Presentation is loading. Please wait.

Presentation is loading. Please wait.

EDUCAUSE Security Conference Denver, Colorado April 10 to 12, 2006 Bob Beer Biggs Engineering 117 (419) 772-2396

Published byAlice Morton Modified over 8 years ago

Similar presentations

Presentation on theme: "EDUCAUSE Security Conference Denver, Colorado April 10 to 12, 2006 Bob Beer Biggs Engineering 117 (419) 772-2396"— Presentation transcript:

1 EDUCAUSE Security Conference Denver, Colorado April 10 to 12, 2006 Bob Beer Biggs Engineering 117 (419) 772-2396 r-beer@onu.edu

2 2 Topics SunGard Security in Banner Identity Management Payment Card Industry-Data Security Standard

3 3 Banner Security BOF Joy R. Hughes, CIO George Mason SunGardHE should not do identity management Security feature requests include negative performance items –Encryption –Change tracking –Field level audit trails –Current product performance

4 4 Banner Security cont. Support for regulatory compliance Security emphasized at the pre- implementation stage

5 5 Miscellaneous Banner Discussion Best/Recommended practices missing Sensitive data not masked Auto-generated ID are sequential Third party application access is via privileged accounts PINs visible in GOATPAD form –six characters –default DOB

6 6 Identity Management AuthN and AuthZ Identifiers (unify namespace) –Replaced SSN –PUID 00000-00000 Provisioning (by department) AuthZ (Id X Role matrix) Example

7 7 PCI-DSS Data Security Standard 2004 Applies to everyone who processes cards Includes any equipment attached to the card processing environment Compliance date June 2005 (poorly communicated)

8 8 Merchants and Service Providers Merchant-our institutions Service Provider-process, stores, transmits cardholder data

9 9 Levels 1Any merchant who processes over 6,000,000 transactions annually. Any merchant that has suffered a breach. Any merchant designated Level 1 by Visa 2Any merchant who processes between 150,000 and 6,000,000 e-commerce transactions annually.

10 10 Levels continued 3Any merchant who processes between 20,000 and 150,000 e-commerce transactions annually. 4Anyone else.

11 11 Risks Reputation (damage to “brand” and data disclosure legislation) Financial ($500,000 per incident) Compliance (level 1 requirements) Operational (loss of processing)

12 12 12 Requirements Install and maintain a firewall Do not user vender supplied default passwords Protect (encrypt) Stored Data Encrypt transmission of cardholder data Use and update AV software

13 13 Requirements continued Develop and maintain secure systems and applications (patch management) Restrict access (need to know) Assign unique identifiers to all users (various password policies) Restrict physical access to cardholder data

14 14 Requirements continued Track and monitor access to cardholder data Regularly test security systems and processes Maintain an information security policy

15 15 Resources http://www.usa.visa.com/cisp Guidelines Self Assessment Audit

Download ppt "EDUCAUSE Security Conference Denver, Colorado April 10 to 12, 2006 Bob Beer Biggs Engineering 117 (419) 772-2396"

Similar presentations

Data Privacy IU Financial Transactions Sterling George Director, Financial Systems Administration and Records Management.

Data Privacy IU Financial Transactions Sterling George Director, Financial Systems Administration and Records Management.
Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
ISACA January 8, 2013. IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.

ISACA January 8, IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.
The Payment Card Industry Data Security Standard (PCI DSS)

The Payment Card Industry Data Security Standard (PCI DSS)
Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.

Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.

PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.

2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Property of CampusGuard Compliance With The PCI DSS.

Property of CampusGuard Compliance With The PCI DSS.
Payment Card PCI DSS Compliance SAQ-D Training Accounts Receivable Services, Controller’s Office 7/1/2012.

Payment Card PCI DSS Compliance SAQ-D Training Accounts Receivable Services, Controller’s Office 7/1/2012.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Jeff Williams Information Security Officer CSU, Sacramento

Jeff Williams Information Security Officer CSU, Sacramento
Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.

Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.
Visa Cemea Account Information Security (AIS) Programme

Visa Cemea Account Information Security (AIS) Programme
1 Goal is protection of sensitive data New Rice policy calls for protection of sensitive personally identifying information Confidential information includes:

1 Goal is protection of sensitive data New Rice policy calls for protection of sensitive personally identifying information Confidential information includes:
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Similar presentations

Ads by Google