Copyright 2008 - 2011 TurboPCI, Inc. All rights reserved. PCI Compliance Security Awareness Training 31 December 2011.

Slides:



Advertisements
Similar presentations
Privacy & Other Issues. Acceptable Use Policies When you sign up for an account at school or from an Internet Service Provider, you agree to their rules.
Advertisements

Northside I.S.D. Acceptable Use Policy
DO-IT TRAINING KIT Acceptable Use Policy
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
Complying With Payment Card Industry Data Security Standards (PCI DSS)
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Springfield Technical Community College Security Awareness Training.
Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.
CREATED BY: HMIS Security Awareness Approved 1/10/2012 Revised 1/29/2013 Revised 3/15/2013.
Acceptable Use Policy (or Fair Use): For Users of Computers and other technology.
Policy 6460 Staff Use of Computerized Information Resources Regulation 6460 R-Staff Use of Computerized Information Resources Regulation 6460 R.2 Staff.
Boyertown Area School District Acceptable Use Policy.
Security, Privacy, and Ethics Online Computer Crimes.
Information Security Awareness:
Security Controls – What Works
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
PCI and how it affects College Stores… ROBIN MAYO | PCIP ECOMMERCE MANAGER EAST CAROLINA UNIVERISTY.
Acceptable Use Policy (AUP) What does it actually say? Why is it necessary?
ACCEPTABLE An acceptable use policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager.
INTERNET and CODE OF CONDUCT
Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.
Course: Introduction to Computers Lecture: 6.  Commercial software is covered by Copyrights.  You have to pay for it and register to have the license.
The influence of PCI upon retail payment design and architectures Ian White QSA Head of UK&I and ME PCI Team September 4, 2013 Weekend Conference 7 & 8.
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
CPS Acceptable Use Policy Day 2 – Technology Session.
BUS1MIS Management Information Systems Semester 1, 2012 Week 7 Lecture 1.
Moffatt Thomas Practical Suggestions for Electronic Device and Internet Use in the Workplace C. Clayton Gill December 18, 2012.
Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only.
HIPAA PRIVACY AND SECURITY AWARENESS.
Using SWHS: The AUP [Acceptable Use Policy]
Electronic Use Policies.   Social Media  Internet.
BUSINESS B1 Information Security.
Ames Laboratory Privacy and Personally Identifiable Information (PII) Training Welcome to the Ames Laboratory’s training on Personally Identifiable Information.
Employee Guidelines for Acceptable Use of Technology Resources.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
EFFECT OF CORPORATE IT POLICIES ON OTHERWISE PRIVILEGED COMMUNICATIONS Prepared by Joel P. Hoxie of Snell & Wilmer November 2010 Presented by: Jon Barton.
Use of U.T. Austin Property Computers: Security & Acceptable Use The University of Texas at Austin General Compliance Training Program.
Jenkins Independent Schools NETWORK STAFF USER CONTRACT Acceptable Use Policy 2007 – 2008.
User Responsibility  1. To transmit or knowingly receive any materials in violation of United States, state, or local laws, or in violation of school.
EAST HARDIN MIDDLE SCHOOL MR. ERVIN Internet Safety Policy and Acceptable Use Procedures.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Acceptable Use Policy by Andrew Breen. What is an Acceptable Use Policy? According to Wikipedia: a set of rules applied by many transit networks which.
e-Learning Module Credit/Debit Payment Card Acceptance and Security
Information Security IBK3IBV01 College 2 Paul J. Cornelisse.
December 25, 2015 Copyright © 2010 WeComply, Inc. All rights reserved. Appropriate Internet Use Note to Trainer.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Personal data protection in research projects
A REVIEW OF THE NPSD’S ACCEPTABLE USE POLICIES AND ADMINISTRATIVE REGULATIONS JUNE 17 TH & 20 TH TEACHER IN-SERVICE The Acceptable Use of Technology 1.
A REVIEW OF THE NPSD’S ACCEPTABLE USE POLICIES AND ADMINISTRATIVE REGULATIONS JUNE 17 TH & 20 TH TEACHER IN-SERVICE The Acceptable Use of Technology 1.
Montgomery College Acceptable Use Policy (AUP). 2 This Acceptable Use Policy (AUP) PowerPoint presentation was developed by the Office of the Information.
ACCEPTABLE USE POLICY: INFORMATION TECHNOLOGY RESOURCES IN THE SCHOOLS The school's information technology resources, including and Internet access,
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
From Facebook to Mugshots Facebook/MySpace EDD: Legal, social & ethical issues in use of modern personal posting technologies in law enforcement and academic.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Effect of Corporate IT Policies on Otherwise Privileged Communication By: Jonathan T. Barton.
Somerset ISD Online Acceptable Use Policy. Somerset Independent School District Electronic Resources Acceptable Use Policy The purpose of this training.
Health Insurance Portability and Accountability Act (HIPAA) Primer for Observers, Volunteers, Medical Students Dr. Michael Palumbo- Privacy Officer/ EVP.
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
Payment Card Industry (PCI) Rules and Standards
Protecting PHI & PII 12/30/2017 6:45 AM
Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.
PCI Compliance Security Awareness Training 31 December 2011
Privacy & Confidentiality
Red Flags Rule An Introduction County College of Morris
Spencer County Public Schools Responsible Use Policy for Technology and Related Devices Spencer County Public Schools has access to and use of the Internet.
Introduction to the PACS Security
Presentation transcript:

Copyright TurboPCI, Inc. All rights reserved. PCI Compliance Security Awareness Training 31 December 2011

What is PCI Compliance? Before 2006, all payment card brands (Visa, AMEX, MasterCard, Discover, and JCB) had created their own programs to combat credit/debit card fraud. With the increase in fraud, this became very expensive to manage. The brands joined together to create the Payment Card Industry Security Standards Council (PCI SSC). The PCI SSC developed an enforceable set of ‘best practices’ standards called the Payment Card Industry Data Security Standards (PCI DSS). Copyright TurboPCI, Inc. All rights reserved.

What is PCI Compliance? Any business that accepts credit/debit cards as payment from their customers must be compliant with some or all of the PCI DSS (called ‘Requirements’), based on how they do business. Copyright TurboPCI, Inc. All rights reserved.

Security Policy All Coast Guard MWR workforce members (including employees, contractors, temporary employees, consultants, etc.) must comply with the PCI policies and procedures. Workforce members must always protect their customers’ cardholder data at all times. Before, during and after every transaction If the data is stored in electronic format If the data is printed on any reports/documents Copyright TurboPCI, Inc. All rights reserved.

Security Policy All workforce members will report any security incident that they become aware of or suspect may have occurred. Any and all technologies used to access cardholder data must be approved by the MWR Program. Examples of technologies: Credit/Debit Card Swipe Machines Computers using payment applications that store cardholder data Any remote computers (laptops, home PCs, smart phones, etc.) used by workforce members to access MWR systems containing cardholder data. Any changes made to these technologies must be documented and approved (i.e., upgrade of an application, change of a card swipe machine, etc.) Copyright TurboPCI, Inc. All rights reserved.

Workforce Screening New workforce members, and members being promoted, will be subject to background checks as limited by law Copyright TurboPCI, Inc. All rights reserved.

Service Providers Policy All service providers with which cardholder data is shared must adhere to the PCI DSS requirements and must sign an agreement acknowledging that the service provider is responsible for the security of cardholder data the provider possesses. Copyright TurboPCI, Inc. All rights reserved.

Incident Response Policy If a security incident should occur involving cardholder data, workforce members must follow the security incident reporting guidelines found in Commandant Instruction , Privacy Incident Response, Notification, and Reporting Procedures for Personally Identifiable Information (PII). Some examples of a security incident could be: Customer mistakenly leaves their card behind and it is stolen from the MWR Program site before it can be returned. A computer containing a payment application that stores cardholder data is infected by a virus. Copyright TurboPCI, Inc. All rights reserved.

Acceptable Use Policy For IT resources (PCs, laptops, smart phones, etc.) accessing cardholder data: Users will be permitted access to computer resources upon approval by the appropriate department director or supervisor. Users must have no expectation of privacy as to any communication on or information stored within IT resources. Because of the need to protect the MWR resources, the confidentiality of information stored on any computer device belonging to MWR is not guaranteed. Copyright TurboPCI, Inc. All rights reserved.

Acceptable Use Policy Users are responsible for exercising good judgment regarding the reasonableness of personal use. If there is any uncertainty, users must consult their supervisor or manager. Such personal use must not interfere with a user fulfilling his or her job responsibilities, interfere with other users' access to resources, or be excessive as determined by management. For security and network maintenance purposes, authorized MWR workforce members may monitor equipment, systems and network traffic at any time. Copyright TurboPCI, Inc. All rights reserved.

Acceptable Use Policy Workforce members must take all necessary steps to prevent unauthorized access to Special Handling/Controlled Access Only information, specifically cardholder data. Sharing user identification and/or password information with any other person is strictly prohibited. Keep passwords secure. Authorized users are responsible for the security of their passwords and accounts. All user level passwords must be changed every 90 days. All PCs, laptops and workstations must be secured with a password-protected screensaver with the automatic activation feature set at 10 minutes or less, or by logging-off when the host will be unattended. Copyright TurboPCI, Inc. All rights reserved.

Acceptable Use Policy Because information contained on portable computers is especially vulnerable, special care will be exercised. Postings by users from an MWR address to newsgroups must contain a disclaimer stating that the opinions expressed are strictly their own and not necessarily those of MWR, unless posting is in the course of business duties. All hosts used by the user that are connected to MWR IT resources, whether owned by the user or MWR, shall be continually executing approved virus-scanning software with a current virus database. Copyright TurboPCI, Inc. All rights reserved.

Acceptable Use Policy Users must use extreme caution when opening unexpected attachments received from any sender, which may contain viruses, bombs, or Trojan horse code. User access privileges will be granted on a need-to-know (least privilege) basis. Copyright TurboPCI, Inc. All rights reserved.

Unacceptable Uses The following activities are strictly prohibited, with no exceptions: Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, including, but not limited to, pirated software. Exporting software, technical information, encryption software or technology, in violation of international or regional export control laws. Introduction of malicious programs into MWR IT resources (e.g., viruses, worms, Trojan horses, root kits, etc.). Copyright TurboPCI, Inc. All rights reserved.

Unacceptable Uses Revealing your account password to others or allowing use of your account by others. This includes family and other household members when work is being done at home. Using MWR IT resources to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws. Making fraudulent offers of products, items, or services originating from any MWR account. Making statements about warranty, expressly or implied, unless it is a part of normal job duties. Copyright TurboPCI, Inc. All rights reserved.

Unacceptable Uses Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the user is not an intended recipient or logging into a server or account that the user is not expressly authorized to access, unless these duties are within the scope of regular duties. Executing any form of network monitoring which will intercept data not intended for the user's host, unless this activity is a part of the user's normal job/duty. Copyright TurboPCI, Inc. All rights reserved.

Unacceptable Uses Circumventing user authentication or security of any host, network or account. Using any program/script/command, or sending messages of any kind, with the intent to interfere with, or disable, a user's terminal session, via any means, locally or via the Internet/Intranet/Extranet. Providing information about, or lists of, MWR users to outside parties. Sending unencrypted cardholder’s account numbers in , by chat, or by any other electronic means. Copyright TurboPCI, Inc. All rights reserved.

Unacceptable Uses Unauthorized use of any instant messenger programs (i.e. AIM, Microsoft Messenger, Trillion etc), personal profile spaces (including MySpace, Facebook, Hotmail, Match, etc) or file sharing (peer-to-peer) software. Copyright TurboPCI, Inc. All rights reserved.

Wrap Up Always protect your customers’ cardholder data, whether in electronic or hard copy (written) form. PCI Compliance is mandatory. Any violations of the PCI DSS Requirements could result in the MWR Program losing the ability to accept debit/credit cards from their customers. Be smart and follow the policies and procedures! Copyright TurboPCI, Inc. All rights reserved.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.