Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Slides:

Advertisements

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

Advertisements

Complying With Payment Card Industry Data Security Standards (PCI DSS)

Mr C Johnston ICT Teacher

JARED BIRD Nagios: Providing Value Throughout the Organization.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

Jeff Williams Information Security Officer CSU, Sacramento

Secure Computing Network

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Why Comply with PCI Security Standards?

Payment Card Industry (PCI) Data Security Standard

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. PCI Compliance & Technology.

The Right Choice for Call Recording OAISYS and PCI DSS Compliance Managing Payment Card Industry Compliance with OAISYS Call Recording Solutions.

The influence of PCI upon retail payment design and architectures Ian White QSA Head of UK&I and ME PCI Team September 4, 2013 Weekend Conference 7 & 8.

An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

PCI requirements in business language What can happen with the cardholder data?

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

PCI: As complicated as it sounds? Gerry Lawrence CTO

Credit Card Processing Gail “Montreal” Shoffey Keeler August 14, 2007.

Introduction to Payment Card Industry Data Security Standard

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Introduction To Plastic Card Industry (PCI) Data Security Standards (DSS) April 28,2012 Cathy Pettis, SVP ICUL Service Corporation.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

IS Network and Telecommunications Risks Chapter Six.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

Information Security 2013 Roadshow - PCI. Roadshow Outline  What IS PCI  Why we Care about PCI  What PCI Means to You and Me.

Chapter 2 Securing Network Server and User Workstations.

Small Business Security Keith Slagle April 24, 2007.

PCI Training for PointOS Resellers PointOS Updated September 28, 2010.

ThankQ Solutions Pty Ltd Tech Forum 2013 PCI Compliance.

Security fundamentals Topic 2 Establishing and maintaining baseline security.

Security Awareness – Essential Part of Security Management Ilze Murane.

1 Payment Card Industry (PCI) Security Standard Developed by the PCI Security Council formed by major card issuers: Visa, MasterCard, American Express,

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Agency Introduction to DDM Dell Desktop Manager (DDM) Implementation.

Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.

IS3220 Information Technology Infrastructure Security

BYOD: An IT Security Perspective. What is BYOD? Bring your own device - refers to the policy of permitting employees to bring personally owned mobile.

Standards in Use. EMV June 16Caribbean Electronic Payments LLC2.

By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.

RUM Security FAQ “Can RUM meet PCI DSS requirements?” − PCI: Do not use vendor-supplied defaults for system passwords and other security parameter Change.

Performing Risk Analysis and Testing: Outsource or In-house

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Working at a Small-to-Medium Business or ISP – Chapter 8

Internet Payment.

IS4550 Security Policies and Implementation

I have many checklists: how do I get started with cyber security?

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Contact Center Security Strategies

G061 - Network Security.

Presentation transcript:

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data

Agenda Prevalence and benefit of IP communications Common IP communications security threats Role of security in the contact center Key considerations and how to mitigate threats

4 IP Communications Are Now The Standard Dimension Data Global Contact Center Benchmarking Report 2008

Why IP voice in the contact center? Improves workflow and business effectiveness Ability to distribute to the contact center workforce Reduces telecommunications total cost of ownership Enables channel aggregation Delivers flexible architecture

IP Communications Security Threats Improves workflow and business effectiveness –Networks are more open. Exposed to greater array of internal threats. Ability to distribute the contact center workforce –Family members use work PC for personal use –Data leaves contact center & enterprise; it leaves home network Reduces telecommunications total cost of ownership (TCO) –DOS attack takes down voice and desktop applications –Systems based on open and well known OS, databases, and protocols Enables channel aggregation – & websites are channel for viruses, trojans, malware and spyware –New channels require different authentication and information protection considerations Delivers flexible architecture –Expose corporate network to extranet

The Role of Security in the Contact Center Regulation & standards compliance Data loss prevention Process control –Security policies often require attention to process. To achieve compliance, processes often require auditable, repetitiveness.

8 Strategies to Cope with Security Threats Know the legislature and regulations that affect your contact operation e.g. DPA, FSA, PCI, HIPPA, SOX, ISO 27001, DNC

PCI Data Security Standards May Apply Build and Maintain a Secure Network – Requirement 1: Install and maintain a firewall configuration to protect cardholder data – Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data – Requirement 3: Protect stored cardholder data – Requirement 4: Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program – Requirement 5: Use and regularly update anti-virus software – Requirement 6: Develop and maintain secure systems and applications (vulnerability assessment, patch management) Implement Strong Access Control Measures – Requirement 7: Restrict access to cardholder data by business need-to-know – Requirement 8: Assign a unique ID to each person with computer access – Requirement 9: Restrict physical access to cardholder data Regularly Monitor and Test Networks –Requirement 10: Track and monitor all access to network resources and cardholder data (logging and QM) – Requirement 11: Regularly test security systems and processes Maintain an Information Security Policy – Requirement 12: Maintain a policy that addresses information security Reference:

PCI Data Security Standards May Apply Build and Maintain a Secure Network – Requirement 1: Install and maintain a firewall configuration to protect cardholder data – Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data – Requirement 3: Protect stored cardholder data – Requirement 4: Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program – Requirement 5: Use and regularly update anti-virus software – Requirement 6: Develop and maintain secure systems and applications (vulnerability assessment, patch management) Implement Strong Access Control Measures – Requirement 7: Restrict access to cardholder data by business need-to-know – Requirement 8: Assign a unique ID to each person with computer access – Requirement 9: Restrict physical access to cardholder data Regularly Monitor and Test Networks –Requirement 10: Track and monitor all access to network resources and cardholder data (logging and QM) – Requirement 11: Regularly test security systems and processes Maintain an Information Security Policy – Requirement 12: Maintain a policy that addresses information security Reference:

11 Strategies to Cope with Security Threats Know the legislature and regulations that affect your contact operation e.g. DPA, FSA, PCI, HIPPA, SOX, ISO 27001, DNC Architect the contact center around the network Deploy firewalls, IDS, IPS, web/ filtering, anti-virus, & policy-controlled desktop Strong authentication on home agent equipment under strong corporate IT policy Disable CD/DVD/USB ports on home agent equipment Encrypt data, voice and application, going across Internet to home agents Apply auditable logging on home agent workstations and lock down data access Publish a home work security policy and require sign off Apply data access by job function which is not typically impacted by channel Train agents in use of non-voice communications. An can carry the same legal weight as a hand written letter and it is a persistent form of communication. Ensure that corporate core security practices, baselines and standards are applied to the contact center infrastructure

Thank you for listening. Enjoy rest of the conference. Grant Sainsbury Practice Director, Customer Interactive Solutions (919)