Presentation is loading. Please wait.

Presentation is loading. Please wait.

Team 4 – Mack, Josh, Felicia, Kevin and Walter

Published byRoger Manning Modified over 6 years ago

Similar presentations

Presentation on theme: "Team 4 – Mack, Josh, Felicia, Kevin and Walter"— Presentation transcript:

1 Team 4 – Mack, Josh, Felicia, Kevin and Walter
Case Study – Target Team 4 – Mack, Josh, Felicia, Kevin and Walter Senior Testing and Internal Audit team

2 Team 4 – testing and auditing
How would you describe your current testing and auditing to your Senior Leadership? Our current testing and auditing process is comprehensive. We use Payment Card Industry Data Security Standard PCI-DSS We competed baseline testing based on PCI-DSS Passed PCI compliance audits on the POS systems

3 Team 4 – testing and auditing
What would you like to change for testing going forward? A comprehensive approach to testing/auditing will include all assets, not just those that fall under compliance regulations. We need to test ALL the subsystems going forward, not just the credit card systems.

4 Team 4 – testing and auditing
How would you test your interactions with vendors and suppliers? Require vendors to use commercial virus checking software and other security precautions on their interfacing systems. Require commercial virus scanning software that would have prevented malware used in the attack on the vendor machines. Security Skills Assessment and Appropriate Training: Require vendors to go through basic security training or agree to train staff. Can be accomplished by auditing vendor’s security training records. Malware in phishing attack would have failed. Hackers would not have obtained access to vendor portal credentials. Begin testing for two-factor authentication from vendor.

5 Team 4 – testing and auditing
What assurances can your testing provide to your leadership? From lessons learned and using approved comprehensive testing and audit procedures, when the next attack happens, we can assure that the detection and identification of the threat will happen quickly enough, so that we can react and recover in a timely manner.

6 Team 5 – interfaces and trust
Team 5: Senior Corporate Operations Group What is the best way to manage the risk of others interfacing with our network and systems? Focus on being proactive Understand ALL asset vulnerabilities Timely Incident response Implement comprehensive testing and audit procedures How should you control others on your network for access and authorization? Compartmentalize/segregate users based on roles/needs Use 2-factor Authentication Periodic review of authorized users

7 Team 5 – interfaces and trust
Team 5: Senior Corporate Operations Group What should be required of vendors and sub-contractors to work with your systems? Service Level Agreement (SLA) They should meet the PCI compliance requirements How do you ensure proper training and certification of sub-contractors and vendors? Require certification documentation be sent to IA office when updated/annually -or- require their IA office to submit training reports

Download ppt "Team 4 – Mack, Josh, Felicia, Kevin and Walter"

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
ISACA January 8, 2013. IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.

ISACA January 8, IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.
Checking & Corrective Action

Checking & Corrective Action
[Organisation’s Title] Environmental Management System

[Organisation’s Title] Environmental Management System
The World of Access Controls

The World of Access Controls
Zenith Visa Web Acquiring A quick over view. Web Acquiring Allows merchants to receive payments for goods and services through the Internet Allows customers.

Zenith Visa Web Acquiring A quick over view. Web Acquiring Allows merchants to receive payments for goods and services through the Internet Allows customers.
Information & Communication Technologies 08 2014 NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.

Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
The ISO 9002 Quality Assurance Management System

The ISO 9002 Quality Assurance Management System
Information Systems Security Officer

Information Systems Security Officer
Kevin R Perry August 12, 2014. Part 1: High Level Changes & Clarifications.

Kevin R Perry August 12, Part 1: High Level Changes & Clarifications.
NIST framework vs TENACE Protect Function (Sestriere, 21-23 Gennaio 2015)

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.

Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.
Introduction to Network Defense

Introduction to Network Defense
An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.

An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,

 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,

Similar presentations

Ads by Google