Presentation is loading. Please wait.

Presentation is loading. Please wait.

PCI Compliance Update Presented by: Jeff Gassaway, Information Security Officer – CISSP Lucas Walker, Information Security Analyst – GSEC 1.

Published byRosanna Wilson Modified over 9 years ago

Similar presentations

Presentation on theme: "PCI Compliance Update Presented by: Jeff Gassaway, Information Security Officer – CISSP Lucas Walker, Information Security Analyst – GSEC 1."— Presentation transcript:

1 PCI Compliance Update Presented by: Jeff Gassaway, Information Security Officer – CISSP Lucas Walker, Information Security Analyst – GSEC 1

2 2

3 The Way We Were FY 2012-2013 Improved oversight and direction Improved compliance with PCI data security standards Improved campus-wide security controls 3

4 What We Did to Improve 1.Brought CoalFire on site for departments with largest volume and highest risk PCI transactions. 2.Established PCI mailing list to facilitate communication 3.Brought PCI trainings to campus 4.Created PCI Working Group 4 Based on number of transactions per year How credit cards are being taken Essentially, risk to the consumer

5 How We Reduced Costs Reduced reliance on CoalFire’s services Shadowed CoalFire site visits and interviews Assisted departments in utilizing CoalFire’s tools Navis LightHouse PCI Working Group Working to develop standard solutions to meet a variety of departmental needs Provide guidance Consistency 5

6 Where We Are Reducing Scope and Complexity Clarifying PCI terms Bringing significant issues to PCI Working group: Developing approved enterprise solutions Advising on business processes changes Researching and supporting common tools and technology Reviewing and enhancing policies and procedures Cost Reduction 6

7 Where We Must Go Quarterly scans (internal and external) conducted Robust change and patch management implemented Everything in scope logged and reviewed daily Consistent policies developed Annual departmental policy review and trainings conducted No cards stored No non-compliance 7

8 Q&A Help.unm.edu security@unm.edu kmellor@unm.edu Policy 7215 it.unm.edu/security 8

Download ppt "PCI Compliance Update Presented by: Jeff Gassaway, Information Security Officer – CISSP Lucas Walker, Information Security Analyst – GSEC 1."

Similar presentations

Arizona Department of Homeland Security SAA Site Monitoring 6 th Annual Homeland Security UASI Conference May 2012 May 2012 Governor Janice K. BrewerDirector.

Arizona Department of Homeland Security SAA Site Monitoring 6 th Annual Homeland Security UASI Conference May 2012 May 2012 Governor Janice K. BrewerDirector.
What we all need to know. Approval Date: April 30, 2012 Approved by: President's Council.

What we all need to know. Approval Date: April 30, 2012 Approved by: President's Council.
.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.

.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.
Cash Collection and Deposit Training Financial Services.

Cash Collection and Deposit Training Financial Services.
Process and Procedure Documentation. Agenda Why document processes and procedures? What is process and procedure documentation? Who creates and uses this.

Process and Procedure Documentation. Agenda Why document processes and procedures? What is process and procedure documentation? Who creates and uses this.
This refresher course will:

This refresher course will:
The importance of a Compliance program is to ensure that our agency meets the highest possible standards for all relevant federal, state and local regulations,

The importance of a Compliance program is to ensure that our agency meets the highest possible standards for all relevant federal, state and local regulations,
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
PCard Administration and FSO Compliance Karen Brookbanks, C.P.M., CPPB, PCard Administrator Floyd Roman, Associate Comptroller Susan Reece, Lead Compliance.

PCard Administration and FSO Compliance Karen Brookbanks, C.P.M., CPPB, PCard Administrator Floyd Roman, Associate Comptroller Susan Reece, Lead Compliance.
Internal Audit Awareness

Internal Audit Awareness
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.

Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations

Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations
Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.

Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,

2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
Strategic Purchasing at Penn Impacting the Institution's Bottom Line October 21, 2005 Presented by: Ralph Maier Director of Purchasing Services.

Strategic Purchasing at Penn Impacting the Institution's Bottom Line October 21, 2005 Presented by: Ralph Maier Director of Purchasing Services.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
UNC Charlotte Purchasing Card Training for Auditor Role Annette Heller.

UNC Charlotte Purchasing Card Training for Auditor Role Annette Heller.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Mitun PatelMXP07U. Organisational structure Top management; this includes the organisation’s general manager and its executives Department managers; this.

Mitun PatelMXP07U. Organisational structure Top management; this includes the organisation’s general manager and its executives Department managers; this.

Similar presentations

Ads by Google