicholas Krischanowsky, PCI Project Director Public Sector Payment.
Payment Card PCI DSS Compliance SAQ-B Training Accounts Receivable Services, Controller’s Office 7/1/2012.
PCI Training for PointOS Resellers PointOS Updated September 28, 2010.
Information Security Standards 2015 Update IIPS Security Standards Committee Roderick Brower - Chair.
Jon Bonham, CISA, QSA Director, ERC
By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.
PCI 3.1 Boot Camp Payment Card Industry Data Security Standards 3.1.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Introduction to PCI DSS
MARTA’s Road to PCI Compliance
Payment Card Industry Data Security Standards
Payment Card Industry (PCI) Rules and Standards
Summary of Changes PCI DSS V. 3.1 to V. 3.2
Payment Card Industry (PCI) Rules and Standards
Burton Group Take 5! The PCI Half-Dozen: 6 Recommendations for PCI Compliance Diana Kelley, VP & Service Director March,
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Payment card industry data security standards
Tokenizing Your Circulation Data
2013 PCI:DSS Meeting OSU Business Affairs
Internet Payment.
Payment Card Industry Data Security Compliance
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
PCI Compliance : Whys and wherefores
Rld pci compliance project
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
MARTA’s Road to PCI Compliance
PCI 3.1 Compliance Panel for CHECO
UD PCI GUIDELINES A guide for compliance with PCI DSS and the University of Delaware Payment Card Program ALWAYS Process payments immediately using a solution.
Payment Card Industry Data Security Standards (PCI-DSS) Training
Presentation transcript:

North Carolina Community College System IIPS Conference – Spring 2009 Jason Godfrey IT Security Manager (919)

 PCI Data Security Standard (DSS)  Latest Data Security Standard  Compliant Process  Becoming Compliant  Maintaining Compliance  Determining Which SAQ  General Tips  Prioritizing Milestones  Challenges  Additional Information  Q & A - Open forum

 Current version is 1.2  Released October 2008  Majority of changes are explanatory and clarifications  Three enhancements  Section – Testing requirements and wireless encryption standards  Appendix D: attestations and compliance forms  Appendix E: attestations and compliance forms

1. PCI DSS Scoping – determine what system components are governed by PCI DSS 2. Sampling – examine the compliance of a subset of system components in scope 3. Compensating Controls – QSA validates alternative control technologies/processes 4. Reporting – merchant/organization submits required documentation 5. Clarifications – merchant/organization clarifies/updates report statements (if applicable)

Remediate Report Assess

 Never store sensitive card data  Full content of the magnetic strip  Card validation codes and values  PIN blocks  Contact your POS vendor regarding PCI compliance  Don’t store card holder data if you don’t need it  Minimize scope  Prioritize requirements

1. Remove sensitive authentication data and limit data retention. 2. Protect the perimeter, internal, and wireless networks. 3. Secure payment card applications. 4. Monitor and control access to your systems. 5. Protect stored cardholder data (security classes). 6. Finalize remaining compliance efforts, and ensure all controls are in place. 1 The Prioritized Approach to Pursue PCI DSS Compliance

 Documenting policies, processes, and procedures  Storing backups in secured manner (off-site is preferable)  Separation of duties  Local payment card applications  Hardware and software  CCTV  File monitoring  Audit trails  Internal and external penetration tests  Training  Management buy-in and user acceptance

 PCI Council  PCI Council Navigating the SAQ ss.pdf  PCI Council Quick Guide  PCI Prioritized Approach PCI_DSS_1_2.pdf  Trustwave  General Questions – (800) 

 System Office – contact the CIS Help Desk  US CERT  SANS Institute  NC ITS State-wide Security Manual n_Security_Manual.asp  Open Source applications  Network Security Tool (NST)  Snort  Untangle  Zenoss

Q & A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.