Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security 2013 Roadshow - PCI. Roadshow Outline  What IS PCI  Why we Care about PCI  What PCI Means to You and Me.

Published byBryce Dickerson Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Security 2013 Roadshow - PCI. Roadshow Outline  What IS PCI  Why we Care about PCI  What PCI Means to You and Me."— Presentation transcript:

1 Information Security 2013 Roadshow - PCI

2 Roadshow Outline  What IS PCI  Why we Care about PCI  What PCI Means to You and Me

3 What is PCI  Payment Card Industry Data Security Standard or PCI-DSS  Enforced by the Banks not by the Government (Recently became law in NV, WA, and MN)  Financial Control more than a Technical Control  The PCI DSS v2.0 Standards: 1.0: Install and maintain a firewall configuration to protect cardholder data. 2.0: Do not use vendor supplied defaults for system passwords and other security parameters. 3.0: Protect cardholder data. 4.0: Encrypt transmission of cardholder data across open, public networks. 5.0: Use and regularly update anti-virus software and programs. 6.0: Develop and maintain secure systems and applications. 7.0: Restrict access to cardholder data by business need to know. 8.0: Assign a unique ID to each person with a computer access. 9.0: Restrict physical access to cardholder data. 10.0: Track and monitor all access to network resources and cardholder data. 11.0: Regularly test security systems and processes. 12.0: Maintain a policy that addresses information security for all personnel.

4 Why Do We Care About PCI Compliance with PCI determines our ability to process credit cards. A Breach of PCI data could result in penalties from the bank as well as from the FTC. Reputation is perhaps the hardest thing to recover after a breach of any sort.

5 Why PCI Matters to You and Me A Credit Card Breach could include your data. As a data processor or an MDRP you are partially responsible for the protection of the card holder data. Middlebury has committed to PCI through policy and practice. A part of PCI-DSS includes education which will help you better understand the security concerns

6 Known Data Breaches in Higher-Ed - 2013 Montana State University University of Illinois Mercer County Community College University of Massachusetts Champlain College University of Florida – Health Pediatrics Idaho State University Louisiana State University Columbia University Medical Center York Technical College Oakland Community College Chapman University Kirkwood Community College Tallahassee Community College ETC…

7 Resources http://go.Middlebury.edu/pcidss http://go.Middlebury.edu/infosec email://pcioperationsteam@middlebury.edu Email://infosec@Middlebury.edu

8 Discussion and Links Please share your thoughts! Information Security Resources: http://go.middlebury.edu/infosec http://go.miis.edu/infosec Report Information Security Events To: infosec@middlebury.edu

Download ppt "Information Security 2013 Roadshow - PCI. Roadshow Outline  What IS PCI  Why we Care about PCI  What PCI Means to You and Me."

Similar presentations

Data Privacy IU Financial Transactions Sterling George Director, Financial Systems Administration and Records Management.

Data Privacy IU Financial Transactions Sterling George Director, Financial Systems Administration and Records Management.
Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.

Payment Card Industry Data Security Standard AAFA ISC/SCLC Fall 08.
The Payment Card Industry Data Security Standard (PCI DSS)

The Payment Card Industry Data Security Standard (PCI DSS)
Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.

Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.

Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.

PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.

2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Property of CampusGuard Compliance With The PCI DSS.

Property of CampusGuard Compliance With The PCI DSS.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Jeff Williams Information Security Officer CSU, Sacramento

Jeff Williams Information Security Officer CSU, Sacramento
Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.

Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.
1 Goal is protection of sensitive data New Rice policy calls for protection of sensitive personally identifying information Confidential information includes:

1 Goal is protection of sensitive data New Rice policy calls for protection of sensitive personally identifying information Confidential information includes:
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

Similar presentations

Ads by Google