SlideShare ist ein Scribd-Unternehmen logo

Presentation_Borne

Als PPTX, PDF herunterladen
P
P. Neil Borne CISSP,CEH,CHFI
1 von 14
Capstone Project: PCI-DSS Compliance Integration Presenter: Phillip Neil Borne
Introduction  Currently the South Texas Engineering Manager responsible for all IT network and engineering infrastructure in the South Texas segment. Responsibilities include all networking hardware at 100 sites and managing five network engineers  Spent the last 17 years of my career implementing technologies ranging from satellite, microwave, Wi-Fi, telephony and large IP networks  Held a wide range of certifications from CCENT, CCNA, CCNP, CCDA, CWNA, Six Sigma, FCC License, CEH, CHFI and MBA-Technology Management  Constantly increasing my knowledge of security in my spare time by researching the latest information along with preparation for CISSP and other future certifications 2 Capstone Project: PCI-DSS Compliance
Why Choose PCI Integration?  Been working with PCI compliance for a few years and always wanted to deeper understanding of the requirements  Since nearly all organizations process credit cards as part of their business operations I determined it was best to fully understand the requirements for future career use  Interest in PCI-DSS not only covers the requirements for compliance but also the standard best practices of standards such as NIST  With a significant increase in credit card compromises I wanted to study how past incidents occurred and prepare better defensive models 3 Capstone Project: PCI-DSS Compliance
Overview of Problem  Many companies are required to become PCI compliant due to credit card processing but do not have the experience or knowledge  Failure to become PCI compliant affects not only operations but also legal and financials by risk of legal litigation and fines  Typical technology staff doesn’t posses the experience or knowledge to implement PCI requirements  Business priorities are placed ahead of implementing information security  Average business doesn’t understand the importance of Information Security 4 Capstone Project: PCI-DSS Compliance
Overview of Problem (cont.)  PCI-DSS covers a wide range of topics which the average technical staff may not be able to fully cover: 1) Building and Maintaining Secure Networks and Systems (Section 1-2) 2) Protecting Cardholder Data (Section 3-4) 3) Maintaining a Vulnerability Management Program( Section 5-6) 4) Implementing Strong Access Control Measures(Section 7-9) 5) Regular Monitoring and Testing of Networks (Section 10-11) 6) Maintaining Information Security Policies (Section 12) 5 Capstone Project: PCI-DSS Compliance
Project Consistency  Broad explanation of the twelve requirements  Preventative measures against the common challenges organizations are against when trying to become compliant  Once compliance is acquired delivering the processes and procedures to maintain approval status  Understanding the legal implications and affects on operations regarding PCI compliance 6 Capstone Project: PCI-DSS Compliance
Strategies Used  Analyzed the twelve requirements to determine how to segment similar functions  Wanted to create a phased approach to anyone not familiar with auditing creating a sequential process to follow  Aimed at removing of the complexity with common industry lingo to verbiage that is easier to understand by less technical personnel  Created a system that can be repeated along with being adjusted to meet the needs of the organization 7 Capstone Project: PCI-DSS Compliance
Success in Achieving Project Milestones  Designed a strategy for simple integration by less technical personnel along with those with no prior experience with PCI compliance  Able to create a process that groups similar functions and provides to consist flow of progress  Created a process that integrated a verification phase which integrates a systems of checks to ensure all requirements for auditing are complete  Produced additional information for technology implementation which will give an organization a simple explanation for technical setting and configurations 8 Capstone Project: PCI-DSS Compliance
PCI Compliance Phase Approach: The five phases of the project consist of the following: Phase-1 (4-6 weeks)Initiation Phase-2 (8-12 weeks)Implementation Phase-3 (2-3 weeks) Verification Phase-4 (4-6 weeks)Auditing Phase-5 (Remaining Calendar Year) Monitoring and Maintenance 9 Capstone Project: PCI-DSS Compliance
Obstacles Encountered  Minor challenges encountered with ensuring the separate modules can be understood by less technical personnel  Additional time used to ensure the material presented has a consistence flow and not create confusion during implementation  Conducting additional research on a few items to ensure my interpretation of compliance requirements were accurate  Deciphering information presented on the Internet. Some items had personal preference or variance in regards to the actual requirements which could mislead the average person 10 Capstone Project: PCI-DSS Compliance
Topic Learned During Research  A better understanding of the twelve requirements of PCI DSS  Increased knowledge of computer and auditing requirement portions of compliance  Different perspectives from novices to subject matter experts on PCI compliance  Application of laws and legal repercussions in regards to compliance 11 Capstone Project: PCI-DSS Compliance
Topic Learned During Research (cont.)  Public reaction to credit card breaches  New technologies and processes used to counter current threats  Penetration testing procedures for auditing due to changes in version 3.0 requirements  Increased security awareness prior to implementation new networks and systems  Better understanding of PCI compliance as a whole 12 Capstone Project: PCI-DSS Compliance
Application To Professional Use  Able to better maintain PCI compliance with a deeper understanding of the requirements  Help create a market wide program to manage requirements  Increased knowledge of best practices in regards to general infrastructure security  The ability to take large amounts of information (such as PCI or other regulatory requirements) and create a more modular and manageable system of implementation 13 Capstone Project: PCI-DSS Compliance
Thank You for your time 14 Capstone Project: PCI-DSS Compliance

Empfohlen

Leading Enterprise Wide Projects
Leading Enterprise Wide ProjectsLeading Enterprise Wide Projects
Leading Enterprise Wide ProjectsKaali Dass PMP, PhD.
 
CMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessmentCMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessmentInfosec
 
File1
File1File1
File1ivanmagalhaes__
 
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Peter1020
 
Sivasankaran_9yrs_Information_security V1
Sivasankaran_9yrs_Information_security V1Sivasankaran_9yrs_Information_security V1
Sivasankaran_9yrs_Information_security V1Sivasankaran Krishnan
 
Security services mind map
Security services mind mapSecurity services mind map
Security services mind mapDavid Kennedy
 
Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture, Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture, MITDaveMillaar
 
How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditSecurityMetrics
 

Empfohlen

Leading Enterprise Wide Projects
Leading Enterprise Wide ProjectsLeading Enterprise Wide Projects
Leading Enterprise Wide ProjectsKaali Dass PMP, PhD.
 
CMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessmentCMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessmentInfosec
 
File1
File1File1
File1ivanmagalhaes__
 
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Peter1020
 
Sivasankaran_9yrs_Information_security V1
Sivasankaran_9yrs_Information_security V1Sivasankaran_9yrs_Information_security V1
Sivasankaran_9yrs_Information_security V1Sivasankaran Krishnan
 
Security services mind map
Security services mind mapSecurity services mind map
Security services mind mapDavid Kennedy
 
Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture, Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture, MITDaveMillaar
 
How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditSecurityMetrics
 
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
How to Close the SecOps Gap
How to Close the SecOps GapHow to Close the SecOps Gap
How to Close the SecOps GapBMC Software
 
Active Network Monitoring brings Peace of Mind
Active Network Monitoring brings Peace of MindActive Network Monitoring brings Peace of Mind
Active Network Monitoring brings Peace of MindThe Lorenzi Group
 
Securing the Supply Chain
Securing the Supply ChainSecuring the Supply Chain
Securing the Supply ChainIgnyte Assurance Platform
 
Bengt Berg, Cybercom Security, Polen
Bengt Berg, Cybercom Security, PolenBengt Berg, Cybercom Security, Polen
Bengt Berg, Cybercom Security, PolenCybercom Group
 
Key New Requirements Added to PCI DSS 3.0
Key New Requirements Added to PCI DSS 3.0Key New Requirements Added to PCI DSS 3.0
Key New Requirements Added to PCI DSS 3.0Brown Smith Wallace
 
Cyber Risk in e-Discovery: What You Need to Know
Cyber Risk in e-Discovery: What You Need to KnowCyber Risk in e-Discovery: What You Need to Know
Cyber Risk in e-Discovery: What You Need to KnowkCura_Relativity
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention Manish Dixit Ceh
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECKimberly Simon MBA
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfawish11
 
Cybersecurity Compliance in Government Contracts
Cybersecurity Compliance in Government ContractsCybersecurity Compliance in Government Contracts
Cybersecurity Compliance in Government ContractsRobert E Jones
 
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesPCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesHyTrust
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Needsimplyme12345
 
PCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application SecurityPCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application SecurityCitrix
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONhimalya sharma
 
Soc
SocSoc
SocMukesh Chaudhari
 
CV_Rohit Garg
CV_Rohit GargCV_Rohit Garg
CV_Rohit Gargrohit garg
 
BSIMM-V: The Building Security In Maturity Model
BSIMM-V: The Building Security In Maturity ModelBSIMM-V: The Building Security In Maturity Model
BSIMM-V: The Building Security In Maturity ModelCigital
 
The Future of Technology Operations
The Future of Technology OperationsThe Future of Technology Operations
The Future of Technology OperationsIvanti
 
Software Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecuritySoftware Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecurityThomas Malmberg
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsJason Dover
 
Integrated Compliance
Integrated ComplianceIntegrated Compliance
Integrated ComplianceKimberly Simon MBA
 

Weitere ähnliche Inhalte

Was ist angesagt?

How to Close the SecOps Gap
How to Close the SecOps GapHow to Close the SecOps Gap
How to Close the SecOps GapBMC Software
 
Active Network Monitoring brings Peace of Mind
Active Network Monitoring brings Peace of MindActive Network Monitoring brings Peace of Mind
Active Network Monitoring brings Peace of MindThe Lorenzi Group
 
Bengt Berg, Cybercom Security, Polen
Bengt Berg, Cybercom Security, PolenBengt Berg, Cybercom Security, Polen
Bengt Berg, Cybercom Security, PolenCybercom Group
 
Key New Requirements Added to PCI DSS 3.0
Key New Requirements Added to PCI DSS 3.0Key New Requirements Added to PCI DSS 3.0
Key New Requirements Added to PCI DSS 3.0Brown Smith Wallace
 
Cyber Risk in e-Discovery: What You Need to Know
Cyber Risk in e-Discovery: What You Need to KnowCyber Risk in e-Discovery: What You Need to Know
Cyber Risk in e-Discovery: What You Need to KnowkCura_Relativity
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention Manish Dixit Ceh
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECKimberly Simon MBA
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfawish11
 
Cybersecurity Compliance in Government Contracts
Cybersecurity Compliance in Government ContractsCybersecurity Compliance in Government Contracts
Cybersecurity Compliance in Government ContractsRobert E Jones
 
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesPCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesHyTrust
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Needsimplyme12345
 
PCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application SecurityPCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application SecurityCitrix
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONhimalya sharma
 
BSIMM-V: The Building Security In Maturity Model
BSIMM-V: The Building Security In Maturity ModelBSIMM-V: The Building Security In Maturity Model
BSIMM-V: The Building Security In Maturity ModelCigital
 
The Future of Technology Operations
The Future of Technology OperationsThe Future of Technology Operations
The Future of Technology OperationsIvanti
 
Software Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecuritySoftware Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecurityThomas Malmberg
 

Was ist angesagt? (20)

Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
 
How to Close the SecOps Gap
How to Close the SecOps GapHow to Close the SecOps Gap
How to Close the SecOps Gap
 
Active Network Monitoring brings Peace of Mind
Active Network Monitoring brings Peace of MindActive Network Monitoring brings Peace of Mind
Active Network Monitoring brings Peace of Mind
 
Securing the Supply Chain
Securing the Supply ChainSecuring the Supply Chain
Securing the Supply Chain
 
Bengt Berg, Cybercom Security, Polen
Bengt Berg, Cybercom Security, PolenBengt Berg, Cybercom Security, Polen
Bengt Berg, Cybercom Security, Polen
 
Key New Requirements Added to PCI DSS 3.0
Key New Requirements Added to PCI DSS 3.0Key New Requirements Added to PCI DSS 3.0
Key New Requirements Added to PCI DSS 3.0
 
Cyber Risk in e-Discovery: What You Need to Know
Cyber Risk in e-Discovery: What You Need to KnowCyber Risk in e-Discovery: What You Need to Know
Cyber Risk in e-Discovery: What You Need to Know
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
 
Cybersecurity Compliance in Government Contracts
Cybersecurity Compliance in Government ContractsCybersecurity Compliance in Government Contracts
Cybersecurity Compliance in Government Contracts
 
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesPCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Need
 
PCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application SecurityPCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application Security
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
 
Soc
SocSoc
Soc
 
CV_Rohit Garg
CV_Rohit GargCV_Rohit Garg
CV_Rohit Garg
 
BSIMM-V: The Building Security In Maturity Model
BSIMM-V: The Building Security In Maturity ModelBSIMM-V: The Building Security In Maturity Model
BSIMM-V: The Building Security In Maturity Model
 
The Future of Technology Operations
The Future of Technology OperationsThe Future of Technology Operations
The Future of Technology Operations
 
Software Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecuritySoftware Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring Security
 

Andere mochten auch

Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsJason Dover
 
Devops mycode devoxx-france-2015-v2
Devops mycode devoxx-france-2015-v2Devops mycode devoxx-france-2015-v2
Devops mycode devoxx-france-2015-v2waizou
 
Writing Secure Code – Threat Defense
Writing Secure Code – Threat DefenseWriting Secure Code – Threat Defense
Writing Secure Code – Threat Defenseamiable_indian
 
Monitoring threats for pci compliance
Monitoring threats for pci complianceMonitoring threats for pci compliance
Monitoring threats for pci complianceShiva Hullavarad
 
An Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsAn Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsHelpSystems
 
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Schellman & Company
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...Ulf Mattsson
 
Determining Scope for PCI DSS Compliance
Determining Scope for PCI DSS ComplianceDetermining Scope for PCI DSS Compliance
Determining Scope for PCI DSS ComplianceSchellman & Company
 
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...Amazon Web Services
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperShaun O'keeffe
 
Top PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveTop PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveAlgoSec
 
Audit technique de code
Audit technique de codeAudit technique de code
Audit technique de codeMehdi TAZI
 
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...Amazon Web Services
 
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...Amazon Web Services
 
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceAlgoSec
 
CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017Joseph John
 

Andere mochten auch (20)

Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant Environments
 
Integrated Compliance
Integrated ComplianceIntegrated Compliance
Integrated Compliance
 
Devops mycode devoxx-france-2015-v2
Devops mycode devoxx-france-2015-v2Devops mycode devoxx-france-2015-v2
Devops mycode devoxx-france-2015-v2
 
Writing Secure Code – Threat Defense
Writing Secure Code – Threat DefenseWriting Secure Code – Threat Defense
Writing Secure Code – Threat Defense
 
Monitoring threats for pci compliance
Monitoring threats for pci complianceMonitoring threats for pci compliance
Monitoring threats for pci compliance
 
PCI-DSS_Overview
PCI-DSS_OverviewPCI-DSS_Overview
PCI-DSS_Overview
 
An Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsAn Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power Systems
 
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...
 
Determining Scope for PCI DSS Compliance
Determining Scope for PCI DSS ComplianceDetermining Scope for PCI DSS Compliance
Determining Scope for PCI DSS Compliance
 
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - Whitepaper
 
Top PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveTop PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
 
PCI Compliance NOT for Dummies epb 30MAR2016
PCI Compliance NOT for Dummies epb 30MAR2016PCI Compliance NOT for Dummies epb 30MAR2016
PCI Compliance NOT for Dummies epb 30MAR2016
 
Audit technique de code
Audit technique de codeAudit technique de code
Audit technique de code
 
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
 
PCI DSS 3.2
PCI DSS 3.2PCI DSS 3.2
PCI DSS 3.2
 
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
 
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
 
CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017
 

Ähnlich wie Presentation_Borne

CompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new examCompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new examInfosec
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONhimalya sharma
 
The emerging pci dss and nist standards
The emerging pci dss and nist standardsThe emerging pci dss and nist standards
The emerging pci dss and nist standardsUlf Mattsson
 
PCI DSS Business as Usual
PCI DSS Business as UsualPCI DSS Business as Usual
PCI DSS Business as UsualControlCase
 
Verderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCIVerderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCIBen Rothke
 
SFISSA - PCI DSS 3.0 - A QSA Perspective
SFISSA - PCI DSS 3.0 - A QSA PerspectiveSFISSA - PCI DSS 3.0 - A QSA Perspective
SFISSA - PCI DSS 3.0 - A QSA PerspectiveMark Akins
 
PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfControlCase
 
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and RoutersEnsuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and RoutersAlgoSec
 
MISTI Infosec 2010- SIEM Implementation
MISTI Infosec 2010- SIEM ImplementationMISTI Infosec 2010- SIEM Implementation
MISTI Infosec 2010- SIEM ImplementationMichael Nickle
 
PCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxPCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxControlCase
 
Time to re think our security process
Time to re think our security processTime to re think our security process
Time to re think our security processUlf Mattsson
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation servicesTariq Juneja
 
PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?Lumension
 
Didiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - EnglishDidiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - EnglishDidiet Kusumadihardja
 
Making Compliance Business as Usual
Making Compliance Business as UsualMaking Compliance Business as Usual
Making Compliance Business as UsualControlCase
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualKimberly Simon MBA
 
OmniNet MDS HIPPA Compliance Info
OmniNet MDS HIPPA Compliance InfoOmniNet MDS HIPPA Compliance Info
OmniNet MDS HIPPA Compliance InfoJonathan Eubanks
 
PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)ControlCase
 
PTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAPTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAGeorge Delikouras
 

Ähnlich wie Presentation_Borne (20)

CompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new examCompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new exam
 
Looking Forward to PCI DSS v4.0
Looking Forward to PCI DSS v4.0Looking Forward to PCI DSS v4.0
Looking Forward to PCI DSS v4.0
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
 
The emerging pci dss and nist standards
The emerging pci dss and nist standardsThe emerging pci dss and nist standards
The emerging pci dss and nist standards
 
PCI DSS Business as Usual
PCI DSS Business as UsualPCI DSS Business as Usual
PCI DSS Business as Usual
 
Verderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCIVerderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCI
 
SFISSA - PCI DSS 3.0 - A QSA Perspective
SFISSA - PCI DSS 3.0 - A QSA PerspectiveSFISSA - PCI DSS 3.0 - A QSA Perspective
SFISSA - PCI DSS 3.0 - A QSA Perspective
 
PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdf
 
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and RoutersEnsuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
 
MISTI Infosec 2010- SIEM Implementation
MISTI Infosec 2010- SIEM ImplementationMISTI Infosec 2010- SIEM Implementation
MISTI Infosec 2010- SIEM Implementation
 
PCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxPCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptx
 
Time to re think our security process
Time to re think our security processTime to re think our security process
Time to re think our security process
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation services
 
PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?
 
Didiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - EnglishDidiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - English
 
Making Compliance Business as Usual
Making Compliance Business as UsualMaking Compliance Business as Usual
Making Compliance Business as Usual
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as Usual
 
OmniNet MDS HIPPA Compliance Info
OmniNet MDS HIPPA Compliance InfoOmniNet MDS HIPPA Compliance Info
OmniNet MDS HIPPA Compliance Info
 
PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)
 
PTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAPTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIA
 

Presentation_Borne

  • 1. Capstone Project: PCI-DSS Compliance Integration Presenter: Phillip Neil Borne
  • 2. Introduction  Currently the South Texas Engineering Manager responsible for all IT network and engineering infrastructure in the South Texas segment. Responsibilities include all networking hardware at 100 sites and managing five network engineers  Spent the last 17 years of my career implementing technologies ranging from satellite, microwave, Wi-Fi, telephony and large IP networks  Held a wide range of certifications from CCENT, CCNA, CCNP, CCDA, CWNA, Six Sigma, FCC License, CEH, CHFI and MBA-Technology Management  Constantly increasing my knowledge of security in my spare time by researching the latest information along with preparation for CISSP and other future certifications 2 Capstone Project: PCI-DSS Compliance
  • 3. Why Choose PCI Integration?  Been working with PCI compliance for a few years and always wanted to deeper understanding of the requirements  Since nearly all organizations process credit cards as part of their business operations I determined it was best to fully understand the requirements for future career use  Interest in PCI-DSS not only covers the requirements for compliance but also the standard best practices of standards such as NIST  With a significant increase in credit card compromises I wanted to study how past incidents occurred and prepare better defensive models 3 Capstone Project: PCI-DSS Compliance
  • 4. Overview of Problem  Many companies are required to become PCI compliant due to credit card processing but do not have the experience or knowledge  Failure to become PCI compliant affects not only operations but also legal and financials by risk of legal litigation and fines  Typical technology staff doesn’t posses the experience or knowledge to implement PCI requirements  Business priorities are placed ahead of implementing information security  Average business doesn’t understand the importance of Information Security 4 Capstone Project: PCI-DSS Compliance
  • 5. Overview of Problem (cont.)  PCI-DSS covers a wide range of topics which the average technical staff may not be able to fully cover: 1) Building and Maintaining Secure Networks and Systems (Section 1-2) 2) Protecting Cardholder Data (Section 3-4) 3) Maintaining a Vulnerability Management Program( Section 5-6) 4) Implementing Strong Access Control Measures(Section 7-9) 5) Regular Monitoring and Testing of Networks (Section 10-11) 6) Maintaining Information Security Policies (Section 12) 5 Capstone Project: PCI-DSS Compliance
  • 6. Project Consistency  Broad explanation of the twelve requirements  Preventative measures against the common challenges organizations are against when trying to become compliant  Once compliance is acquired delivering the processes and procedures to maintain approval status  Understanding the legal implications and affects on operations regarding PCI compliance 6 Capstone Project: PCI-DSS Compliance
  • 7. Strategies Used  Analyzed the twelve requirements to determine how to segment similar functions  Wanted to create a phased approach to anyone not familiar with auditing creating a sequential process to follow  Aimed at removing of the complexity with common industry lingo to verbiage that is easier to understand by less technical personnel  Created a system that can be repeated along with being adjusted to meet the needs of the organization 7 Capstone Project: PCI-DSS Compliance
  • 8. Success in Achieving Project Milestones  Designed a strategy for simple integration by less technical personnel along with those with no prior experience with PCI compliance  Able to create a process that groups similar functions and provides to consist flow of progress  Created a process that integrated a verification phase which integrates a systems of checks to ensure all requirements for auditing are complete  Produced additional information for technology implementation which will give an organization a simple explanation for technical setting and configurations 8 Capstone Project: PCI-DSS Compliance
  • 9. PCI Compliance Phase Approach: The five phases of the project consist of the following: Phase-1 (4-6 weeks)Initiation Phase-2 (8-12 weeks)Implementation Phase-3 (2-3 weeks) Verification Phase-4 (4-6 weeks)Auditing Phase-5 (Remaining Calendar Year) Monitoring and Maintenance 9 Capstone Project: PCI-DSS Compliance
  • 10. Obstacles Encountered  Minor challenges encountered with ensuring the separate modules can be understood by less technical personnel  Additional time used to ensure the material presented has a consistence flow and not create confusion during implementation  Conducting additional research on a few items to ensure my interpretation of compliance requirements were accurate  Deciphering information presented on the Internet. Some items had personal preference or variance in regards to the actual requirements which could mislead the average person 10 Capstone Project: PCI-DSS Compliance
  • 11. Topic Learned During Research  A better understanding of the twelve requirements of PCI DSS  Increased knowledge of computer and auditing requirement portions of compliance  Different perspectives from novices to subject matter experts on PCI compliance  Application of laws and legal repercussions in regards to compliance 11 Capstone Project: PCI-DSS Compliance
  • 12. Topic Learned During Research (cont.)  Public reaction to credit card breaches  New technologies and processes used to counter current threats  Penetration testing procedures for auditing due to changes in version 3.0 requirements  Increased security awareness prior to implementation new networks and systems  Better understanding of PCI compliance as a whole 12 Capstone Project: PCI-DSS Compliance
  • 13. Application To Professional Use  Able to better maintain PCI compliance with a deeper understanding of the requirements  Help create a market wide program to manage requirements  Increased knowledge of best practices in regards to general infrastructure security  The ability to take large amounts of information (such as PCI or other regulatory requirements) and create a more modular and manageable system of implementation 13 Capstone Project: PCI-DSS Compliance
  • 14. Thank You for your time 14 Capstone Project: PCI-DSS Compliance

Hinweis der Redaktion

  1. Provide brief description of past experiences especially in security (maintain credit union network, securing TWC infrastructure)
  2. Explain the reason for selecting PCI Compliance as topic of research: Interest in the type of compliance standard Common efforts due to most companies process credit cards for business operations PCI covers a wide range of security topics from controls to technical security enhancements Due to a significant increase in credit card theft and other related security issues
  3. Explain overview of current problem: Problems with organization new to compliance standards Risk of legal liability due to not being compliant Certain types of organizations unable to become compliant due to knowledge or experience Business priorities sometime cause security efforts to be overlooked Businesses fail to see the need to increase security posture based on cost and resources
  4. Brief explanation of PCI requirements
  5. Discuss project consistency: Broader explanation of compliance requirements Prevention measure based on personal experiences Efforts to continue maintenance and monitoring task once compliance audit is complete Understanding of legal liabilities and affects on organization for not being able to process credit cards
  6. Strategies Utilized: 1) Analyze the twelve requirements to formulate a strategy 2) Wanted to create a systematic flow of tasks to lead up to the audit completion 3) Goal was to reduce the complexity of compliance requirements to be understood by less technical or non-technical personnel 4) Create a system that can be used for other similar compliance standards with modifications
  7. Project Milestones: Strategy designed for simple integration Created modular approach to completing a mass amount of task Implemented a verification phase which is used to check all work performed prior to auditing Creation of a document listing the technical settings and configuration
  8. Provide brief explanation of all phases of implementation
  9. Discussed obstacles encountered: Minor challenge with breaking down requirements into different phases Additional time to ensure organization had consistent flow of information Further research to ensure correct interpretation of information Deciphering Internet information to ensure correct information is being used for research
  10. Discussion on topics learned: A better understanding of certain requirements which I had no prior experience Increased knowledge about auditing process Noticed a wide range of perspectives regarding PCI compliance Clearer understanding of legal liability due to being non-compliant
  11. Additional topics learned: Public reaction to credit card breaches New methods of threat prevention Understanding of new penetration testing processes Increases security awareness Better understanding of PCI compliance as a whole
  12. Professional applications: Better understanding of PCI requirements Assist with market wide initiatives regarding compliance Increased knowledge of best practices Able to create a simple strategy from large amounts of information