SlideShare ist ein Scribd-Unternehmen logo

How to do pci compliance in google apps

SysCloud
SysCloud

Learn how Compliance to PCI can be achieved in Google Apps

Technologie
1 von 10
Downloaden Sie, um offline zu lesen
How Compliance to PCI Can Be Achieved in Google Apps
What is PCI compliance? Critical requirements of PCI compliance Problems that companies experience in PCI compliance Introduction to Google Apps Requirements that organizations fail to meet and how Google Apps can help
What is PCI compliance? Terms Payment Card Industry = PCI (Visa, Mastercard, Discover, etc.) Data security standard = DSS Compliance adherence to the PCI DSS, which is created and revised by the PCI Data Security Council. The Data Security Council was created by the PCI but acts independently of the member companies. Adherence is monitored by Qualified Security Assessors for larger payment card processing companies.
SIX control objectives 12 requirements that fulfill control objectives1. Build and maintain a secure network 2. Protect cardholder data 3. Maintain a vulnerability management program 4. Implement strong access control measures 5. Regularly monitor and test networks 6. Maintain an information security policy Restrict access to cardholder data on a business need to know basis. Critical requirements of PCI compliance EXAMPLE:
Introduction to Google Apps CLOUD COMPUTING TOOL SUITE Increases productivity Aids document creation and management More collaboration Improved communication and conferencing Apps include GMAIL GOOGLE DRIVE GOOGLE DOCS GOOGLE CALENDAR GOOGLE HANGOUTS
Requirements that organizations fail to meet and how Google Apps can help Google Apps was not specifically designed to handle credit card transactions, but built-in features of Google Apps can be used to make compliance easier for sensitive data stored or transmitted by a company. HERE ARE THREE IMPORTANT AREAS . . .
STORAGE Google Drive data needs careful management Data is not automatically purged Third party software can enable automated management Google Vault enables controls over access and retention of emails and stored chats. TRANSMISSION Google Admin allows control over sending of credit card data and can prevent sending of sensitive data and attachments Protect cardholder data Data need protection during both storage and transmission. #1
Implement strong access control measures Admin can define access to specific users and groups on an app or file basis. STANDARD PRACTICE REQUIRES Limiting access to business need only Cutting off access immediately for terminated employees Ensuring sufficient complexity of passwords Ensuring employee awareness of requirements #2
Track and Monitor Access to Cardholder Data Admin audit console log allows monitoring of all admin actions by company. Regular scans of all data within Google Apps for sensitive data (e.g., credit card numbers). Review of transmission of sensitive data within the network to identify security lapses or risks. #3
thank you

Empfohlen

Top 5 Ways How Accounting Firms Can Protect Their Client Data
Top 5 Ways How Accounting Firms Can Protect Their Client Data Top 5 Ways How Accounting Firms Can Protect Their Client Data
Top 5 Ways How Accounting Firms Can Protect Their Client Data
Avni Rajput
 
PCI Compliance Overview
PCI Compliance OverviewPCI Compliance Overview
PCI Compliance Overview
LawPay
 
Drivelock modern approach of it security & amp; encryption solution -whitep...
Drivelock modern approach of it security & amp; encryption solution -whitep...Drivelock modern approach of it security & amp; encryption solution -whitep...
Drivelock modern approach of it security & amp; encryption solution -whitep...
Arbp Worldwide
 
18 Tips for Data Classification - Data Sheet by Secure Islands
18 Tips for Data Classification - Data Sheet by Secure Islands18 Tips for Data Classification - Data Sheet by Secure Islands
18 Tips for Data Classification - Data Sheet by Secure Islands
Secure Islands - Data Security Policy
 
What Data Center Compliance Means for Your Business
What Data Center Compliance Means for Your BusinessWhat Data Center Compliance Means for Your Business
What Data Center Compliance Means for Your Business
Data Foundry
 
IT Compliance and Security Solutions
IT Compliance and Security SolutionsIT Compliance and Security Solutions
IT Compliance and Security Solutions
Aegify Inc.
 
Flash Friday: Data Quality & GDPR
Flash Friday: Data Quality & GDPRFlash Friday: Data Quality & GDPR
Flash Friday: Data Quality & GDPR
Precisely
 
Sensitive data
Sensitive dataSensitive data
Sensitive data
S.M. Towhidul Islam
 

Empfohlen

Top 5 Ways How Accounting Firms Can Protect Their Client Data
Top 5 Ways How Accounting Firms Can Protect Their Client Data Top 5 Ways How Accounting Firms Can Protect Their Client Data
Top 5 Ways How Accounting Firms Can Protect Their Client Data
Avni Rajput
 
PCI Compliance Overview
PCI Compliance OverviewPCI Compliance Overview
PCI Compliance Overview
LawPay
 
Drivelock modern approach of it security & amp; encryption solution -whitep...
Drivelock modern approach of it security & amp; encryption solution -whitep...Drivelock modern approach of it security & amp; encryption solution -whitep...
Drivelock modern approach of it security & amp; encryption solution -whitep...
Arbp Worldwide
 
18 Tips for Data Classification - Data Sheet by Secure Islands
18 Tips for Data Classification - Data Sheet by Secure Islands18 Tips for Data Classification - Data Sheet by Secure Islands
18 Tips for Data Classification - Data Sheet by Secure Islands
Secure Islands - Data Security Policy
 
What Data Center Compliance Means for Your Business
What Data Center Compliance Means for Your BusinessWhat Data Center Compliance Means for Your Business
What Data Center Compliance Means for Your Business
Data Foundry
 
IT Compliance and Security Solutions
IT Compliance and Security SolutionsIT Compliance and Security Solutions
IT Compliance and Security Solutions
Aegify Inc.
 
Flash Friday: Data Quality & GDPR
Flash Friday: Data Quality & GDPRFlash Friday: Data Quality & GDPR
Flash Friday: Data Quality & GDPR
Precisely
 
Sensitive data
Sensitive dataSensitive data
Sensitive data
S.M. Towhidul Islam
 
Identity Management as a Compliance Booster
Identity Management as a Compliance BoosterIdentity Management as a Compliance Booster
Identity Management as a Compliance Booster
Maëlle Piquée
 
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration Testing
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration TestingProtect Cardholder Data and Maintain PCI Compliance with PCI Penetration Testing
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration Testing
TraceSecurity
 
EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)
Kimberly Simon MBA
 
Information security group presentation ppt
Information security group presentation pptInformation security group presentation ppt
Information security group presentation ppt
vaishalshah01
 
The Trick to Passing Your Next Compliance Audit
The Trick to Passing Your Next Compliance AuditThe Trick to Passing Your Next Compliance Audit
The Trick to Passing Your Next Compliance Audit
SBWebinars
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
ControlCase
 
Classifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoftClassifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoft
David J Rosenthal
 
Digital defence ds-vciso-supplychain
Digital defence ds-vciso-supplychainDigital defence ds-vciso-supplychain
Digital defence ds-vciso-supplychain
Shawn Brown
 
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS Compliance
ControlCase
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
ControlCase
 
Integrated Compliance
Integrated ComplianceIntegrated Compliance
Integrated Compliance
Kimberly Simon MBA
 
Fisma compliance solutions @ cdg.io
Fisma compliance solutions @ cdg.ioFisma compliance solutions @ cdg.io
Fisma compliance solutions @ cdg.io
CyberGroup
 
Cyber Security Management | Cyber Security Consultant | JST Business Solution...
Cyber Security Management | Cyber Security Consultant | JST Business Solution...Cyber Security Management | Cyber Security Consultant | JST Business Solution...
Cyber Security Management | Cyber Security Consultant | JST Business Solution...
Sahabuddin Siddiqui
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1
ControlCase
 
task 1
task 1task 1
task 1
BIBEKCHAUDHARYBScHon
 
PCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application SecurityPCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application Security
Citrix
 
Information Security Management.Introduction
Information Security Management.IntroductionInformation Security Management.Introduction
Information Security Management.Introduction
yuliana_mar
 
Why should I do SOC2?
Why should I do SOC2?Why should I do SOC2?
Why should I do SOC2?
VISTA InfoSec
 
Data security
Data securityData security
Data security
Tapan Khilar
 
How to Ensure your Healthcare Organisation is IG compliant
How to Ensure your Healthcare Organisation is IG compliantHow to Ensure your Healthcare Organisation is IG compliant
How to Ensure your Healthcare Organisation is IG compliant
Proofreading4all
 
How to do pci compliance in google apps presentation
How to do pci compliance in google apps presentationHow to do pci compliance in google apps presentation
How to do pci compliance in google apps presentation
SysCloud
 
Hpe secure data-payments-pci-dss-control-applicability-assessment
Hpe secure data-payments-pci-dss-control-applicability-assessmentHpe secure data-payments-pci-dss-control-applicability-assessment
Hpe secure data-payments-pci-dss-control-applicability-assessment
at MicroFocus Italy ❖✔
 

Weitere ähnliche Inhalte

Was ist angesagt?

Classifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoftClassifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoft
David J Rosenthal
 
Why should I do SOC2?
Why should I do SOC2?Why should I do SOC2?
Why should I do SOC2?
VISTA InfoSec
 

Was ist angesagt? (20)

Identity Management as a Compliance Booster
Identity Management as a Compliance BoosterIdentity Management as a Compliance Booster
Identity Management as a Compliance Booster
 
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration Testing
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration TestingProtect Cardholder Data and Maintain PCI Compliance with PCI Penetration Testing
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration Testing
 
EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)
 
Information security group presentation ppt
Information security group presentation pptInformation security group presentation ppt
Information security group presentation ppt
 
The Trick to Passing Your Next Compliance Audit
The Trick to Passing Your Next Compliance AuditThe Trick to Passing Your Next Compliance Audit
The Trick to Passing Your Next Compliance Audit
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Classifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoftClassifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoft
 
Digital defence ds-vciso-supplychain
Digital defence ds-vciso-supplychainDigital defence ds-vciso-supplychain
Digital defence ds-vciso-supplychain
 
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS Compliance
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
Integrated Compliance
Integrated ComplianceIntegrated Compliance
Integrated Compliance
 
Fisma compliance solutions @ cdg.io
Fisma compliance solutions @ cdg.ioFisma compliance solutions @ cdg.io
Fisma compliance solutions @ cdg.io
 
Cyber Security Management | Cyber Security Consultant | JST Business Solution...
Cyber Security Management | Cyber Security Consultant | JST Business Solution...Cyber Security Management | Cyber Security Consultant | JST Business Solution...
Cyber Security Management | Cyber Security Consultant | JST Business Solution...
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1
 
task 1
task 1task 1
task 1
 
PCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application SecurityPCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application Security
 
Information Security Management.Introduction
Information Security Management.IntroductionInformation Security Management.Introduction
Information Security Management.Introduction
 
Why should I do SOC2?
Why should I do SOC2?Why should I do SOC2?
Why should I do SOC2?
 
Data security
Data securityData security
Data security
 
How to Ensure your Healthcare Organisation is IG compliant
How to Ensure your Healthcare Organisation is IG compliantHow to Ensure your Healthcare Organisation is IG compliant
How to Ensure your Healthcare Organisation is IG compliant
 

Andere mochten auch

Hpe secure data-payments-pci-dss-control-applicability-assessment
Hpe secure data-payments-pci-dss-control-applicability-assessmentHpe secure data-payments-pci-dss-control-applicability-assessment
Hpe secure data-payments-pci-dss-control-applicability-assessment
at MicroFocus Italy ❖✔
 
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
Gene Kim
 

Andere mochten auch (6)

How to do pci compliance in google apps presentation
How to do pci compliance in google apps presentationHow to do pci compliance in google apps presentation
How to do pci compliance in google apps presentation
 
Hpe secure data-payments-pci-dss-control-applicability-assessment
Hpe secure data-payments-pci-dss-control-applicability-assessmentHpe secure data-payments-pci-dss-control-applicability-assessment
Hpe secure data-payments-pci-dss-control-applicability-assessment
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
 
Computer illustrated guide to the pc hardware
Computer illustrated guide to the pc hardwareComputer illustrated guide to the pc hardware
Computer illustrated guide to the pc hardware
 
The 10 Best Copywriting Formulas for Social Media Headlines
The 10 Best Copywriting Formulas for Social Media HeadlinesThe 10 Best Copywriting Formulas for Social Media Headlines
The 10 Best Copywriting Formulas for Social Media Headlines
 

Ähnlich wie How to do pci compliance in google apps

Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Steven Meister
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
Priyanka Aash
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your Business
Laura Perry
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.ppt
webhostingguy
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.ppt
webhostingguy
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification Presentation
Derroylo
 

Ähnlich wie How to do pci compliance in google apps (20)

PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation services
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
 
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
 
Comprehensive Data Leak Prevention
Comprehensive Data Leak PreventionComprehensive Data Leak Prevention
Comprehensive Data Leak Prevention
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
 
PCI Compliance Report
PCI Compliance ReportPCI Compliance Report
PCI Compliance Report
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your Business
 
Unit 5 v2
Unit 5 v2Unit 5 v2
Unit 5 v2
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.ppt
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.ppt
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification Presentation
 
PCI Article C24
PCI Article C24PCI Article C24
PCI Article C24
 
GDPR Data Discovery and Management Brochure
GDPR Data Discovery and Management BrochureGDPR Data Discovery and Management Brochure
GDPR Data Discovery and Management Brochure
 
MSFT Cloud Architecture Information Protection
MSFT Cloud Architecture Information ProtectionMSFT Cloud Architecture Information Protection
MSFT Cloud Architecture Information Protection
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gap
 
Hexnode Identity and Access Management solution
Hexnode Identity and Access Management solutionHexnode Identity and Access Management solution
Hexnode Identity and Access Management solution
 
Term assignment
Term assignmentTerm assignment
Term assignment
 
Identity and access management
Identity and access managementIdentity and access management
Identity and access management
 
PCI Compliance White Paper
PCI Compliance White PaperPCI Compliance White Paper
PCI Compliance White Paper
 

Mehr von SysCloud

Mehr von SysCloud (10)

Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
 
SysCloud Overview
SysCloud Overview SysCloud Overview
SysCloud Overview
 
Risks of not complying with sox and pci compliance
Risks of not complying with sox and pci complianceRisks of not complying with sox and pci compliance
Risks of not complying with sox and pci compliance
 
Popular privacy & security laws you should know
Popular privacy & security laws you should knowPopular privacy & security laws you should know
Popular privacy & security laws you should know
 
Syscloud Release Notes - Q1, 2017
Syscloud Release Notes - Q1, 2017Syscloud Release Notes - Q1, 2017
Syscloud Release Notes - Q1, 2017
 
Risks of not complying with cipa & ferpa
Risks of not complying with cipa & ferpaRisks of not complying with cipa & ferpa
Risks of not complying with cipa & ferpa
 
SysCloud's June 2016 Release
SysCloud's June 2016 ReleaseSysCloud's June 2016 Release
SysCloud's June 2016 Release
 
Intro to sys cloud’s next generation security and compliance center
Intro to sys cloud’s next generation security and compliance centerIntro to sys cloud’s next generation security and compliance center
Intro to sys cloud’s next generation security and compliance center
 
Off-boarding a Google Apps users in 7 short steps
Off-boarding a Google Apps users in 7 short steps Off-boarding a Google Apps users in 7 short steps
Off-boarding a Google Apps users in 7 short steps
 
Top Threats Facing Organizations Cloud / SaaS Data
Top Threats Facing Organizations Cloud / SaaS DataTop Threats Facing Organizations Cloud / SaaS Data
Top Threats Facing Organizations Cloud / SaaS Data
 

Kürzlich hochgeladen

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Kürzlich hochgeladen (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 

How to do pci compliance in google apps

  • 1. How Compliance to PCI Can Be Achieved in Google Apps
  • 2. What is PCI compliance? Critical requirements of PCI compliance Problems that companies experience in PCI compliance Introduction to Google Apps Requirements that organizations fail to meet and how Google Apps can help
  • 3. What is PCI compliance? Terms Payment Card Industry = PCI (Visa, Mastercard, Discover, etc.) Data security standard = DSS Compliance adherence to the PCI DSS, which is created and revised by the PCI Data Security Council. The Data Security Council was created by the PCI but acts independently of the member companies. Adherence is monitored by Qualified Security Assessors for larger payment card processing companies.
  • 4. SIX control objectives 12 requirements that fulfill control objectives1. Build and maintain a secure network 2. Protect cardholder data 3. Maintain a vulnerability management program 4. Implement strong access control measures 5. Regularly monitor and test networks 6. Maintain an information security policy Restrict access to cardholder data on a business need to know basis. Critical requirements of PCI compliance EXAMPLE:
  • 5. Introduction to Google Apps CLOUD COMPUTING TOOL SUITE Increases productivity Aids document creation and management More collaboration Improved communication and conferencing Apps include GMAIL GOOGLE DRIVE GOOGLE DOCS GOOGLE CALENDAR GOOGLE HANGOUTS
  • 6. Requirements that organizations fail to meet and how Google Apps can help Google Apps was not specifically designed to handle credit card transactions, but built-in features of Google Apps can be used to make compliance easier for sensitive data stored or transmitted by a company. HERE ARE THREE IMPORTANT AREAS . . .
  • 7. STORAGE Google Drive data needs careful management Data is not automatically purged Third party software can enable automated management Google Vault enables controls over access and retention of emails and stored chats. TRANSMISSION Google Admin allows control over sending of credit card data and can prevent sending of sensitive data and attachments Protect cardholder data Data need protection during both storage and transmission. #1
  • 8. Implement strong access control measures Admin can define access to specific users and groups on an app or file basis. STANDARD PRACTICE REQUIRES Limiting access to business need only Cutting off access immediately for terminated employees Ensuring sufficient complexity of passwords Ensuring employee awareness of requirements #2
  • 9. Track and Monitor Access to Cardholder Data Admin audit console log allows monitoring of all admin actions by company. Regular scans of all data within Google Apps for sensitive data (e.g., credit card numbers). Review of transmission of sensitive data within the network to identify security lapses or risks. #3