In the past, audit checks were compartmentalized and IT staff were enforcers. It can’t be that way anymore. Make sure you are using the proper tools to easily pass the technical audit so you can focus on improving your overall security posture. Users need to be educated about the proper use of hardware, software, and understand security. When an auditor comes on site, they aren’t just looking to check a box, they are validating policies and procedures. They will go to users and ask questions like, “are you aware” or “how do you”. Because of the recent breaches, they understand it’s not just IT, but all employees who must understand security policy and procedures. There needs to be companywide education and support for security. As a CISO that’s your primary goal.
Eric Hodeen Mr. Hodeen is CEO of CourtesyIT, a professional services company specializing in IT Management and Compliance services. Eric is a SCP (Solarwinds Certified Professional) who earned a Master’s of Science degree in Management of Technology with a focus in Security from University of Texas San Antonio and who also holds numerous certification from CompTIA, Cisco and Juniper. Eric has 20+ years’ experience managing DoD and other complex global networks. He currently resides in Honolulu, HI. Rob Johnson Rob has spent over 17 years in various IT roles with the last 10 focused specifically on Network Security in the commercial and government and DoD sectors.
For the sake of time I think we can skip this slide however I copied the Polls bullet and placed it in the why pci is important slide.
At a high level, network segmentation isolates systems that store, process, or transmit cardholder data from those that do not. To implement network segmentation,
Isolate cardholder data to specific systems and control access to those systems
Internal network partitioning can be accomplished using firewalls and routers
The network segments can be easily presented via compliance reports
Reduces the scope of an audit - less effort, documentation, time, resources and money will logically be required to complete the audit process.
Network Segmentation is comes in the forms of Production Traffic, Managment Traffice, Backup/Development traffic. All three are physically separate networks and have very specific requirements and usages.
SCP used for moving files from one location to another.
The importance of building and maintaining a secure network is critical to achieving PCI DSS compliance and requires a mix of operational and technical controls to not only implement and maintain proper network segmentation and compliance to specific PCI DSS requirements but also within a mature “day-to-day” IT management framework. An automated solution can provide tremendous value in the following ways:
From Here we should open up the Q&A Session then display the next slide when we are about to wrap up.