Presentation is loading. Please wait.

Presentation is loading. Please wait.

PCI PROJECT UPDATE Jeff Gassaway, CIPP, CISSP, ISPO 1.

Published byAndrea Bishop Modified over 9 years ago

Similar presentations

Presentation on theme: "PCI PROJECT UPDATE Jeff Gassaway, CIPP, CISSP, ISPO 1."— Presentation transcript:

1 PCI PROJECT UPDATE Jeff Gassaway, CIPP, CISSP, ISPO 1

2 Agenda History State of the Project Future 2

3 PCI History (and just what is PCI?) Payment Card Industry Data Security Standard - PCI-DSS Minimum standard for securing Card Holder Data Environments (CDEs) PCI DSS V 1.0 12/15/2004 PCI DSS V 3.0 1/1/2015 PCI DSS V 3.1 4/15/2015 3

4 UNM History High Volume PCI Transactions: TouchNet (Bursars) Ticketing(Pit and Popejoy) Parking KNME and KUNM Major Discussions and Work: Cardholder Data Environment Scope Overall Compliance Risks Incidents 4

5 State of the Project PCI Initiative Project In good health Covers CFO areas (and others that connect) Prepares for Provost areas 5

6 State of the Project II – Core Team Currently Conducting site visits Assisting with Cardholder Data Environment Diagrams Assisting with deploying standard solutions Coordinating and working with staff in business units Planned Assist with Self-Assessment Questionnaires (SAQs) Assist with mitigating additional risks that surface Transfer and Train on Policies and Standard Operating Procedures Schedule Learning Central PCI training 6

7 The Core PCI Project Team John Colangelo – IT PM Jeff Gassaway – IT Project Champion Elaine Rising – IT Business Analyst Lucas Walker – Technical Team – Information Security Eric Woods – Technical Team- Information Security 7

8 State of the Project III - Steering Monitor project progress Make decisions (background checks, additional solutions) Escalate issues Review and approve Project documents (charters and standard solutions) Policy changes (7200 and 7215) Business process changes (demising MIDs or business lines) 8

9 The Steering Committee Jeff Gassaway – ISPO Gil Gonzales – CIO Keith Mellor – UNM Treasurer Liz Metzger – UNM Controller Laura Putz – HSC Representative Chris Vallejos – VP Institutional Support Services Melissa Vargas – Provost Representative 9

10 State of the Issues Project budget is approved Project plan is complete and awaiting signatures New Merchant IDs continue to be discovered* Current device types and locations continue to be discovered* All card processing units have a SP site for ongoing management Standard solutions will solve compliance for ~88% of MIDs 25 (about half) of site visits complete 30% overall project completion On track for end of October completion *Standard solutions have met business needs so far 10

11 Future Approve, publish and transfer UNM Policies and SOPs Register staff for PCI training module in Learning Central Deploy standard solutions or initiate subprojects Validate that no Cardholder Data remains Transition to maintenance mode Monitor for updates to standard and tune program accordingly 11

12 Answers! kmellor@unm.edu base@unm.edu 12

Download ppt "PCI PROJECT UPDATE Jeff Gassaway, CIPP, CISSP, ISPO 1."

Similar presentations

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
The Value of a Project Management Office Copyright: Kathy J. Lang, 2004.

The Value of a Project Management Office Copyright: Kathy J. Lang, 2004.
Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.

Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.
This refresher course will:

This refresher course will:
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
How to Document A Business Management System

How to Document A Business Management System
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.

Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations

Presented by : Vivian Eberhardt, Supervisor Cash and Credit Operations
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
1 Goal is protection of sensitive data New Rice policy calls for protection of sensitive personally identifying information Confidential information includes:

1 Goal is protection of sensitive data New Rice policy calls for protection of sensitive personally identifying information Confidential information includes:
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
Why Comply with PCI Security Standards?

Why Comply with PCI Security Standards?
IS&T Project Management: How to Engage the Customer September 27, 2005.

IS&T Project Management: How to Engage the Customer September 27, 2005.
Disclaimer Copyright Michael Chapple and Jane Drews, 2006. This work is the intellectual property of the authors. Permission is granted for this material.

Disclaimer Copyright Michael Chapple and Jane Drews, This work is the intellectual property of the authors. Permission is granted for this material.
Web Advisory Committee June 17, 2009.  Implementing E-commerce at UW  Current Status and Future Plans  PCI Data Security Standard  Questions.

Web Advisory Committee June 17,  Implementing E-commerce at UW  Current Status and Future Plans  PCI Data Security Standard  Questions.
Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger 515-237-5007.

Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger

Similar presentations

Ads by Google