SlideShare a Scribd company logo

Taking the Pain out of PCI Compliance

Download as PPTX, PDF
Tripwire
Tripwire

Passing PCI audits can be a painful experience, but it doesn’t have to be that way. Tripwire solutions are used by eight of the top ten global retailers and we’ve helped thousands of customers achieve and maintain PCI compliance since version one of the PCI regulations. Aaron Warner, Systems Engineer Manager at Tripwire, shows you how to: -Avoid the top three mistakes of PCI compliance audits -Build audit-ready PCI reports with less effort -Stay PCI compliant once you’ve passed an audit

Technology
1 of 15
1: Build and Maintain a Secure Network 2: Protect Cardholder Data 3: Maintain a Vulnerability Management Program 4: Implement Strong Access Control Measures 5: Regularly Monitor and Test Networks 6: Maintain an Information Security Policy Requirement 1: Install and maintain a firewall configuration to Protect Cardholder Data Requirement 3: Protect stored cardholder data Requirement 5: Protect all systems against malware and regularly update anti- virus software or programs Requirement 7: Restrict access to cardholder data by business need to know Requirement 10: Track and monitor all access to network resources and cardholder data Requirement 12: Maintain a policy that addresses information security for all personnel Requirement 2: Do not use vendor- supplied defaults for system passwords and other security parameters Requirement 4: Encrypt transmission of cardholder data across open, public networks Requirement 6: Develop and maintain secure systems and applications Requirement 8: Identify and authenticate access to system components Requirement 11: Regularly test security systems and processes Requirement 9: Restrict physical access to cardholder data Validates Provides Supports
Mistake #2 Periodic PCI Assessment
Continuous Security and Compliance Lowers Cost Increases Efficiency Increases Security Reduces Risk
Mistake #3 Applying only a PCI solution and not leveraging the product for Security
Audit Change Enhanced File Integrity Monitoring Tripwire Enterprise Console Detection Engine Baseline Critical system, configuration & content files Change Change Change Assess Compliance Was it compliant?Was it authorized? Directory Services DesktopsFile Systems Network Devices Databases Hypervisors Applications
Taking the Pain out of PCI Compliance
Taking the Pain out of PCI Compliance
Taking the Pain out of PCI Compliance

Recommended

PCI Change Detection: Thinking Beyond the Checkbox
PCI Change Detection: Thinking Beyond the CheckboxPCI Change Detection: Thinking Beyond the Checkbox
PCI Change Detection: Thinking Beyond the Checkbox
Tripwire
 
Security Essentials
Security EssentialsSecurity Essentials
Security Essentials
Ashley Deuble
 
Cyber essentials-overview-sep-2021-211019100139
Cyber essentials-overview-sep-2021-211019100139Cyber essentials-overview-sep-2021-211019100139
Cyber essentials-overview-sep-2021-211019100139
evaleng2
 
2017 IT Control Environment for Local Gov
2017 IT Control Environment for Local Gov2017 IT Control Environment for Local Gov
2017 IT Control Environment for Local Gov
Donald E. Hester
 
WE16 - Defense in Depth: Top 10 Critical Security Controls
WE16 - Defense in Depth: Top 10 Critical Security ControlsWE16 - Defense in Depth: Top 10 Critical Security Controls
WE16 - Defense in Depth: Top 10 Critical Security Controls
Society of Women Engineers
 
Gain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldGain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless World
Qualys
 
Achieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationAchieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security Automation
Tripwire
 
What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?
IT Governance Ltd
 

Recommended

PCI Change Detection: Thinking Beyond the Checkbox
PCI Change Detection: Thinking Beyond the CheckboxPCI Change Detection: Thinking Beyond the Checkbox
PCI Change Detection: Thinking Beyond the Checkbox
Tripwire
 
Security Essentials
Security EssentialsSecurity Essentials
Security Essentials
Ashley Deuble
 
Cyber essentials-overview-sep-2021-211019100139
Cyber essentials-overview-sep-2021-211019100139Cyber essentials-overview-sep-2021-211019100139
Cyber essentials-overview-sep-2021-211019100139
evaleng2
 
2017 IT Control Environment for Local Gov
2017 IT Control Environment for Local Gov2017 IT Control Environment for Local Gov
2017 IT Control Environment for Local Gov
Donald E. Hester
 
WE16 - Defense in Depth: Top 10 Critical Security Controls
WE16 - Defense in Depth: Top 10 Critical Security ControlsWE16 - Defense in Depth: Top 10 Critical Security Controls
WE16 - Defense in Depth: Top 10 Critical Security Controls
Society of Women Engineers
 
Gain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldGain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless World
Qualys
 
Achieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationAchieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security Automation
Tripwire
 
What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?
IT Governance Ltd
 
Force 3 Software Practice Overview
Force 3 Software Practice OverviewForce 3 Software Practice Overview
Force 3 Software Practice Overview
Force 3
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
AlgoSec
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
AlienVault
 
Pervasive Security Across Your Extended Network
Pervasive Security Across Your Extended NetworkPervasive Security Across Your Extended Network
Pervasive Security Across Your Extended Network
Cisco Security
 
Basic Security Requirements
Basic Security RequirementsBasic Security Requirements
Basic Security Requirements
Steven Cahill
 
Edgescan 2021 Vulnerability Stats Report
Edgescan 2021 Vulnerability Stats ReportEdgescan 2021 Vulnerability Stats Report
Edgescan 2021 Vulnerability Stats Report
Eoin Keary
 
CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security Benchmark
Rahul Khengare
 
Otx introduction sw
Otx introduction swOtx introduction sw
Otx introduction sw
AlienVault
 
IoT Threat Intel - Steppa
IoT Threat Intel - SteppaIoT Threat Intel - Steppa
IoT Threat Intel - Steppa
Steppa Cyber Security
 
241_ATD_TUE_1430_EagleRockEnergy_final
241_ATD_TUE_1430_EagleRockEnergy_final241_ATD_TUE_1430_EagleRockEnergy_final
241_ATD_TUE_1430_EagleRockEnergy_final
Anthony Hopkins
 
PCI presentation
PCI presentationPCI presentation
PCI presentation
Mahmoud Salaheldin
 
SGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data securitySGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data security
Andy Bochman
 
Midsize Business Solutions: Cybersecurity
Midsize Business Solutions: CybersecurityMidsize Business Solutions: Cybersecurity
Midsize Business Solutions: Cybersecurity
Cisco Security
 
Lowlands Unite NL 2017 - ATA to Z
Lowlands Unite NL 2017 - ATA to ZLowlands Unite NL 2017 - ATA to Z
Lowlands Unite NL 2017 - ATA to Z
Tim De Keukelaere
 
OWASP Nagpur Meet #4
OWASP Nagpur Meet #4 OWASP Nagpur Meet #4
OWASP Nagpur Meet #4
OWASP Nagpur
 
New Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: HowlandNew Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: Howland
nado-web
 
Info and telecom_network_security
Info and telecom_network_securityInfo and telecom_network_security
Info and telecom_network_security
Brijesh Kumar
 
What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...
Alisha Henderson
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
Carl B. Forkner, Ph.D.
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
AlienVault
 
Tripwire University Boot Camp – The Shifting Landscape: Know Your Battlefield
Tripwire University Boot Camp – The Shifting Landscape: Know Your BattlefieldTripwire University Boot Camp – The Shifting Landscape: Know Your Battlefield
Tripwire University Boot Camp – The Shifting Landscape: Know Your Battlefield
Tripwire
 
Tripwire University Boot Camp – Economy of Bad
Tripwire University Boot Camp – Economy of BadTripwire University Boot Camp – Economy of Bad
Tripwire University Boot Camp – Economy of Bad
Tripwire
 

More Related Content

What's hot

Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
AlgoSec
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
AlienVault
 
Basic Security Requirements
Basic Security RequirementsBasic Security Requirements
Basic Security Requirements
Steven Cahill
 
241_ATD_TUE_1430_EagleRockEnergy_final
241_ATD_TUE_1430_EagleRockEnergy_final241_ATD_TUE_1430_EagleRockEnergy_final
241_ATD_TUE_1430_EagleRockEnergy_final
Anthony Hopkins
 
SGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data securitySGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data security
Andy Bochman
 
Midsize Business Solutions: Cybersecurity
Midsize Business Solutions: CybersecurityMidsize Business Solutions: Cybersecurity
Midsize Business Solutions: Cybersecurity
Cisco Security
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
AlienVault
 

What's hot (20)

Force 3 Software Practice Overview
Force 3 Software Practice OverviewForce 3 Software Practice Overview
Force 3 Software Practice Overview
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
 
Pervasive Security Across Your Extended Network
Pervasive Security Across Your Extended NetworkPervasive Security Across Your Extended Network
Pervasive Security Across Your Extended Network
 
Basic Security Requirements
Basic Security RequirementsBasic Security Requirements
Basic Security Requirements
 
Edgescan 2021 Vulnerability Stats Report
Edgescan 2021 Vulnerability Stats ReportEdgescan 2021 Vulnerability Stats Report
Edgescan 2021 Vulnerability Stats Report
 
CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security Benchmark
 
Otx introduction sw
Otx introduction swOtx introduction sw
Otx introduction sw
 
IoT Threat Intel - Steppa
IoT Threat Intel - SteppaIoT Threat Intel - Steppa
IoT Threat Intel - Steppa
 
241_ATD_TUE_1430_EagleRockEnergy_final
241_ATD_TUE_1430_EagleRockEnergy_final241_ATD_TUE_1430_EagleRockEnergy_final
241_ATD_TUE_1430_EagleRockEnergy_final
 
PCI presentation
PCI presentationPCI presentation
PCI presentation
 
SGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data securitySGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data security
 
Midsize Business Solutions: Cybersecurity
Midsize Business Solutions: CybersecurityMidsize Business Solutions: Cybersecurity
Midsize Business Solutions: Cybersecurity
 
Lowlands Unite NL 2017 - ATA to Z
Lowlands Unite NL 2017 - ATA to ZLowlands Unite NL 2017 - ATA to Z
Lowlands Unite NL 2017 - ATA to Z
 
OWASP Nagpur Meet #4
OWASP Nagpur Meet #4 OWASP Nagpur Meet #4
OWASP Nagpur Meet #4
 
New Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: HowlandNew Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: Howland
 
Info and telecom_network_security
Info and telecom_network_securityInfo and telecom_network_security
Info and telecom_network_security
 
What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
 

Viewers also liked

Leveraging Change Control for Security
Leveraging Change Control for SecurityLeveraging Change Control for Security
Leveraging Change Control for Security
Tripwire
 
Survival of the Fittest: How to Build a Cyber Resilient Organization
Survival of the Fittest: How to Build a Cyber Resilient OrganizationSurvival of the Fittest: How to Build a Cyber Resilient Organization
Survival of the Fittest: How to Build a Cyber Resilient Organization
Tripwire
 
The RMF: New Emphasis on the Risk Management Framework for Government Organiz...
The RMF: New Emphasis on the Risk Management Framework for Government Organiz...The RMF: New Emphasis on the Risk Management Framework for Government Organiz...
The RMF: New Emphasis on the Risk Management Framework for Government Organiz...
Tripwire
 
Threat Intelligence from Honeypots for Active Defense
Threat Intelligence from Honeypots for Active DefenseThreat Intelligence from Honeypots for Active Defense
Threat Intelligence from Honeypots for Active Defense
Tripwire
 
An Essential Guide to EU GDPR
An Essential Guide to EU GDPRAn Essential Guide to EU GDPR
An Essential Guide to EU GDPR
Tripwire
 
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Tripwire
 
Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes
Breaking In and Breaking Records – A Look Back at 2016 CybercrimesBreaking In and Breaking Records – A Look Back at 2016 Cybercrimes
Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes
Tripwire
 

Viewers also liked (20)

Tripwire University Boot Camp – The Shifting Landscape: Know Your Battlefield
Tripwire University Boot Camp – The Shifting Landscape: Know Your BattlefieldTripwire University Boot Camp – The Shifting Landscape: Know Your Battlefield
Tripwire University Boot Camp – The Shifting Landscape: Know Your Battlefield
 
Tripwire University Boot Camp – Economy of Bad
Tripwire University Boot Camp – Economy of BadTripwire University Boot Camp – Economy of Bad
Tripwire University Boot Camp – Economy of Bad
 
Leveraging Change Control for Security
Leveraging Change Control for SecurityLeveraging Change Control for Security
Leveraging Change Control for Security
 
Survival of the Fittest: How to Build a Cyber Resilient Organization
Survival of the Fittest: How to Build a Cyber Resilient OrganizationSurvival of the Fittest: How to Build a Cyber Resilient Organization
Survival of the Fittest: How to Build a Cyber Resilient Organization
 
The RMF: New Emphasis on the Risk Management Framework for Government Organiz...
The RMF: New Emphasis on the Risk Management Framework for Government Organiz...The RMF: New Emphasis on the Risk Management Framework for Government Organiz...
The RMF: New Emphasis on the Risk Management Framework for Government Organiz...
 
Tripwire University: Cyberwar Boot Camp – Introduction and Overview
Tripwire University: Cyberwar Boot Camp – Introduction and OverviewTripwire University: Cyberwar Boot Camp – Introduction and Overview
Tripwire University: Cyberwar Boot Camp – Introduction and Overview
 
8 Tips on Creating a Security Culture in the Workplace
8 Tips on Creating a Security Culture in the Workplace8 Tips on Creating a Security Culture in the Workplace
8 Tips on Creating a Security Culture in the Workplace
 
Keep Your Guard: Stay Compliant and Be Secure
Keep Your Guard: Stay Compliant and Be SecureKeep Your Guard: Stay Compliant and Be Secure
Keep Your Guard: Stay Compliant and Be Secure
 
"Backoff" Malware: How to Know If You're Infected
"Backoff" Malware: How to Know If You're Infected"Backoff" Malware: How to Know If You're Infected
"Backoff" Malware: How to Know If You're Infected
 
Threat Intelligence from Honeypots for Active Defense
Threat Intelligence from Honeypots for Active DefenseThreat Intelligence from Honeypots for Active Defense
Threat Intelligence from Honeypots for Active Defense
 
An Essential Guide to EU GDPR
An Essential Guide to EU GDPRAn Essential Guide to EU GDPR
An Essential Guide to EU GDPR
 
Tripwire IP360 Vulnerability Management
Tripwire IP360 Vulnerability ManagementTripwire IP360 Vulnerability Management
Tripwire IP360 Vulnerability Management
 
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
 
Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes
Breaking In and Breaking Records – A Look Back at 2016 CybercrimesBreaking In and Breaking Records – A Look Back at 2016 Cybercrimes
Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes
 
How to Protect Your Organization from the Ransomware Epidemic
How to Protect Your Organization from the Ransomware EpidemicHow to Protect Your Organization from the Ransomware Epidemic
How to Protect Your Organization from the Ransomware Epidemic
 
Excellence in the Essentials: It's Not Whether You Implement Foundational Con...
Excellence in the Essentials: It's Not Whether You Implement Foundational Con...Excellence in the Essentials: It's Not Whether You Implement Foundational Con...
Excellence in the Essentials: It's Not Whether You Implement Foundational Con...
 
Overload: Critical Lessons from 15 Years of ICS Vulnerabilities
Overload: Critical Lessons from 15 Years of ICS VulnerabilitiesOverload: Critical Lessons from 15 Years of ICS Vulnerabilities
Overload: Critical Lessons from 15 Years of ICS Vulnerabilities
 
3 Success Stories on the Tripwire Enterprise Journey
3 Success Stories on the Tripwire Enterprise Journey3 Success Stories on the Tripwire Enterprise Journey
3 Success Stories on the Tripwire Enterprise Journey
 
How to Improve Your Board’s Cyber Security Literacy
How to Improve Your Board’s Cyber Security LiteracyHow to Improve Your Board’s Cyber Security Literacy
How to Improve Your Board’s Cyber Security Literacy
 
Advanced Vulnerability Scoring and Prioritization
Advanced Vulnerability Scoring and PrioritizationAdvanced Vulnerability Scoring and Prioritization
Advanced Vulnerability Scoring and Prioritization
 

Similar to Taking the Pain out of PCI Compliance

Payment card industry data security standard
Payment card industry data security standardPayment card industry data security standard
Payment card industry data security standard
manojghimiray
 
PCI-DSS explained
PCI-DSS explainedPCI-DSS explained
PCI-DSS explained
Edwin_Bos
 
Closing PCI WiFi Loopholes with AirMagnet Enterprise
Closing PCI WiFi Loopholes with AirMagnet EnterpriseClosing PCI WiFi Loopholes with AirMagnet Enterprise
Closing PCI WiFi Loopholes with AirMagnet Enterprise
bagnalldarren
 

Similar to Taking the Pain out of PCI Compliance (20)

Payment Card Industry Compliance Requirements
Payment Card Industry Compliance Requirements Payment Card Industry Compliance Requirements
Payment Card Industry Compliance Requirements
 
DataPower as PCI
DataPower as PCIDataPower as PCI
DataPower as PCI
 
Payment card industry data security standard
Payment card industry data security standardPayment card industry data security standard
Payment card industry data security standard
 
Continual Compliance for PCI DSS, E13PA and ISO 27001/2
Continual Compliance for PCI DSS, E13PA and ISO 27001/2Continual Compliance for PCI DSS, E13PA and ISO 27001/2
Continual Compliance for PCI DSS, E13PA and ISO 27001/2
 
Making Compliance Business as Usual
Making Compliance Business as UsualMaking Compliance Business as Usual
Making Compliance Business as Usual
 
Understanding the Experian independent third party assessment (EI3PA ) requir...
Understanding the Experian independent third party assessment (EI3PA ) requir...Understanding the Experian independent third party assessment (EI3PA ) requir...
Understanding the Experian independent third party assessment (EI3PA ) requir...
 
Gazzang pci v1[1]
Gazzang pci v1[1]Gazzang pci v1[1]
Gazzang pci v1[1]
 
How to Achieve PCI Compliance with an Enterprise Job Scheduler
How to Achieve PCI Compliance with an Enterprise Job Scheduler How to Achieve PCI Compliance with an Enterprise Job Scheduler
How to Achieve PCI Compliance with an Enterprise Job Scheduler
 
PCI DSS & PA DSS Version 3.0 Changes Webinar
PCI DSS & PA DSS Version 3.0 Changes WebinarPCI DSS & PA DSS Version 3.0 Changes Webinar
PCI DSS & PA DSS Version 3.0 Changes Webinar
 
PCI-DSS explained
PCI-DSS explainedPCI-DSS explained
PCI-DSS explained
 
PCI DSS & PA DSS Version 3.0
PCI DSS & PA DSS Version 3.0PCI DSS & PA DSS Version 3.0
PCI DSS & PA DSS Version 3.0
 
PCI-DSS Experience- Phan Canh Nhat Present on 13/11/2014
PCI-DSS Experience- Phan Canh Nhat Present on 13/11/2014PCI-DSS Experience- Phan Canh Nhat Present on 13/11/2014
PCI-DSS Experience- Phan Canh Nhat Present on 13/11/2014
 
PCI DSS Business as Usual
PCI DSS Business as UsualPCI DSS Business as Usual
PCI DSS Business as Usual
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as Usual
 
PCI DSS for Pentesting
PCI DSS for PentestingPCI DSS for Pentesting
PCI DSS for Pentesting
 
Closing PCI WiFi Loopholes with AirMagnet Enterprise
Closing PCI WiFi Loopholes with AirMagnet EnterpriseClosing PCI WiFi Loopholes with AirMagnet Enterprise
Closing PCI WiFi Loopholes with AirMagnet Enterprise
 
PCI DSS Business as Usual
PCI DSS Business as UsualPCI DSS Business as Usual
PCI DSS Business as Usual
 
PCI DSS Business as Usual
PCI DSS Business as UsualPCI DSS Business as Usual
PCI DSS Business as Usual
 
PCI DSS for Penetration Testing
PCI DSS for Penetration TestingPCI DSS for Penetration Testing
PCI DSS for Penetration Testing
 
Performing PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust PrinciplesPerforming PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust Principles
 

More from Tripwire

Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK Framework
Tripwire
 

More from Tripwire (20)

Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughMind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't Enough
 
Data Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyData Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data Privacy
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The Experts
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale Peterson
 
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
 
Tripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase Cole
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller
 
World Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationWorld Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest Celebration
 
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key Findings
 
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportKey Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
 
The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
 
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
 
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key Findings
 
A Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsA Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber Moments
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
 
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK Framework
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber Attacks
 

Recently uploaded

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Recently uploaded (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 

Taking the Pain out of PCI Compliance

  • 1.
  • 2.
  • 3.
  • 4. 1: Build and Maintain a Secure Network 2: Protect Cardholder Data 3: Maintain a Vulnerability Management Program 4: Implement Strong Access Control Measures 5: Regularly Monitor and Test Networks 6: Maintain an Information Security Policy Requirement 1: Install and maintain a firewall configuration to Protect Cardholder Data Requirement 3: Protect stored cardholder data Requirement 5: Protect all systems against malware and regularly update anti- virus software or programs Requirement 7: Restrict access to cardholder data by business need to know Requirement 10: Track and monitor all access to network resources and cardholder data Requirement 12: Maintain a policy that addresses information security for all personnel Requirement 2: Do not use vendor- supplied defaults for system passwords and other security parameters Requirement 4: Encrypt transmission of cardholder data across open, public networks Requirement 6: Develop and maintain secure systems and applications Requirement 8: Identify and authenticate access to system components Requirement 11: Regularly test security systems and processes Requirement 9: Restrict physical access to cardholder data Validates Provides Supports
  • 5.
  • 6.
  • 7.
  • 8. Mistake #2 Periodic PCI Assessment
  • 9.
  • 10. Continuous Security and Compliance Lowers Cost Increases Efficiency Increases Security Reduces Risk
  • 11. Mistake #3 Applying only a PCI solution and not leveraging the product for Security
  • 12. Audit Change Enhanced File Integrity Monitoring Tripwire Enterprise Console Detection Engine Baseline Critical system, configuration & content files Change Change Change Assess Compliance Was it compliant?Was it authorized? Directory Services DesktopsFile Systems Network Devices Databases Hypervisors Applications