Presentation is loading. Please wait.

Presentation is loading. Please wait.

EDUCAUSE Security Professionals Conference 2009

Published byZoe Nelson Modified over 6 years ago

Similar presentations

Presentation on theme: "EDUCAUSE Security Professionals Conference 2009"— Presentation transcript:

1 EDUCAUSE Security Professionals Conference 2009
PCI DSS Compliance Assessments (a proactive Penn State) Jenn Stewart, Project Technical Coordinator Michael Leach, Project Manager  EDUCAUSE Security Professionals Conference 2009

2 Objectives for Today Background on Penn State environment
Current threats/vulnerabilities PCI DSS trends PCI lifecycle change Need for assessments Conducting assessments Dealing with compromises Resources

3 We Are! Penn State!

4

5 Collaboration Efforts
Compliance team-IPAS Senior leadership Corporate Controller Designated contacts Budget executives Merchants Incident response team

6 Threats and Vulnerabilities
Older terminals Residual data of older software programs Physical intrusion Network intrusion Grey market sales

7 PCI Trends Introduced in 2005 Merchant Level-Do I have to comply?
New version 1.5 years PA DSS PCI PED Security Requirements Self Assessment Questionnaire (SAQ)

8 PCI Lifecycle Change

9 PSU Processing Environments
Dial-up swipe terminals Network based terminals Third party providers Internal applications Wireless devices

10 Need for Assessments Remember the diverse, statewide network?
Known areas of deficiency Suspected areas of weakness Distributed Responsibility Converging Initiatives Methods of Intrusion

11 Question Does having a new firewall, still in the box, mean I am compliant with PCI DSS requirement 1? After all, it was purchased with good intent.

12 Conducting Assessments
What we are not Informational, not a punitive review Hit the high points we’ve found glossed over Response requested within two weeks Escalate to Corporate Controller if needed Merchant ID may be suspended

13 Compromise Occurs Audience--Show of hands – who has an incident response team to deal with PCI incidents? Overview of PSU Process Required Reporting Process

14

15

16

17

18

19 Compromise in a Nutshell
Visa, other brands are similar 3-day report 10 day report Card brands fine the acquiring bank Acquiring bank passes fines to merchant Levying fines One time Monthly

20 Resources PCI Security Standards Council www.pcisecuritystandards.org
Visa usa.visa.com/merchants/risk_management/ cisp.html Privacy Rights Clearing House DATALOSSdb

21 DISCUSSION Information Privacy and Security | Mike Leach, Project Manager Jenn Stewart, Technical Coordinator

Download ppt "EDUCAUSE Security Professionals Conference 2009"

Similar presentations

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
Session 4: Data Privacy and Fraud Moderator: Bill Houck, Director, Risk Management, UATP Panelist: Peter Warner, EVP, Retail Decisions Cherie Lauretta,

Session 4: Data Privacy and Fraud Moderator: Bill Houck, Director, Risk Management, UATP Panelist: Peter Warner, EVP, Retail Decisions Cherie Lauretta,
National Bank of Dominica Ltd. 2011 Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.

National Bank of Dominica Ltd Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.
Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.

Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
PCI DSS for Retail Industry

PCI DSS for Retail Industry
Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.

Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.
Navigating the New SAQs (Helping the 99% validate PCI compliance)

Navigating the New SAQs (Helping the 99% validate PCI compliance)
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.

2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
This refresher course will:

This refresher course will:
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Property of CampusGuard Compliance With The PCI DSS.

Property of CampusGuard Compliance With The PCI DSS.
Smart Payment Processing ™ 800-846-4472 www.MercuryPay.com Protecting Your Business from Card Data Theft Presenter: Lucas Zaichkowsky.

Smart Payment Processing ™ Protecting Your Business from Card Data Theft Presenter: Lucas Zaichkowsky.
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.

Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
© Vendor Safe Technologies 2008 B REACHES BY M ERCHANT T YPE 70% 1% 9% 20% Data provided by Visa Approved QIRA November 2008 from 475 Forensic Audits.

© Vendor Safe Technologies 2008 B REACHES BY M ERCHANT T YPE 70% 1% 9% 20% Data provided by Visa Approved QIRA November 2008 from 475 Forensic Audits.
Credit / Debit Card Electronic Payments Industry Update on Convenience Fees, Utility Program and More! Presented by: Presented by: Michael Hodge, Regional.

Credit / Debit Card Electronic Payments Industry Update on Convenience Fees, Utility Program and More! Presented by: Presented by: Michael Hodge, Regional.
Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations

Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Jeff Williams Information Security Officer CSU, Sacramento

Jeff Williams Information Security Officer CSU, Sacramento

Similar presentations

Ads by Google