SlideShare a Scribd company logo

PCI DSS Business as Usual

Download as PPTX, PDF
ControlCase
ControlCase

ControlCase covers the following: •About PCI DSS •PCI Business as Usual by requirement number •Implementation tips •ControlCase solution

Technology
1 of 33
© 2019 ControlCase All Rights Reserved PCI DSS Business as Usual Webinar Your IT Compliance Partner – Go Beyond the Checklist
© 2019 ControlCase All Rights Reserved Our Agenda 2 4 2 3 Your IT Compliance Partner – Go beyond the checklist ControlCase Introduction About PCI DSS PCI DSS Business as Usual by Requirement Number Key Implementation Tips ControlCase Solution5 1
© 2019 ControlCase All Rights Reserved ControlCase Introduction1
© 2019 ControlCase All Rights Reserved ControlCase Snapshot 4 Certification and ContinuousCompliance Services Go beyond the auditor’s checklist to: Dramatically cut the time, cost and burden from becoming certified and maintaining IT compliance • Demonstrate compliance more efficiently and cost effectively (cost certainty) • Improve efficiencies • Do more with less resources and gain compliance peace of mind • Free up your internal resources to focus on their priorities • Offload much of the compliance burden to a trusted compliance partner 1000+ Clients 275+ Security Experts 10,000+ IT Security Certifications
© 2019 ControlCase All Rights Reserved Solution - Certification and Continuous Compliance Services 5 “I’ve worked on both sides of auditing. I have not seen any other firm deliver the same product and service with the same value. No other firm provides that continuous improvement and the level of detail and responsiveness.” Security and Compliance Manager, Data Center
© 2019 ControlCase All Rights Reserved Certification Services 6 OneAudit – Collect Once, Certify Many PCI DSS ISO 27001 & 27002 SOC 1, SOC 2, SOC 3, & SOC for Cybersecurity HITRUST CSF HIPAA PCI P2PE GDPR NIST 800-53 PCI PIN PCI PA-DSS FedRAMP PCI 3DS “You have 27 seconds to make a first impression. And after our initial meeting, it became clear that they were more interested in helping our business and building a relationship, not just getting the business.” Sr. Director, Information Risk & Compliance, Large Merchant
© 2019 ControlCase All Rights Reserved About PCI DSS2
© 2019 ControlCase All Rights Reserved What is PCI DSS 8 8 Payment Card Industry Data Security Standard: • Guidelines for securely processing, storing, or transmitting payment card account data • Established by leading payment card brands • Maintained by the PCI Security Standards Council (PCI SSC)
© 2019 ControlCase All Rights Reserved PCI DSS Requirements 9 Control Objectives Requirements Build and maintain a secure network 1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect cardholder data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks Maintain a vulnerability management program 5. Use and regularly update anti-virus software on all systems commonly affected by malware 6. Develop and maintain secure systems and applications Implement strong access control measures 7. Restrict access to cardholder data by business need-to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data Regularly monitor and test networks 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes Maintain an information security policy 12. Maintain a policy that addresses information security
© 2019 ControlCase All Rights Reserved PCI DSS Business as Usual by Requirement Number3
© 2019 ControlCase All Rights Reserved PCI Council Guidance on BAU 11 Monitoring of security controls • Firewalls • IDS/IPS • File Integrity Monitoring (FIM) • Anti Virus Ensuring failures in security controls are detected and responded • Restoring the security control • Identifying the root cause • Identifying any security issues because of the failure • Mitigation • Resume monitoring of security control • Segregation of duties between detective and preventive controls
© 2019 ControlCase All Rights Reserved PCI Council Guidance on BAU 12 Review changes to environment • Addition of new systems • Changes or organizational structure • Impact of change to PCI DSS scope • Requirement applicable to new scope • Implement any additional security controls because of change • New hardware and software (and older ones) continue to be supported and do not impact compliance Periodic reviews • Configuration • Physical security • Patches and Anti Virus • Audit logs • Access rights
© 2019 ControlCase All Rights Reserved Requirement 1: Firewalls 13 People - PCI project manager to escalate non-compliance - Segregation of duties between operations performing change and compliance personnel reviewing change Process - PCI impact analysis as part of firewall change management process Technology - Automated/Periodic ruleset reviews - Weekly port scans from CDE to Internet to verify no outbound connections
© 2019 ControlCase All Rights Reserved Requirement 2: Configuration Scans 14 People - PCI project manager to escalate non-compliance Process - Periodic update to configuration standards - New infrastructure onboarding process to include PCI configuration standards check Technology - Automated/Periodic configuration scans - Reminders to update configuration standards quarterly - Technology to flag new assets that have not formally undergone PCI configuration standards check
© 2019 ControlCase All Rights Reserved Requirement 3: Protect Stored Cardholder Data 15 People - PCI project manager to escalate non-compliance to highest levels within organization Process - Periodic false positive management - Search for cardholder data during roll out tests/quality assurance Technology - Automated/Periodic cardholder data scans - Alerts in case of new cardholder data found
© 2019 ControlCase All Rights Reserved Requirement 4: Protect Cardholder Data In Transmission 16 People - Training to ensure personnel do not email/chat clear text card data - Personnel allocated to review outbound data at random Process - Periodic review of modes of transmission i.e. wireless, chat, email etc. Technology - Automated technology to monitor transmission of card data through perimeter (e.g. email, chat monitoring)
© 2019 ControlCase All Rights Reserved Requirement 5: Antivirus and Malware 17 People - PCI project manager to escalate non-compliance Process - Process to ensure all assets are protected by antivirus - Process to implement antivirus and anti-malware on all new systems being deployed Technology - Technology to detect any systems that do not have anti virus/anti malware installed
© 2019 ControlCase All Rights Reserved Requirement 6: Secure Applications 18 People - Segregation of development and security duties - Periodic training of developers to security standards such as OWASP Process - Continuous scanning of applications - Scanning of applications as part of SDLC - Code review as part of SDLC - Review of QA/test cases on a periodic basis to ensure all of them have a security checkpoint and approval Technology - Application scanning software - Code review software - Identification of instances where changes have occurred to applications - Application firewalls
© 2019 ControlCase All Rights Reserved Requirement 7 & 8: Access Control and User IDs 19 People - Segregation of personnel provisioning IDs and review of user access Process - Periodic review of user access - Attestation of user access - Onboarding procedures - Termination procedures Technology - Role based access control - Single sign on - Use of LDAP/AD/TACACS for password management
© 2019 ControlCase All Rights Reserved Requirement 9: Physical Security 20 People - Designation of a person at every site as a site coordinator Process - Periodic walkthroughs and random audits of physical security - Weekly review of CCTV and badge logs - Periodic review of scope Technology - Alarms to report malfunction of devices such as cameras and badge access readers
© 2019 ControlCase All Rights Reserved Requirement 10: Logging and Monitoring 21 People - Personnel to actively monitor logs 24/7/365 Process - Periodic review of asset inventory - Periodic review of scope - Process to ensure logs from all assets are feeding the SIEM solution - Restoration of logs from 12 months back every week/month Technology - Security and Event Management (SIEM) - Technology to identify new assets not covered within SIEM
© 2019 ControlCase All Rights Reserved Requirement 11: Vulnerability Management 22 People - Segregation of personnel responsible for scanning vs remediation of anomalies - PCI project manager to escalate non-compliance Process - Ongoing review of target assets vs asset inventory for appropriateness/change - Periodic testing of IDS/IPS effectiveness through random penetration tests/vulnerability scans Technology - Automated scanning technology - Technology to manage false positives and compensating controls - Asset management repository - File Integrity Monitoring (FIM) technology
© 2019 ControlCase All Rights Reserved Requirement 12: Policies and Procedures 23 People - Coordination between procurement and compliance personnel Process - PCI DSS requirements tied to procurement process - PCI anomalies to be tracked within vendor/third party management solution Technology - Vendor management/Third party management solution
© 2019 ControlCase All Rights Reserved Key Implementation Tips4
© 2019 ControlCase All Rights Reserved Key Quarterly Themes 25 Segregation of duties Technology operating effectively Automation Dedicated PCI project manager Repeatability Periodic Reviews
© 2019 ControlCase All Rights Reserved Calendar of Reminders Tracking Back to Controls 26
© 2019 ControlCase All Rights Reserved Dashboard for Tracking Activities 27
© 2019 ControlCase All Rights Reserved ControlCase Solution5
© 2019 ControlCase All Rights Reserved Predictive Continuous Compliance Services 29 70% Of company’s assets are non- compliant at some point in the year. • Address common non-compliant situations that leave you vulnerable all year long, including: • In-scope assets not reporting logs • In-scope assets missed from vulnerability scans • Critical, overlooked vulnerabilities due to volume • Risky firewall rule sets go undetected • Non-compliant user access scenarios not flagged • Go beyond monitoring and alerting to predict, prioritize and remediate compliance risks before they become security threats “The continuous compliance monitoring is a big value add to their audit and certification services, which is good for organizations that don’t have the team in-house. It’s a big differentiator for them.” VP of IT, Call Center/BPO Company Automation- DrivenSkyCAM Partnership Approach IT Certification Services Continuous Compliance Services
© 2019 ControlCase All Rights Reserved Predictive Continuous Compliance Services 30 Automation- DrivenSkyCAM Partnership Approach IT Certification Services Continuous Compliance Services What is Continuous Compliance  Quarterly review of 20-25 high impact/high risk questions  Technical review of vulnerability scans, log management, asset list and other available automated systems Benefits of Continuous Compliance  Eliminates the need for potential major last minute audit findings  Reduces effort for final audit by approximately 25%  Reduces the risk of technical shortcomings such as,  Quarterly scans missed certain assets  Logs from all assets not reporting Deliverable of Continuous Compliance
© 2019 ControlCase All Rights Reserved Automation-driven 31 SkyCAM IT Compliance Portal — Automation-driven certification and continuous compliance
© 2019 ControlCase All Rights Reserved Summary – Why ControlCase 32 “They provide excellent service, expertise and technology. And, the visibility into my compliance throughout the year and during the audit process provide a lot of value to us.” Dir. of Compliance, SaaS company Your IT Compliance Partner – Go beyond the auditor’s checklist
© 2019 ControlCase All Rights Reserved Email contact@controlcase.com Telephone Americas +1.703-483-6383 India: +91.22.50323006 Social Media Conection Suport www.facebook.com/user www.linkedin.com/user Visit our website www.controlcase.com THANK YOU FOR THE OPPORTUNITY TO CONTRIBUTE TO YOUR IT COMPLIANCE PROGRAM

Recommended

PCI DSS and Other Related Updates
PCI DSS and Other Related UpdatesPCI DSS and Other Related Updates
PCI DSS and Other Related UpdatesControlCase
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECVendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECControlCase
 
PCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management CompliancePCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management ComplianceControlCase
 
Performing One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesPerforming One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesControlCase
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance ChecklistControlCase
 
PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)ControlCase
 
Performing PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust PrinciplesPerforming PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust PrinciplesControlCase
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 

Recommended

PCI DSS and Other Related Updates
PCI DSS and Other Related UpdatesPCI DSS and Other Related Updates
PCI DSS and Other Related UpdatesControlCase
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECVendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECControlCase
 
PCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management CompliancePCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management ComplianceControlCase
 
Performing One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesPerforming One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesControlCase
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance ChecklistControlCase
 
PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)ControlCase
 
Performing PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust PrinciplesPerforming PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust PrinciplesControlCase
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
Integrated Compliance – Collect Evidence Once, Certify to Many
Integrated Compliance – Collect Evidence Once, Certify to ManyIntegrated Compliance – Collect Evidence Once, Certify to Many
Integrated Compliance – Collect Evidence Once, Certify to ManyControlCase
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1ControlCase
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and CertificationControlCase
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyControlCase
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudControlCase
 
Log Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity MonitoringLog Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity MonitoringControlCase
 
Docker container webinar final
Docker container webinar finalDocker container webinar final
Docker container webinar finalControlCase
 
Introduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) CertificationIntroduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) CertificationControlCase
 
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS ComplianceControlCase
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECControlCase
 
Integrated Compliance
Integrated ComplianceIntegrated Compliance
Integrated ComplianceControlCase
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceControlCase
 
Agiliance Wp Key Steps
Agiliance Wp Key StepsAgiliance Wp Key Steps
Agiliance Wp Key Stepsagiliancecommunity
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) ControlCase
 
Soc 2 vs iso 27001 certification withh links converted-converted
Soc 2 vs iso 27001 certification withh links converted-convertedSoc 2 vs iso 27001 certification withh links converted-converted
Soc 2 vs iso 27001 certification withh links converted-convertedVISTA InfoSec
 
Docker and Container Compliance
Docker and Container ComplianceDocker and Container Compliance
Docker and Container ComplianceControlCase
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
 
Integrated Compliance
Integrated ComplianceIntegrated Compliance
Integrated ComplianceKimberly Simon MBA
 
Making PCI V3.0 Business as Usual (BAU)
Making PCI V3.0 Business as Usual (BAU)Making PCI V3.0 Business as Usual (BAU)
Making PCI V3.0 Business as Usual (BAU)ControlCase
 
PCI DSS Business as Usual
PCI DSS Business as UsualPCI DSS Business as Usual
PCI DSS Business as UsualControlCase
 

More Related Content

What's hot

Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
Integrated Compliance – Collect Evidence Once, Certify to Many
Integrated Compliance – Collect Evidence Once, Certify to ManyIntegrated Compliance – Collect Evidence Once, Certify to Many
Integrated Compliance – Collect Evidence Once, Certify to ManyControlCase
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1ControlCase
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and CertificationControlCase
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyControlCase
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudControlCase
 
Log Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity MonitoringLog Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity MonitoringControlCase
 
Docker container webinar final
Docker container webinar finalDocker container webinar final
Docker container webinar finalControlCase
 
Introduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) CertificationIntroduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) CertificationControlCase
 
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS ComplianceControlCase
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECControlCase
 
Integrated Compliance
Integrated ComplianceIntegrated Compliance
Integrated ComplianceControlCase
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceControlCase
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) ControlCase
 
Soc 2 vs iso 27001 certification withh links converted-converted
Soc 2 vs iso 27001 certification withh links converted-convertedSoc 2 vs iso 27001 certification withh links converted-converted
Soc 2 vs iso 27001 certification withh links converted-convertedVISTA InfoSec
 
Docker and Container Compliance
Docker and Container ComplianceDocker and Container Compliance
Docker and Container ComplianceControlCase
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
 

What's hot (20)

Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
Integrated Compliance – Collect Evidence Once, Certify to Many
Integrated Compliance – Collect Evidence Once, Certify to ManyIntegrated Compliance – Collect Evidence Once, Certify to Many
Integrated Compliance – Collect Evidence Once, Certify to Many
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and Certification
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to Many
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
 
Log Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity MonitoringLog Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity Monitoring
 
Docker container webinar final
Docker container webinar finalDocker container webinar final
Docker container webinar final
 
Introduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) CertificationIntroduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) Certification
 
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS Compliance
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
 
Integrated Compliance
Integrated ComplianceIntegrated Compliance
Integrated Compliance
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP Marketplace
 
Agiliance Wp Key Steps
Agiliance Wp Key StepsAgiliance Wp Key Steps
Agiliance Wp Key Steps
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Soc 2 vs iso 27001 certification withh links converted-converted
Soc 2 vs iso 27001 certification withh links converted-convertedSoc 2 vs iso 27001 certification withh links converted-converted
Soc 2 vs iso 27001 certification withh links converted-converted
 
Docker and Container Compliance
Docker and Container ComplianceDocker and Container Compliance
Docker and Container Compliance
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
 
Integrated Compliance
Integrated ComplianceIntegrated Compliance
Integrated Compliance
 

Similar to PCI DSS Business as Usual

Making PCI V3.0 Business as Usual (BAU)
Making PCI V3.0 Business as Usual (BAU)Making PCI V3.0 Business as Usual (BAU)
Making PCI V3.0 Business as Usual (BAU)ControlCase
 
PCI DSS Business as Usual
PCI DSS Business as UsualPCI DSS Business as Usual
PCI DSS Business as UsualControlCase
 
PCI DSS Business as Usual
PCI DSS Business as UsualPCI DSS Business as Usual
PCI DSS Business as UsualControlCase
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualKimberly Simon MBA
 
Making Compliance Business as Usual
Making Compliance Business as UsualMaking Compliance Business as Usual
Making Compliance Business as UsualControlCase
 
PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)Kimberly Simon MBA
 
How to Achieve PCI Compliance with an Enterprise Job Scheduler
How to Achieve PCI Compliance with an Enterprise Job Scheduler How to Achieve PCI Compliance with an Enterprise Job Scheduler
How to Achieve PCI Compliance with an Enterprise Job Scheduler HelpSystems
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation servicesTariq Juneja
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Cloud Standards Customer Council
 
PCI DSS & PA DSS Version 3.0 Changes Webinar
PCI DSS & PA DSS Version 3.0 Changes WebinarPCI DSS & PA DSS Version 3.0 Changes Webinar
PCI DSS & PA DSS Version 3.0 Changes WebinarControlCase
 
PCI DSS and PA DSS Version 3.0 Changes
PCI DSS and PA DSS Version 3.0 Changes PCI DSS and PA DSS Version 3.0 Changes
PCI DSS and PA DSS Version 3.0 Changes ControlCase
 
Automate compliance with cloud guard dome9
Automate compliance with cloud guard dome9Automate compliance with cloud guard dome9
Automate compliance with cloud guard dome9John Varghese
 
PCI Compliance - Delving Deeper In The Standard
PCI Compliance - Delving Deeper In The StandardPCI Compliance - Delving Deeper In The Standard
PCI Compliance - Delving Deeper In The StandardJohn Bedrick
 
PCI DSS & PA DSS Version 3.0
PCI DSS & PA DSS Version 3.0PCI DSS & PA DSS Version 3.0
PCI DSS & PA DSS Version 3.0ControlCase
 
PCI Compliance White Paper
PCI Compliance White PaperPCI Compliance White Paper
PCI Compliance White PaperRaz-Lee Security
 
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...Synopsys Software Integrity Group
 
Key New Requirements Added to PCI DSS 3.0
Key New Requirements Added to PCI DSS 3.0Key New Requirements Added to PCI DSS 3.0
Key New Requirements Added to PCI DSS 3.0Brown Smith Wallace
 
An Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsAn Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsHelpSystems
 

Similar to PCI DSS Business as Usual (20)

Making PCI V3.0 Business as Usual (BAU)
Making PCI V3.0 Business as Usual (BAU)Making PCI V3.0 Business as Usual (BAU)
Making PCI V3.0 Business as Usual (BAU)
 
PCI DSS Business as Usual
PCI DSS Business as UsualPCI DSS Business as Usual
PCI DSS Business as Usual
 
PCI DSS Business as Usual
PCI DSS Business as UsualPCI DSS Business as Usual
PCI DSS Business as Usual
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as Usual
 
Making Compliance Business as Usual
Making Compliance Business as UsualMaking Compliance Business as Usual
Making Compliance Business as Usual
 
PCI DSS Business as Usual
PCI DSS Business as UsualPCI DSS Business as Usual
PCI DSS Business as Usual
 
PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)
 
How to Achieve PCI Compliance with an Enterprise Job Scheduler
How to Achieve PCI Compliance with an Enterprise Job Scheduler How to Achieve PCI Compliance with an Enterprise Job Scheduler
How to Achieve PCI Compliance with an Enterprise Job Scheduler
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation services
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
 
PCI DSS & PA DSS Version 3.0 Changes Webinar
PCI DSS & PA DSS Version 3.0 Changes WebinarPCI DSS & PA DSS Version 3.0 Changes Webinar
PCI DSS & PA DSS Version 3.0 Changes Webinar
 
PCI DSS and PA DSS Version 3.0 Changes
PCI DSS and PA DSS Version 3.0 Changes PCI DSS and PA DSS Version 3.0 Changes
PCI DSS and PA DSS Version 3.0 Changes
 
Automate compliance with cloud guard dome9
Automate compliance with cloud guard dome9Automate compliance with cloud guard dome9
Automate compliance with cloud guard dome9
 
PCI Compliance - Delving Deeper In The Standard
PCI Compliance - Delving Deeper In The StandardPCI Compliance - Delving Deeper In The Standard
PCI Compliance - Delving Deeper In The Standard
 
PCI DSS & PA DSS Version 3.0
PCI DSS & PA DSS Version 3.0PCI DSS & PA DSS Version 3.0
PCI DSS & PA DSS Version 3.0
 
PCI Compliance White Paper
PCI Compliance White PaperPCI Compliance White Paper
PCI Compliance White Paper
 
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...
 
Key New Requirements Added to PCI DSS 3.0
Key New Requirements Added to PCI DSS 3.0Key New Requirements Added to PCI DSS 3.0
Key New Requirements Added to PCI DSS 3.0
 
An Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsAn Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power Systems
 

More from ControlCase

Maintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish KirtikarMaintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish KirtikarControlCase
 
PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfControlCase
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Integrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptxIntegrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptxControlCase
 
2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdfControlCase
 
French PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdfFrench PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdfControlCase
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfControlCase
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxControlCase
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdfControlCase
 
Webinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdfWebinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdfControlCase
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
PCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxPCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxControlCase
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxControlCase
 
HITRUST Certification
HITRUST CertificationHITRUST Certification
HITRUST CertificationControlCase
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC CertificationControlCase
 
Healthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUSTHealthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUSTControlCase
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyControlCase
 

More from ControlCase (17)

Maintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish KirtikarMaintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish Kirtikar
 
PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdf
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
Integrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptxIntegrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptx
 
2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf
 
French PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdfFrench PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdf
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
 
Webinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdfWebinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdf
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
PCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxPCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptx
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptx
 
HITRUST Certification
HITRUST CertificationHITRUST Certification
HITRUST Certification
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
 
Healthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUSTHealthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUST
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of Privacy
 

Recently uploaded

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 

Recently uploaded (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

PCI DSS Business as Usual

  • 1. © 2019 ControlCase All Rights Reserved PCI DSS Business as Usual Webinar Your IT Compliance Partner – Go Beyond the Checklist
  • 2. © 2019 ControlCase All Rights Reserved Our Agenda 2 4 2 3 Your IT Compliance Partner – Go beyond the checklist ControlCase Introduction About PCI DSS PCI DSS Business as Usual by Requirement Number Key Implementation Tips ControlCase Solution5 1
  • 3. © 2019 ControlCase All Rights Reserved ControlCase Introduction1
  • 4. © 2019 ControlCase All Rights Reserved ControlCase Snapshot 4 Certification and ContinuousCompliance Services Go beyond the auditor’s checklist to: Dramatically cut the time, cost and burden from becoming certified and maintaining IT compliance • Demonstrate compliance more efficiently and cost effectively (cost certainty) • Improve efficiencies • Do more with less resources and gain compliance peace of mind • Free up your internal resources to focus on their priorities • Offload much of the compliance burden to a trusted compliance partner 1000+ Clients 275+ Security Experts 10,000+ IT Security Certifications
  • 5. © 2019 ControlCase All Rights Reserved Solution - Certification and Continuous Compliance Services 5 “I’ve worked on both sides of auditing. I have not seen any other firm deliver the same product and service with the same value. No other firm provides that continuous improvement and the level of detail and responsiveness.” Security and Compliance Manager, Data Center
  • 6. © 2019 ControlCase All Rights Reserved Certification Services 6 OneAudit – Collect Once, Certify Many PCI DSS ISO 27001 & 27002 SOC 1, SOC 2, SOC 3, & SOC for Cybersecurity HITRUST CSF HIPAA PCI P2PE GDPR NIST 800-53 PCI PIN PCI PA-DSS FedRAMP PCI 3DS “You have 27 seconds to make a first impression. And after our initial meeting, it became clear that they were more interested in helping our business and building a relationship, not just getting the business.” Sr. Director, Information Risk & Compliance, Large Merchant
  • 7. © 2019 ControlCase All Rights Reserved About PCI DSS2
  • 8. © 2019 ControlCase All Rights Reserved What is PCI DSS 8 8 Payment Card Industry Data Security Standard: • Guidelines for securely processing, storing, or transmitting payment card account data • Established by leading payment card brands • Maintained by the PCI Security Standards Council (PCI SSC)
  • 9. © 2019 ControlCase All Rights Reserved PCI DSS Requirements 9 Control Objectives Requirements Build and maintain a secure network 1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect cardholder data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks Maintain a vulnerability management program 5. Use and regularly update anti-virus software on all systems commonly affected by malware 6. Develop and maintain secure systems and applications Implement strong access control measures 7. Restrict access to cardholder data by business need-to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data Regularly monitor and test networks 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes Maintain an information security policy 12. Maintain a policy that addresses information security
  • 10. © 2019 ControlCase All Rights Reserved PCI DSS Business as Usual by Requirement Number3
  • 11. © 2019 ControlCase All Rights Reserved PCI Council Guidance on BAU 11 Monitoring of security controls • Firewalls • IDS/IPS • File Integrity Monitoring (FIM) • Anti Virus Ensuring failures in security controls are detected and responded • Restoring the security control • Identifying the root cause • Identifying any security issues because of the failure • Mitigation • Resume monitoring of security control • Segregation of duties between detective and preventive controls
  • 12. © 2019 ControlCase All Rights Reserved PCI Council Guidance on BAU 12 Review changes to environment • Addition of new systems • Changes or organizational structure • Impact of change to PCI DSS scope • Requirement applicable to new scope • Implement any additional security controls because of change • New hardware and software (and older ones) continue to be supported and do not impact compliance Periodic reviews • Configuration • Physical security • Patches and Anti Virus • Audit logs • Access rights
  • 13. © 2019 ControlCase All Rights Reserved Requirement 1: Firewalls 13 People - PCI project manager to escalate non-compliance - Segregation of duties between operations performing change and compliance personnel reviewing change Process - PCI impact analysis as part of firewall change management process Technology - Automated/Periodic ruleset reviews - Weekly port scans from CDE to Internet to verify no outbound connections
  • 14. © 2019 ControlCase All Rights Reserved Requirement 2: Configuration Scans 14 People - PCI project manager to escalate non-compliance Process - Periodic update to configuration standards - New infrastructure onboarding process to include PCI configuration standards check Technology - Automated/Periodic configuration scans - Reminders to update configuration standards quarterly - Technology to flag new assets that have not formally undergone PCI configuration standards check
  • 15. © 2019 ControlCase All Rights Reserved Requirement 3: Protect Stored Cardholder Data 15 People - PCI project manager to escalate non-compliance to highest levels within organization Process - Periodic false positive management - Search for cardholder data during roll out tests/quality assurance Technology - Automated/Periodic cardholder data scans - Alerts in case of new cardholder data found
  • 16. © 2019 ControlCase All Rights Reserved Requirement 4: Protect Cardholder Data In Transmission 16 People - Training to ensure personnel do not email/chat clear text card data - Personnel allocated to review outbound data at random Process - Periodic review of modes of transmission i.e. wireless, chat, email etc. Technology - Automated technology to monitor transmission of card data through perimeter (e.g. email, chat monitoring)
  • 17. © 2019 ControlCase All Rights Reserved Requirement 5: Antivirus and Malware 17 People - PCI project manager to escalate non-compliance Process - Process to ensure all assets are protected by antivirus - Process to implement antivirus and anti-malware on all new systems being deployed Technology - Technology to detect any systems that do not have anti virus/anti malware installed
  • 18. © 2019 ControlCase All Rights Reserved Requirement 6: Secure Applications 18 People - Segregation of development and security duties - Periodic training of developers to security standards such as OWASP Process - Continuous scanning of applications - Scanning of applications as part of SDLC - Code review as part of SDLC - Review of QA/test cases on a periodic basis to ensure all of them have a security checkpoint and approval Technology - Application scanning software - Code review software - Identification of instances where changes have occurred to applications - Application firewalls
  • 19. © 2019 ControlCase All Rights Reserved Requirement 7 & 8: Access Control and User IDs 19 People - Segregation of personnel provisioning IDs and review of user access Process - Periodic review of user access - Attestation of user access - Onboarding procedures - Termination procedures Technology - Role based access control - Single sign on - Use of LDAP/AD/TACACS for password management
  • 20. © 2019 ControlCase All Rights Reserved Requirement 9: Physical Security 20 People - Designation of a person at every site as a site coordinator Process - Periodic walkthroughs and random audits of physical security - Weekly review of CCTV and badge logs - Periodic review of scope Technology - Alarms to report malfunction of devices such as cameras and badge access readers
  • 21. © 2019 ControlCase All Rights Reserved Requirement 10: Logging and Monitoring 21 People - Personnel to actively monitor logs 24/7/365 Process - Periodic review of asset inventory - Periodic review of scope - Process to ensure logs from all assets are feeding the SIEM solution - Restoration of logs from 12 months back every week/month Technology - Security and Event Management (SIEM) - Technology to identify new assets not covered within SIEM
  • 22. © 2019 ControlCase All Rights Reserved Requirement 11: Vulnerability Management 22 People - Segregation of personnel responsible for scanning vs remediation of anomalies - PCI project manager to escalate non-compliance Process - Ongoing review of target assets vs asset inventory for appropriateness/change - Periodic testing of IDS/IPS effectiveness through random penetration tests/vulnerability scans Technology - Automated scanning technology - Technology to manage false positives and compensating controls - Asset management repository - File Integrity Monitoring (FIM) technology
  • 23. © 2019 ControlCase All Rights Reserved Requirement 12: Policies and Procedures 23 People - Coordination between procurement and compliance personnel Process - PCI DSS requirements tied to procurement process - PCI anomalies to be tracked within vendor/third party management solution Technology - Vendor management/Third party management solution
  • 24. © 2019 ControlCase All Rights Reserved Key Implementation Tips4
  • 25. © 2019 ControlCase All Rights Reserved Key Quarterly Themes 25 Segregation of duties Technology operating effectively Automation Dedicated PCI project manager Repeatability Periodic Reviews
  • 26. © 2019 ControlCase All Rights Reserved Calendar of Reminders Tracking Back to Controls 26
  • 27. © 2019 ControlCase All Rights Reserved Dashboard for Tracking Activities 27
  • 28. © 2019 ControlCase All Rights Reserved ControlCase Solution5
  • 29. © 2019 ControlCase All Rights Reserved Predictive Continuous Compliance Services 29 70% Of company’s assets are non- compliant at some point in the year. • Address common non-compliant situations that leave you vulnerable all year long, including: • In-scope assets not reporting logs • In-scope assets missed from vulnerability scans • Critical, overlooked vulnerabilities due to volume • Risky firewall rule sets go undetected • Non-compliant user access scenarios not flagged • Go beyond monitoring and alerting to predict, prioritize and remediate compliance risks before they become security threats “The continuous compliance monitoring is a big value add to their audit and certification services, which is good for organizations that don’t have the team in-house. It’s a big differentiator for them.” VP of IT, Call Center/BPO Company Automation- DrivenSkyCAM Partnership Approach IT Certification Services Continuous Compliance Services
  • 30. © 2019 ControlCase All Rights Reserved Predictive Continuous Compliance Services 30 Automation- DrivenSkyCAM Partnership Approach IT Certification Services Continuous Compliance Services What is Continuous Compliance  Quarterly review of 20-25 high impact/high risk questions  Technical review of vulnerability scans, log management, asset list and other available automated systems Benefits of Continuous Compliance  Eliminates the need for potential major last minute audit findings  Reduces effort for final audit by approximately 25%  Reduces the risk of technical shortcomings such as,  Quarterly scans missed certain assets  Logs from all assets not reporting Deliverable of Continuous Compliance
  • 31. © 2019 ControlCase All Rights Reserved Automation-driven 31 SkyCAM IT Compliance Portal — Automation-driven certification and continuous compliance
  • 32. © 2019 ControlCase All Rights Reserved Summary – Why ControlCase 32 “They provide excellent service, expertise and technology. And, the visibility into my compliance throughout the year and during the audit process provide a lot of value to us.” Dir. of Compliance, SaaS company Your IT Compliance Partner – Go beyond the auditor’s checklist
  • 33. © 2019 ControlCase All Rights Reserved Email contact@controlcase.com Telephone Americas +1.703-483-6383 India: +91.22.50323006 Social Media Conection Suport www.facebook.com/user www.linkedin.com/user Visit our website www.controlcase.com THANK YOU FOR THE OPPORTUNITY TO CONTRIBUTE TO YOUR IT COMPLIANCE PROGRAM

Editor's Notes

  1. Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.  
  2. Partnership Approach – Proactive expertise, responsive support and new, innovative ideas to streamline and improve compliance Right mix of size and responsiveness - We’re big enough to provide comprehensive compliance services, but agile enough to deliver responsive client care and support Automation-Driven – Take advantage of automation to cut time and costs and improve efficiencies in becoming certified and maintaining compliance ControlCase IT Compliance Portal Automated evidence collection – on prem or in the cloud Real-time Certification Dashboard AI-powered Predictive Compliance Go beyond monitoring and alerting to predict, prioritize and remediate compliance risk before they become security threats GRC Platform integration Continuous Compliance – Use ControlCase’s continuous compliance services to maintain compliance continuously in between annual certification efforts, because point-in-time, snap-shot compliance doesn’t effectively keep your company compliant or secure Predict, prioritize and remediate compliance risks before they become security threats