Presentation is loading. Please wait.

Presentation is loading. Please wait.

North Carolina Community College System IIPS Conference – Spring 2009 Jason Godfrey IT Security Manager (919) 807-7054

Published byClemence Day Modified over 8 years ago

Similar presentations

Presentation on theme: "North Carolina Community College System IIPS Conference – Spring 2009 Jason Godfrey IT Security Manager (919) 807-7054"— Presentation transcript:

1 North Carolina Community College System IIPS Conference – Spring 2009 Jason Godfrey IT Security Manager (919) 807-7054 godfreyj@nccommunitycolleges.edu

2  PCI Data Security Standard (DSS)  Latest Data Security Standard  Compliant Process  Becoming Compliant  Maintaining Compliance  Determining Which SAQ  General Tips  Prioritizing Milestones  Challenges  Additional Information  Q & A - Open forum

3

4  Current version is 1.2  Released October 2008  Majority of changes are explanatory and clarifications  Three enhancements  Section 4.1.1 – Testing requirements and wireless encryption standards  Appendix D: attestations and compliance forms  Appendix E: attestations and compliance forms

5

6 1. PCI DSS Scoping – determine what system components are governed by PCI DSS 2. Sampling – examine the compliance of a subset of system components in scope 3. Compensating Controls – QSA validates alternative control technologies/processes 4. Reporting – merchant/organization submits required documentation 5. Clarifications – merchant/organization clarifies/updates report statements (if applicable)

7 Remediate Report Assess

8

9  Never store sensitive card data  Full content of the magnetic strip  Card validation codes and values  PIN blocks  Contact your POS vendor regarding PCI compliance  Don’t store card holder data if you don’t need it  Minimize scope  Prioritize requirements

10 1. Remove sensitive authentication data and limit data retention. 2. Protect the perimeter, internal, and wireless networks. 3. Secure payment card applications. 4. Monitor and control access to your systems. 5. Protect stored cardholder data (security classes). 6. Finalize remaining compliance efforts, and ensure all controls are in place. 1 The Prioritized Approach to Pursue PCI DSS Compliance

11  Documenting policies, processes, and procedures  Storing backups in secured manner (off-site is preferable)  Separation of duties  Local payment card applications  Hardware and software  CCTV  File monitoring  Audit trails  Internal and external penetration tests  Training  Management buy-in and user acceptance

12  PCI Council https://www.pcisecuritystandards.org  PCI Council Navigating the SAQ https://www.pcisecuritystandards.org/pdfs/pci_dss_saq_navigating_d ss.pdf  PCI Council Quick Guide https://www.pcisecuritystandards.org/pdfs/pci_ssc_quick_guide.pdf  PCI Prioritized Approach https://www.pcisecuritystandards.org/education/docs/Prioritized_Approach_ PCI_DSS_1_2.pdf  Trustwave  General Questions – (800) 363-1621  support@trustwave.com support@trustwave.com

13  System Office – contact the CIS Help Desk  US CERT http://www.us-cert.gov/  SANS Institute http://www.sans.org/  NC ITS State-wide Security Manual http://www.scio.state.nc.us/SITPoliciesAndStandards/Statewide_Informatio n_Security_Manual.asp  Open Source applications  Network Security Tool (NST)  Snort  Untangle  Zenoss

14 Q & A

Download ppt "North Carolina Community College System IIPS Conference – Spring 2009 Jason Godfrey IT Security Manager (919) 807-7054"

Similar presentations

Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.

Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.
Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry (PCI) Compliance

Payment Card Industry (PCI) Compliance
National Bank of Dominica Ltd. 2011 Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.

National Bank of Dominica Ltd Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.
Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.

Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.
.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.

.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.
Mobile Payment Security The Good, the Bad and the Ugly

Mobile Payment Security The Good, the Bad and the Ugly
PCI DSS for Retail Industry

PCI DSS for Retail Industry
Navigating the New SAQs (Helping the 99% validate PCI compliance)

Navigating the New SAQs (Helping the 99% validate PCI compliance)
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.

2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Property of CampusGuard Compliance With The PCI DSS.

Property of CampusGuard Compliance With The PCI DSS.
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.

Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
Payment Card PCI DSS Compliance SAQ-D Training Accounts Receivable Services, Controller’s Office 7/1/2012.

Payment Card PCI DSS Compliance SAQ-D Training Accounts Receivable Services, Controller’s Office 7/1/2012.
PCI DSS Version 3.0 For Controllers and Business Users Luke Harris, Office of State the Controller David Reavis, UNC General Administration November 10,

PCI DSS Version 3.0 For Controllers and Business Users Luke Harris, Office of State the Controller David Reavis, UNC General Administration November 10,
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Visa Cemea Account Information Security (AIS) Programme

Visa Cemea Account Information Security (AIS) Programme
Security Controls – What Works

Security Controls – What Works
1 Goal is protection of sensitive data New Rice policy calls for protection of sensitive personally identifying information Confidential information includes:

1 Goal is protection of sensitive data New Rice policy calls for protection of sensitive personally identifying information Confidential information includes:

Similar presentations

Ads by Google