Presentation is loading. Please wait.

Presentation is loading. Please wait.

Improving Technology Decision Making for the Multichannel Retailer.

Published byAron Jess Modified over 10 years ago

Similar presentations

Presentation on theme: "Improving Technology Decision Making for the Multichannel Retailer."— Presentation transcript:

1 Improving Technology Decision Making for the Multichannel Retailer

2 Complicated, Expensive and Time-Consuming – But PCI DSS isn’t Going Away Mark Kedgley, Chief Technical Officer NNT

3 Improving Technology Decision Making for the Multichannel Retailer NNT is a leading light in PCI DSS & general Data Protection software solutions Focused on helping organisations protect their sensitive/credit card data in an effective, affordable and pragmatic manner

4 Improving Technology Decision Making for the Multichannel Retailer Agenda Attitudes and Opinions from Multi Channel retailers in the UK Some Statistics and Figures Strategies available – what is working and what are others getting away with? Common Sense or Technology? Are the goalposts moving (or going to move) Summary

5 Improving Technology Decision Making for the Multichannel Retailer Attitudes & Opinions from Retailers #1 Duck it! “The future is too unclear to make any investment….”

6 Improving Technology Decision Making for the Multichannel Retailer Attitudes & Opinions from Retailers #2 Paralysis! “We don’t want to make mistakes like xyz….”

7 Improving Technology Decision Making for the Multichannel Retailer Ignore it! “We don’t need to bother – we’ve been OK so far and we view the risks as low…” Attitudes & Opinions from Retailers #3

8 Improving Technology Decision Making for the Multichannel Retailer Attitudes & Opinions from Retailers #4 Go Slow! “We have kept some updated procedural stuff back and if we drip-feed this to the Bank over the next two quarters then we are covered for the next few months…”

9 Improving Technology Decision Making for the Multichannel Retailer How hard can it be? Just 12 Requirements ……230 sub requirements …and some estimates of 650 detail points

10 Improving Technology Decision Making for the Multichannel Retailer Logical – from one perspective… Requirements focus on 12 main security initiatives comprising technological measures and ‘best practice’ procedures

11 Improving Technology Decision Making for the Multichannel Retailer Processes & Technology Needed What is our Change Management Process? Is it documented? How often do we verify configuration standards? What is our process for this? Where is that network diagram? ! Do we need to buy a firewall for each site? Do we need an automated diagramming tool?

12 Improving Technology Decision Making for the Multichannel Retailer Cost? – Be careful who you Ask! Vendor Speak “Silver Bullet…” “….Easy Steps” Cost of Procrastination and Sandbagging?

13 Improving Technology Decision Making for the Multichannel Retailer Upside? Plenty… Avoid Fines and Corporate Shame ‘Off the Shelf’ Security Policy Data Protection? ISO 27000? Advanced Warning System

14 Improving Technology Decision Making for the Multichannel Retailer The Future of the PCI DSS Stable and Mature P2P Encryption and Tokenization help but aren’t ‘Magic Bullets’ (or Silver Bullets) Likely that the PCI DSS will take P2P Encryption in as an additional measure Expect more, not fewer measures

15 Improving Technology Decision Making for the Multichannel Retailer Want some advice? PCI DSS on a fag packet Take Control – understand the objectives of the PCI DSS Your environment is unique – you understand your exposure best Don’t ask your QSA for guidance, just confirmation

16 Improving Technology Decision Making for the Multichannel Retailer Summary Don’t resist – Embrace the PCI DSS! Thank you for your attention.

17

Download ppt "Improving Technology Decision Making for the Multichannel Retailer."

Similar presentations

Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.

Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.
CRM Technology.

CRM Technology.
Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.

Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
Mobile Payment Security The Good, the Bad and the Ugly

Mobile Payment Security The Good, the Bad and the Ugly
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
Troy Leach April 2012 The PCI Security Standards Council.

Troy Leach April 2012 The PCI Security Standards Council.
A university wide electronic research ethics review system?

A university wide electronic research ethics review system?
Martin Bacon – Managing Director.

Martin Bacon – Managing Director.
The FireHost Payment Island ™ A Layered Explanation.

The FireHost Payment Island ™ A Layered Explanation.
Technology Supervision Branch New FFIEC Guidance on Strong Authentication ABA Webcast January 11, 2006.

Technology Supervision Branch New FFIEC Guidance on Strong Authentication ABA Webcast January 11, 2006.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Securing the Digital Environment Technology Risk Management - A Caribbean Perspective Monday November 10 th 2014 Roshan Mohammed.

Securing the Digital Environment Technology Risk Management - A Caribbean Perspective Monday November 10 th 2014 Roshan Mohammed.
Presented by: Nick McHugh Date: 15/11/2005 Security, Safety, Confidence.

Presented by: Nick McHugh Date: 15/11/2005 Security, Safety, Confidence.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Jeff Williams Information Security Officer CSU, Sacramento

Jeff Williams Information Security Officer CSU, Sacramento
Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.

Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Similar presentations

Ads by Google