Management Information Systems The Islamia University of Bahawalpur Delivered by: Tasawar Javed Lecture 17.

Slides:

Advertisements

Similar presentations

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Advertisements

Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

09/04/2015Unit 2 (b) Back-Office processes Unit 2 Assessment Criteria (b) 10 marks.

PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.

Complying With Payment Card Industry Data Security Standards (PCI DSS)

2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

Jeff Williams Information Security Officer CSU, Sacramento

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

E-Commerce Security Brett Hinshaw Kevin Hooker Jeff Hunter Shane Worrell.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Why Comply with PCI Security Standards?

Northern KY University Merchant Training

Payment Card Industry (PCI) Data Security Standard

Session 3 – Information Security Policies

Disclaimer Copyright Michael Chapple and Jane Drews, This work is the intellectual property of the authors. Permission is granted for this material.

Network security policy: best practices

Information Security Is it warranted on your campus? William C. Moore II, CISSP Chief Information Security Officer Valdosta State University.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger

Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

EDUCAUSE Security Conference Denver, Colorado April 10 to 12, 2006 Bob Beer Biggs Engineering 117 (419)

The influence of PCI upon retail payment design and architectures Ian White QSA Head of UK&I and ME PCI Team September 4, 2013 Weekend Conference 7 & 8.

An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

General Awareness Training

PCI requirements in business language What can happen with the cardholder data?

DATE: 3/28/2014 GETTING STARTED WITH THE INTEGRITY EASY PCI PROGRAM Presenter : Integrity Payment Systems Title: Easy PCI Program.

PCI: As complicated as it sounds? Gerry Lawrence CTO

Credit Card Processing Gail “Montreal” Shoffey Keeler August 14, 2007.

Introduction to Payment Card Industry Data Security Standard

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Introduction To Plastic Card Industry (PCI) Data Security Standards (DSS) April 28,2012 Cathy Pettis, SVP ICUL Service Corporation.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

Near East University Department of Computer Engineering E-COMMERCE FOR LAPTOPS SELLING COMPANY Abdul Halim Abu Kuwaik

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

Information Security 2013 Roadshow - PCI. Roadshow Outline  What IS PCI  Why we Care about PCI  What PCI Means to You and Me.

HP World September 2002 Scott S. Blake, CISSP Vice President, Information Security BindView Corporation Vulnerability Assessment and Action.

ThankQ Solutions Pty Ltd Tech Forum 2013 PCI Compliance.

1 Payment Card Industry (PCI) Security Standard Developed by the PCI Security Council formed by major card issuers: Visa, MasterCard, American Express,

Chapter 8 Auditing in an E-commerce Environment

Standards in Use. EMV June 16Caribbean Electronic Payments LLC2.

By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.

Management Information Systems Islamia University of Bahawalpur Delivered by: Tasawar Javed Lecture 12.

Payment Card Industry (PCI) Rules and Standards

Performing Risk Analysis and Testing: Outsource or In-house

PCI-DSS Security Awareness

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Team 1 – Incident Response

Larry Brownfield, CPO, OHE – KOA, Inc.

Internet Payment.

Session 11 Other Assurance Services

Management Information Systems

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Security Awareness Training: System Owners

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Contact Center Security Strategies

Presentation transcript:

Management Information Systems The Islamia University of Bahawalpur Delivered by: Tasawar Javed Lecture 17

Today’s talk  E-Commerce Considerations The Disposable Credit Card Visa’s required Security Practices  Risk Management  Information Security Policy  Controls Information Security

 E-Commerce Consideration New Security Concern Not only protection of data Not only protection of information Not only protection of software But protection from Credit Card Fraud Information Security

The Disposable Credit Card  American Express announced a “disposable” credit card  The fear came due to internet use  When user enter credit card number for purchasing; it creates the randomly generated number from the credit card company’s website; this number is given to the e- commerce retailer, who submits it to the credit card company for repayment.  Later on it was closed down; and disposable card was issued. On which you can make much more purchases.  Citibank offers Virtual Account Numbers, and MBNA has a program called ShopSafe. Information Security

Visa’s Required Security Practices  Visa announced 10 security related practices Install and maintain a firewall Keep security patches up to date Encrypt stored data Encrypt transmitted data Use and update antivirus software Restrict data access to those with a need to know Assign unique IDs to persons with data access privileges Track data access with the unique ID Not use vendor supplied password defaults Regularly test the security system

Risk Management  Identify business assets to be protected from risks  Recognize the risks  Determine the level of impact on the firm should the risks materialize  Analyze the firm’s vulnerabilities Impact could be severe Impact Impact could be Significant Impact Impact could be Minor Impact Information Security

 Risk Management should prepare the report A description of the risk Source of the risk Severity of the risk Controls that are being applied to the risk The owner of the risk Recommended action to address the risk Recommended time frame for addressing the risk What was done to mitigate the risk Information Security

Service Impact Significant Impact Minor Impact High VulnerabilityConduct Vulnerability analysis. Must Improve controls Conduct vulnerability analysis. Unnecessary Medium Vulnerability Conduct vulnerability analysis. Should improve controls Conduct vulnerability analysis. Unnecessary Low VulnerabilityConduct vulnerability analysis. Keep Controls intact Conduct vulnerability analysis. Unnecessary Degree of impact and Vulnerability Determine controls

Information Security Information Security Policy  Phase 1- Project Initiation  Phase 2- Policy development  Phase 3- Consultation and approval  Phase 4- Awareness and education  Phase 5- Policy dissemination

Information Security Phase 1 Organizational units management Interested & affected parties Security project steering com Project team Phase 2 Phase 3 Phase 4 Phase 5 Establish Consultation Training awareness & policy education Security Policies

Thank you!!! Q&A