SlideShare a Scribd company logo

Neira jones pci london january 2013 pdf ready

Neira Jones
Neira Jones
Technology
1 of 41
Download to read offline
The right focus and the right language... Lessons learned from 2012 and predictions for 2013 PCI London – 24th January 2013 Neira Jones Senior Vice President Cybercrime Centre for Strategic Cyberspace + Security Science Head of Payment Security Barclaycard payment acceptance
The harsh reality... 2012 shows we have experienced 36% more data breaches than in 2011. (source datalossdb.org 21st January 2013) payment acceptance PCI London – 24th January 2013 2
Payment card information represented 48% of all breaches in 2011, but unlike previous years, it was not a runaway winner. This may allow payment cards to retain the title of “most stolen” but the title of “largest hauls” now belongs to the personal information variety, which includes name, e-mail, national IDs, etc. (95%) Authentication credentials were a close second 42% in the current dataset. Source: Verizon Data Breach Investigation Report 2012 payment acceptance PCI London – 24th January 2013 3
It couldn’t possibly happen to me... • 84% of organisations were notified of a breach by external entities (e.g. regulatory, law enforcement, third party or public). • Within those 84%, attackers had an average of 174 days within the victim’s environment before detection occurred. • The number of self-detected compromises decreased by 4% since 2010. • Businesses that self-detected the breaches were able to identify attackers infiltration 43 days on average after the initial compromise; or a quarter of the time that attackers would have had in the previous scenario. Source: Verizon Data Breach Investigation Report 2012 payment acceptance PCI London – 24th January 2013 4
What of 2013 then?... Popular perception... payment acceptance PCI London – 24th January 2013 5
2013 Data Breach Predictions... Social Engineering Web Application Exploits (75% probability) Authentication Failures/ Attacks (90% probability) Source: Verizon, December 2012 http://biztech2.in.com/news/security/verizons-data-breach-predictions-for-2013/150402/0 payment acceptance PCI London – 24th January 2013 6
payment acceptance PCI London – 24th January 2013 7
payment acceptance PCI London – 24th January 2013 8
payment acceptance PCI London – 24th January 2013 9
What of 2013 then?... An organisation’s service provider could inadvertently increase the likelihood of a breach The reality... by failing to take appropriate actions or taking inappropriate ones. Verizon believe that lost & stolen – and unencrypted - mobile devices will continue to far exceed hacks and malware. They also project that attacks on mobile devices by the criminal world will follow closely the push to mobile payments in the business & consumer world. Targeted attacks from adversaries motivated by espionage & hacktivism will continue to occur, so “it’s critical to be watchful on this front.” Source: Verizon, December 2012 http://biztech2.in.com/news/security/verizons-data-breach-predictions-for-2013/150402/0 payment acceptance PCI London – 24th January 2013 10
What of 2013 then?... An organisation’s service provider could inadvertently increase the likelihood of a breach The reality... by failing to take appropriate actions or taking inappropriate ones. Large organisations tend to pride themselves on their security strategy and accompanying plans, but the reality is that a large business is less likely to discover a breach itself than to be notified by law enforcement. “And if you do discover it yourself,” Wade Baker said, “chances are it will be by accident.” He concluded, “Keep in mind that all of these breaches can still be an Verizon believe that for enterprises. However, what we’re saying is that they’re over- issue lost & stolen – and unencrypted - mobile devices will continue to far exceed hacks data and are far less likely to factor hyped according to our historical and malware.into an organisation’s next breach than is commonly thought.” They also project that attacks on mobile devices by the criminal world will follow closely the push to mobile payments in the business & consumer world. Targeted attacks from adversaries motivated by espionage & hacktivism will continue to occur, so “it’s critical to be watchful on this front.” Source: Verizon, December 2012 http://biztech2.in.com/news/security/verizons-data-breach-predictions-for-2013/150402/0 payment acceptance PCI London – 24th January 2013 11
Data breaches have become a statistical certainty and third party breaches continue to increase... Information security is no longer just about deploying controls... Effective incident response is a priority... Social media usage has exacerbated exposure... Cloud computing demand has increased risk... Mobile/alternative payments have generated friction between Marketing & IT... Regulations have become tougher... payment acceptance PCI London – 24th January 2013 12
Source: Symantec, Cost of a Data Breach Study, United Kingdom, March 2012 payment acceptance PCI London – 24th January 2013 13
For the first time in years, this 8% decline suggests that organisations represented in this study have improved their performance in both preparing for and responding to a data breach. As the findings reveal, fewer records are being lost in these breaches and there is less customer churn. Source: Symantec, Cost of a Data Breach Study, United Kingdom, March 2012 payment acceptance PCI London – 24th January 2013 14
Organisational factors... Factors reducing the cost of a data breach • Having a CISO with overall responsibility for enterprise data protection can reduce the average cost of a data breach by as much as £18 per compromised record. • Containing the size of the breach and improving responsiveness can result in lower organisational costs by £7 per compromised record. • Outside consultants assisting with the breach response can save as much as £11 per record. Factors increasing the cost of a data breach • Data breaches caused by third parties can increase the overall cost by £9 per compromised record. • Data breaches resulting from lost/stolen devices can increase the overall cost by £6 per compromised record. Source: Symantec, Cost of a Data Breach Study, United Kingdom, March 2012 payment acceptance PCI London – 24th January 2013 15
What does this mean for the CIO?... payment acceptance PCI London – 24th January 2013 16
Arise, Sir Lancelot.... The CIO is going through a metamorphosis... Legal Expertise Corporate Finance MC Escher “Metamorphosis” Enterprise Data Management Partner/ IT Vendor Management IT Project Management IT Security & Compliance Source: www.searchcio.techtarget.com “Six ways the CIO job description is changing” November 2012 payment acceptance PCI London – 24th January 2013 17
payment acceptance PCI London – 24th January 2013 18
23rd February 2013: the European Commission will propose a new obligation for security breach notifications for the energy, transport, banking and financial sectors,” said an official working at the Commission's digital agenda department. It also confirmed plans to extend security breach notifications to new industries, other than telecommunication companies and internet firms which in Europe are already subject to reporting obligations. payment acceptance PCI London – 24th January 2013 19
What does this mean for the CISO?... payment acceptance PCI London – 24th January 2013 20
Multi-perspective & multi-disciplinary... Incident Preparedness Speaking The Language Continuous Monitoring Human Risks MC Escher “Convexe & Concave” Third Party Risk Management Using GRC To Improve Business & IT Processes Getting Quantitative (Measure Performance) Source: darkREADING, November 2012, 7 Risk Management Priorities For 2013 payment acceptance PCI London – 24th January 2013 21
Global Mobile Device Management (MDM) Enterprise Software market forecast to grow at a CAGR of 7.8% over the period 2010- 2014. One of the key factors contributing to this market growth is the increasing need for enhanced mobile communication security. The global mobile security market, projected to have reached $1.6 billion in 2012, is expected to continue its growth spike in 2013, according to a Visiongain report. payment acceptance PCI London – 24th January 2013 22
Mobile and social... • As social media usage explodes, what are the risks?... • As mobile device pervasiveness increases, so will the attacks... • As mobile payment acceptance emerges, what are the security implications?... • The monetisation of social networks introduces new risks... • Social mobile payments?... • F-commerce • Shoppable videos • Pinterest... payment acceptance PCI London – 24th January 2013 23
payment acceptance PCI London – 24th January 2013 24
Count down 2013... Mobile • mobile device attacks • BYOD • Mobile Device Management • Mobile Payments • Social Mobile Payments MC Escher “Crystal Ball” • Mobile Payment Acceptance • etc. payment acceptance PCI London – 24th January 2013 25
Count down 2013... Social Media • Social Media Risk • Social Media Engagement • Social Media Servicing • Marketing drive • Finance pressure • Alternative payments • Monetisation of social networks • Social Engineering MC Escher “Crystal Ball” • New social platforms • etc. payment acceptance PCI London – 24th January 2013 26
Count down 2013... Laws & Regulations • EU Data Protection Laws • Disclosure Laws • PCI DSS • All Privacy Laws • Cloud implications • Legal Counsel MC Escher “Crystal Ball” • Etc. payment acceptance PCI London – 24th January 2013 27
Count down 2013... MC Escher “Crystal Ball” payment acceptance PCI London – 24th January 2013 28
Count down 2013... MC Escher “Crystal Ball” payment acceptance PCI London – 24th January 2013 29
Count down 2013... Incident Response • 84% of organisations were notified of a breach by external entities. • Containing the size of the breach and improving responsiveness can result in lower organisational costs by MC Escher “Crystal Ball” £7 per compromised record. • etc. payment acceptance PCI London – 24th January 2013 30
Count down 2013... Enterprise GRC • Laws/ Regulations tracking • Enterprise Asset Management • Security & Compliance • Automation • Economies of scale • Process efficiencies • Continuous monitoring • Performance measurement MC Escher “Crystal Ball” • Finance KPIs • New social platforms • etc. payment acceptance PCI London – 24th January 2013 31
Count down 2013... Third Parties • Cloud security • Big data • Merchant agents • Card scheme mandates • Data breaches caused by third parties can increase the overall cost by £9 per compromised record. MC Escher “Crystal Ball” • etc. payment acceptance PCI London – 24th January 2013 32
Count down 2013... Authentication • Credentials breaches • Authentication failures • Multi-factor authentication • Identity & Access Management • Behavioural analysis • Fraud management MC Escher “Crystal Ball” • etc. payment acceptance PCI London – 24th January 2013 33
Count down 2013... Awareness & Education • Having a CISO with overall responsibility for enterprise data protection can reduce the average cost of a data breach by as much as £18 per compromised record. • Speaking the language (finance, law, marketing, business development, etc.) • Human risks • Data breaches resulting from lost/stolen devices can increase the overall cost by £6 per compromised record. • 36% breaches were due to negligence. MC Escher “Crystal Ball” • Social engineering. • etc. payment acceptance PCI London – 24th January 2013 34
Count down 2013... Risk Management • Corporate finance • Regulations • Existing risks • Emerging risks • Emerging technologies • Business growth • And everything else to deploy an MC Escher “Crystal Ball” effective and convergent business framework... • etc. payment acceptance PCI London – 24th January 2013 35
Count down 2013... Mobile Social Media Law/ Regulation Incident Response Governance, Risk & Compliance Third Parties Authentication MC Escher “Crystal Ball” Awareness & Education Risk Management payment acceptance PCI London – 24th January 2013 36
And don’t take my word for it... payment acceptance PCI London – 24th January 2013 37
payment acceptance PCI London – 24th January 2013 38
The John Lewis Partnership is proud to have been one of the first companies to join the Barclaycard Risk reduction programme as we take information security extremely seriously and for all our Partners reputational risk is paramount. The single most advantageous thing when we transitioned across to the BRRP was the desire of all parties (Barclaycard, IRM our QSA and the Partnership as a whole) to bring judgement into play rather than just ticking boxes for ticking boxes sake. The end result is that we have a clear agreed remediation path which is fully endorsed by the executive board and which can show real return on investment for the Partnership, on-going security maturity for Barclaycard and a reduction in our security risk profile. I would encourage any company to fully explore the benefits of the BRRP and the risk based approach as a whole. Ben Farrell, Head of Operational Risk Management John Lewis Partnership The Barclaycard Risk Reduction Programme is very applicable to the aggressive growth of Paddy Power. The BRRP process allows Paddy Power to reduce and control risk levels in an appropriate manner that also aligns with company growth and objectives. With this in mind we feel that this programme will result in Paddy Power becoming fully compliant with PCI DSS. Moreover, IT security and operational BAUs will ensure that PCI is permanently retained. Stephen Breen, IT Security Manager Paddy Power The Barclaycard Risk Reduction Programme enabled TfL to conduct a standalone review of PCI-DSS risk across the organisation and identify the areas where both additional and less input were required. The structure of the programme makes it possible for TfL to work more closely with Barclaycard and to track business areas through to compliance. Nigel Tate, Treasury Manager Transport for London payment acceptance PCI London – 24th January 2013 39
Join our LinkedIn Group... payment acceptance PCI London – 24th January 2013 40
Know your risk, educate, select the right partners, fix the basics first and be prepared… Neira Jones neira.jones@barclaycard.co.uk http://uk.linkedin.com/pub/neira-jones/0/7a5/140 @neirajones neirajones.blogspot.co.uk http://pinterest.com/neirajones/ https://plus.google.com/110320990111565528559?prsrc=2 payment acceptance PCI London – 24th January 2013 41

Recommended

Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
cybersecurity-250
cybersecurity-250cybersecurity-250
cybersecurity-250Chris Crowe
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Ulf Mattsson
 
Countering Cross-Channel Fraud Threats
Countering Cross-Channel Fraud ThreatsCountering Cross-Channel Fraud Threats
Countering Cross-Channel Fraud ThreatsVivastream
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry BrianHuntMSFCPACRISC
 
Under Lock And Key
Under Lock And KeyUnder Lock And Key
Under Lock And KeyYarko Petriw
 
Cyber
Cyber Cyber
Cyber Alberto Peñaranda Echevarría
 
Data Breach Response Guide (Whitepaper))
Data Breach Response Guide (Whitepaper))Data Breach Response Guide (Whitepaper))
Data Breach Response Guide (Whitepaper))NAFCU Services Corporation
 

Recommended

Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
cybersecurity-250
cybersecurity-250cybersecurity-250
cybersecurity-250Chris Crowe
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Ulf Mattsson
 
Countering Cross-Channel Fraud Threats
Countering Cross-Channel Fraud ThreatsCountering Cross-Channel Fraud Threats
Countering Cross-Channel Fraud ThreatsVivastream
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry BrianHuntMSFCPACRISC
 
Under Lock And Key
Under Lock And KeyUnder Lock And Key
Under Lock And KeyYarko Petriw
 
Cyber
Cyber Cyber
Cyber Alberto Peñaranda Echevarría
 
Data Breach Response Guide (Whitepaper))
Data Breach Response Guide (Whitepaper))Data Breach Response Guide (Whitepaper))
Data Breach Response Guide (Whitepaper))NAFCU Services Corporation
 
The paypers Vol 5.
The paypers Vol 5. The paypers Vol 5.
The paypers Vol 5. EastNets
 
Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]Kolluru N Rao
 
Cyber Crime is Wreaking Havoc
Cyber Crime is Wreaking HavocCyber Crime is Wreaking Havoc
Cyber Crime is Wreaking HavocHewlett Packard Enterprise Business Value Exchange
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityPaul Ferrillo
 
The CPAs Guide to Buying Cyber Insurance
The CPAs Guide to Buying Cyber InsuranceThe CPAs Guide to Buying Cyber Insurance
The CPAs Guide to Buying Cyber InsuranceJoseph Brunsman
 
Eamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonnORagh
 
DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014- Mark - Fullbright
 
Ccs16
Ccs16Ccs16
Ccs16Andrey Apuhtin
 
Our Previous Edition Post event synopsis
Our Previous Edition Post event synopsisOur Previous Edition Post event synopsis
Our Previous Edition Post event synopsisVasuki Kashyap
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesPaige Rasid
 
Case study on JP Morgan Chase & Co
Case study on JP Morgan Chase & CoCase study on JP Morgan Chase & Co
Case study on JP Morgan Chase & CoVictor Oluwajuwon Badejo
 
A Guide To Cyber Insurance
A Guide To Cyber InsuranceA Guide To Cyber Insurance
A Guide To Cyber InsuranceJohn Ryan
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsJason Dover
 
Webinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWebinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWultra
 
Richmond reprint 20151106
Richmond reprint 20151106Richmond reprint 20151106
Richmond reprint 20151106Ted Richmond
 
mbiz122710_bitsec
mbiz122710_bitsecmbiz122710_bitsec
mbiz122710_bitsecbitsec
 
Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis
 
CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!topseowebmaster
 
Cashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCloudMask inc.
 
Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan
 
Break it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure softwareBreak it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure softwareLeigh Honeywell
 
Tactical Edge - How Much Security Do You Really Need?
Tactical Edge - How Much Security Do You Really Need?Tactical Edge - How Much Security Do You Really Need?
Tactical Edge - How Much Security Do You Really Need?Wendy Nather
 

More Related Content

What's hot

The paypers Vol 5.
The paypers Vol 5. The paypers Vol 5.
The paypers Vol 5. EastNets
 
Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]Kolluru N Rao
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityPaul Ferrillo
 
The CPAs Guide to Buying Cyber Insurance
The CPAs Guide to Buying Cyber InsuranceThe CPAs Guide to Buying Cyber Insurance
The CPAs Guide to Buying Cyber InsuranceJoseph Brunsman
 
Eamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonnORagh
 
DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014- Mark - Fullbright
 
Our Previous Edition Post event synopsis
Our Previous Edition Post event synopsisOur Previous Edition Post event synopsis
Our Previous Edition Post event synopsisVasuki Kashyap
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesPaige Rasid
 
A Guide To Cyber Insurance
A Guide To Cyber InsuranceA Guide To Cyber Insurance
A Guide To Cyber InsuranceJohn Ryan
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsJason Dover
 
Webinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWebinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWultra
 
Richmond reprint 20151106
Richmond reprint 20151106Richmond reprint 20151106
Richmond reprint 20151106Ted Richmond
 
mbiz122710_bitsec
mbiz122710_bitsecmbiz122710_bitsec
mbiz122710_bitsecbitsec
 
Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis
 
CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!topseowebmaster
 
Cashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCloudMask inc.
 
Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan
 

What's hot (20)

The paypers Vol 5.
The paypers Vol 5. The paypers Vol 5.
The paypers Vol 5.
 
Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]
 
Cyber Crime is Wreaking Havoc
Cyber Crime is Wreaking HavocCyber Crime is Wreaking Havoc
Cyber Crime is Wreaking Havoc
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurity
 
The CPAs Guide to Buying Cyber Insurance
The CPAs Guide to Buying Cyber InsuranceThe CPAs Guide to Buying Cyber Insurance
The CPAs Guide to Buying Cyber Insurance
 
Eamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E Commerce
 
DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014
 
Ccs16
Ccs16Ccs16
Ccs16
 
Our Previous Edition Post event synopsis
Our Previous Edition Post event synopsisOur Previous Edition Post event synopsis
Our Previous Edition Post event synopsis
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
 
Case study on JP Morgan Chase & Co
Case study on JP Morgan Chase & CoCase study on JP Morgan Chase & Co
Case study on JP Morgan Chase & Co
 
A Guide To Cyber Insurance
A Guide To Cyber InsuranceA Guide To Cyber Insurance
A Guide To Cyber Insurance
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant Environments
 
Webinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWebinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking Apps
 
Richmond reprint 20151106
Richmond reprint 20151106Richmond reprint 20151106
Richmond reprint 20151106
 
mbiz122710_bitsec
mbiz122710_bitsecmbiz122710_bitsec
mbiz122710_bitsec
 
Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective
 
CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!
 
Cashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidence
 
Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
 

Viewers also liked

Break it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure softwareBreak it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure softwareLeigh Honeywell
 
Tactical Edge - How Much Security Do You Really Need?
Tactical Edge - How Much Security Do You Really Need?Tactical Edge - How Much Security Do You Really Need?
Tactical Edge - How Much Security Do You Really Need?Wendy Nather
 
RSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud SecurityRSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud SecurityScott Carlson
 
How to Make a Decent PowerPoint
How to Make a Decent PowerPointHow to Make a Decent PowerPoint
How to Make a Decent PowerPointAdam Fowler
 
Distributed Denial Of Service Introduction
Distributed Denial Of Service IntroductionDistributed Denial Of Service Introduction
Distributed Denial Of Service Introductionwremes
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Scott Carlson
 
AusCERT - Mikko Hypponen
AusCERT - Mikko HypponenAusCERT - Mikko Hypponen
AusCERT - Mikko HypponenMikko Hypponen
 
Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Dan Kaminsky
 
The InfoSec Avengers
The InfoSec AvengersThe InfoSec Avengers
The InfoSec AvengersTripwire
 
Security Configuration Management for Dummies
Security Configuration Management for DummiesSecurity Configuration Management for Dummies
Security Configuration Management for DummiesTripwire
 
RDF and other linked data standards — how to make use of big localization data
RDF and other linked data standards — how to make use of big localization dataRDF and other linked data standards — how to make use of big localization data
RDF and other linked data standards — how to make use of big localization dataDave Lewis
 
The RMF: New Emphasis on the Risk Management Framework for Government Organiz...
The RMF: New Emphasis on the Risk Management Framework for Government Organiz...The RMF: New Emphasis on the Risk Management Framework for Government Organiz...
The RMF: New Emphasis on the Risk Management Framework for Government Organiz...Tripwire
 
Data security brian honan
Data security brian honanData security brian honan
Data security brian honanBrian Honan
 
The dark side of the internet
The dark side of the internetThe dark side of the internet
The dark side of the internetBrian Honan
 

Viewers also liked (14)

Break it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure softwareBreak it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure software
 
Tactical Edge - How Much Security Do You Really Need?
Tactical Edge - How Much Security Do You Really Need?Tactical Edge - How Much Security Do You Really Need?
Tactical Edge - How Much Security Do You Really Need?
 
RSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud SecurityRSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud Security
 
How to Make a Decent PowerPoint
How to Make a Decent PowerPointHow to Make a Decent PowerPoint
How to Make a Decent PowerPoint
 
Distributed Denial Of Service Introduction
Distributed Denial Of Service IntroductionDistributed Denial Of Service Introduction
Distributed Denial Of Service Introduction
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?
 
AusCERT - Mikko Hypponen
AusCERT - Mikko HypponenAusCERT - Mikko Hypponen
AusCERT - Mikko Hypponen
 
Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)
 
The InfoSec Avengers
The InfoSec AvengersThe InfoSec Avengers
The InfoSec Avengers
 
Security Configuration Management for Dummies
Security Configuration Management for DummiesSecurity Configuration Management for Dummies
Security Configuration Management for Dummies
 
RDF and other linked data standards — how to make use of big localization data
RDF and other linked data standards — how to make use of big localization dataRDF and other linked data standards — how to make use of big localization data
RDF and other linked data standards — how to make use of big localization data
 
The RMF: New Emphasis on the Risk Management Framework for Government Organiz...
The RMF: New Emphasis on the Risk Management Framework for Government Organiz...The RMF: New Emphasis on the Risk Management Framework for Government Organiz...
The RMF: New Emphasis on the Risk Management Framework for Government Organiz...
 
Data security brian honan
Data security brian honanData security brian honan
Data security brian honan
 
The dark side of the internet
The dark side of the internetThe dark side of the internet
The dark side of the internet
 

Similar to Neira jones pci london january 2013 pdf ready

Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachUlf Mattsson
 
7 Cybersecurity Statistics You Need to Know in 2023.pptx
7 Cybersecurity Statistics You Need to Know in 2023.pptx7 Cybersecurity Statistics You Need to Know in 2023.pptx
7 Cybersecurity Statistics You Need to Know in 2023.pptxIT Company Dubai
 
The Five Biggest Cyber Security Trends In 2022
The Five Biggest Cyber Security Trends In 2022The Five Biggest Cyber Security Trends In 2022
The Five Biggest Cyber Security Trends In 2022Bernard Marr
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilityDFickett
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemBernard Marr
 
Final cyber risk report 24 feb
Final cyber risk report 24 febFinal cyber risk report 24 feb
Final cyber risk report 24 febmharbpavia
 
Top 3 security concerns for enterprises
Top 3 security concerns for enterprisesTop 3 security concerns for enterprises
Top 3 security concerns for enterprisesTaranggg11
 
Cloud Computing: New Approaches for Security
Cloud Computing: New Approaches for SecurityCloud Computing: New Approaches for Security
Cloud Computing: New Approaches for SecurityJohn Rhoton
 
CIR Magazine - Cyber Readiness, key to survival
CIR Magazine - Cyber Readiness, key to survivalCIR Magazine - Cyber Readiness, key to survival
CIR Magazine - Cyber Readiness, key to survivalMorgan Jones
 
Verizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xgVerizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xgCMR WORLD TECH
 
Malware & Data Breaches: Combatting the Biggest Threat
Malware & Data Breaches: Combatting the Biggest ThreatMalware & Data Breaches: Combatting the Biggest Threat
Malware & Data Breaches: Combatting the Biggest ThreatChris Ross
 
Key note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyougKey note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyougUlf Mattsson
 
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdfThe Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdfProtected Harbor
 

Similar to Neira jones pci london january 2013 pdf ready (20)

Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breach
 
7 Cybersecurity Statistics You Need to Know in 2023.pptx
7 Cybersecurity Statistics You Need to Know in 2023.pptx7 Cybersecurity Statistics You Need to Know in 2023.pptx
7 Cybersecurity Statistics You Need to Know in 2023.pptx
 
The Five Biggest Cyber Security Trends In 2022
The Five Biggest Cyber Security Trends In 2022The Five Biggest Cyber Security Trends In 2022
The Five Biggest Cyber Security Trends In 2022
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liability
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data Problem
 
Final cyber risk report 24 feb
Final cyber risk report 24 febFinal cyber risk report 24 feb
Final cyber risk report 24 feb
 
Top 3 security concerns for enterprises
Top 3 security concerns for enterprisesTop 3 security concerns for enterprises
Top 3 security concerns for enterprises
 
Cloud Computing: New Approaches for Security
Cloud Computing: New Approaches for SecurityCloud Computing: New Approaches for Security
Cloud Computing: New Approaches for Security
 
The Future of Cybersecurity
The Future of CybersecurityThe Future of Cybersecurity
The Future of Cybersecurity
 
Emerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyEmerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business Ready
 
CIR Magazine - Cyber Readiness, key to survival
CIR Magazine - Cyber Readiness, key to survivalCIR Magazine - Cyber Readiness, key to survival
CIR Magazine - Cyber Readiness, key to survival
 
PCI COMPLIANCE REPORT
PCI COMPLIANCE REPORTPCI COMPLIANCE REPORT
PCI COMPLIANCE REPORT
 
Verizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xgVerizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xg
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutions
 
Malware & Data Breaches: Combatting the Biggest Threat
Malware & Data Breaches: Combatting the Biggest ThreatMalware & Data Breaches: Combatting the Biggest Threat
Malware & Data Breaches: Combatting the Biggest Threat
 
IE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReportIE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReport
 
Key note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyougKey note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyoug
 
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdfThe Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
 

More from Neira Jones

EPA White Paper - Protecting us from the storm v1-0
EPA White Paper - Protecting us from the storm v1-0EPA White Paper - Protecting us from the storm v1-0
EPA White Paper - Protecting us from the storm v1-0Neira Jones
 
Mobile Money For The Bottom of The Pyramid... Serving the unbanked...
Mobile Money For The Bottom of The Pyramid... Serving the unbanked...Mobile Money For The Bottom of The Pyramid... Serving the unbanked...
Mobile Money For The Bottom of The Pyramid... Serving the unbanked...Neira Jones
 
Accourt press release neira jones joins accourt
Accourt press release neira jones joins accourtAccourt press release neira jones joins accourt
Accourt press release neira jones joins accourtNeira Jones
 
Visa Security Logging Factsheet June 2012
Visa Security Logging Factsheet June 2012Visa Security Logging Factsheet June 2012
Visa Security Logging Factsheet June 2012Neira Jones
 
The Big Picture: Beyond Compliance To Risk Management
The Big Picture: Beyond Compliance To Risk ManagementThe Big Picture: Beyond Compliance To Risk Management
The Big Picture: Beyond Compliance To Risk ManagementNeira Jones
 
EMV US whitepaper Bell ID
EMV US whitepaper Bell IDEMV US whitepaper Bell ID
EMV US whitepaper Bell IDNeira Jones
 
Mobile Practices European Release Final 27 04 11
Mobile Practices European Release Final 27 04 11Mobile Practices European Release Final 27 04 11
Mobile Practices European Release Final 27 04 11Neira Jones
 
Sc World Congress Econference March 2011
Sc World Congress Econference March 2011Sc World Congress Econference March 2011
Sc World Congress Econference March 2011Neira Jones
 
Barclaycard Payment Security Newsletter Jan11
Barclaycard Payment Security Newsletter Jan11Barclaycard Payment Security Newsletter Jan11
Barclaycard Payment Security Newsletter Jan11Neira Jones
 

More from Neira Jones (9)

EPA White Paper - Protecting us from the storm v1-0
EPA White Paper - Protecting us from the storm v1-0EPA White Paper - Protecting us from the storm v1-0
EPA White Paper - Protecting us from the storm v1-0
 
Mobile Money For The Bottom of The Pyramid... Serving the unbanked...
Mobile Money For The Bottom of The Pyramid... Serving the unbanked...Mobile Money For The Bottom of The Pyramid... Serving the unbanked...
Mobile Money For The Bottom of The Pyramid... Serving the unbanked...
 
Accourt press release neira jones joins accourt
Accourt press release neira jones joins accourtAccourt press release neira jones joins accourt
Accourt press release neira jones joins accourt
 
Visa Security Logging Factsheet June 2012
Visa Security Logging Factsheet June 2012Visa Security Logging Factsheet June 2012
Visa Security Logging Factsheet June 2012
 
The Big Picture: Beyond Compliance To Risk Management
The Big Picture: Beyond Compliance To Risk ManagementThe Big Picture: Beyond Compliance To Risk Management
The Big Picture: Beyond Compliance To Risk Management
 
EMV US whitepaper Bell ID
EMV US whitepaper Bell IDEMV US whitepaper Bell ID
EMV US whitepaper Bell ID
 
Mobile Practices European Release Final 27 04 11
Mobile Practices European Release Final 27 04 11Mobile Practices European Release Final 27 04 11
Mobile Practices European Release Final 27 04 11
 
Sc World Congress Econference March 2011
Sc World Congress Econference March 2011Sc World Congress Econference March 2011
Sc World Congress Econference March 2011
 
Barclaycard Payment Security Newsletter Jan11
Barclaycard Payment Security Newsletter Jan11Barclaycard Payment Security Newsletter Jan11
Barclaycard Payment Security Newsletter Jan11
 

Recently uploaded

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 

Recently uploaded (20)

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 

Neira jones pci london january 2013 pdf ready

  • 1. The right focus and the right language... Lessons learned from 2012 and predictions for 2013 PCI London – 24th January 2013 Neira Jones Senior Vice President Cybercrime Centre for Strategic Cyberspace + Security Science Head of Payment Security Barclaycard payment acceptance
  • 2. The harsh reality... 2012 shows we have experienced 36% more data breaches than in 2011. (source datalossdb.org 21st January 2013) payment acceptance PCI London – 24th January 2013 2
  • 3. Payment card information represented 48% of all breaches in 2011, but unlike previous years, it was not a runaway winner. This may allow payment cards to retain the title of “most stolen” but the title of “largest hauls” now belongs to the personal information variety, which includes name, e-mail, national IDs, etc. (95%) Authentication credentials were a close second 42% in the current dataset. Source: Verizon Data Breach Investigation Report 2012 payment acceptance PCI London – 24th January 2013 3
  • 4. It couldn’t possibly happen to me... • 84% of organisations were notified of a breach by external entities (e.g. regulatory, law enforcement, third party or public). • Within those 84%, attackers had an average of 174 days within the victim’s environment before detection occurred. • The number of self-detected compromises decreased by 4% since 2010. • Businesses that self-detected the breaches were able to identify attackers infiltration 43 days on average after the initial compromise; or a quarter of the time that attackers would have had in the previous scenario. Source: Verizon Data Breach Investigation Report 2012 payment acceptance PCI London – 24th January 2013 4
  • 5. What of 2013 then?... Popular perception... payment acceptance PCI London – 24th January 2013 5
  • 6. 2013 Data Breach Predictions... Social Engineering Web Application Exploits (75% probability) Authentication Failures/ Attacks (90% probability) Source: Verizon, December 2012 http://biztech2.in.com/news/security/verizons-data-breach-predictions-for-2013/150402/0 payment acceptance PCI London – 24th January 2013 6
  • 7. payment acceptance PCI London – 24th January 2013 7
  • 8. payment acceptance PCI London – 24th January 2013 8
  • 9. payment acceptance PCI London – 24th January 2013 9
  • 10. What of 2013 then?... An organisation’s service provider could inadvertently increase the likelihood of a breach The reality... by failing to take appropriate actions or taking inappropriate ones. Verizon believe that lost & stolen – and unencrypted - mobile devices will continue to far exceed hacks and malware. They also project that attacks on mobile devices by the criminal world will follow closely the push to mobile payments in the business & consumer world. Targeted attacks from adversaries motivated by espionage & hacktivism will continue to occur, so “it’s critical to be watchful on this front.” Source: Verizon, December 2012 http://biztech2.in.com/news/security/verizons-data-breach-predictions-for-2013/150402/0 payment acceptance PCI London – 24th January 2013 10
  • 11. What of 2013 then?... An organisation’s service provider could inadvertently increase the likelihood of a breach The reality... by failing to take appropriate actions or taking inappropriate ones. Large organisations tend to pride themselves on their security strategy and accompanying plans, but the reality is that a large business is less likely to discover a breach itself than to be notified by law enforcement. “And if you do discover it yourself,” Wade Baker said, “chances are it will be by accident.” He concluded, “Keep in mind that all of these breaches can still be an Verizon believe that for enterprises. However, what we’re saying is that they’re over- issue lost & stolen – and unencrypted - mobile devices will continue to far exceed hacks data and are far less likely to factor hyped according to our historical and malware.into an organisation’s next breach than is commonly thought.” They also project that attacks on mobile devices by the criminal world will follow closely the push to mobile payments in the business & consumer world. Targeted attacks from adversaries motivated by espionage & hacktivism will continue to occur, so “it’s critical to be watchful on this front.” Source: Verizon, December 2012 http://biztech2.in.com/news/security/verizons-data-breach-predictions-for-2013/150402/0 payment acceptance PCI London – 24th January 2013 11
  • 12. Data breaches have become a statistical certainty and third party breaches continue to increase... Information security is no longer just about deploying controls... Effective incident response is a priority... Social media usage has exacerbated exposure... Cloud computing demand has increased risk... Mobile/alternative payments have generated friction between Marketing & IT... Regulations have become tougher... payment acceptance PCI London – 24th January 2013 12
  • 13. Source: Symantec, Cost of a Data Breach Study, United Kingdom, March 2012 payment acceptance PCI London – 24th January 2013 13
  • 14. For the first time in years, this 8% decline suggests that organisations represented in this study have improved their performance in both preparing for and responding to a data breach. As the findings reveal, fewer records are being lost in these breaches and there is less customer churn. Source: Symantec, Cost of a Data Breach Study, United Kingdom, March 2012 payment acceptance PCI London – 24th January 2013 14
  • 15. Organisational factors... Factors reducing the cost of a data breach • Having a CISO with overall responsibility for enterprise data protection can reduce the average cost of a data breach by as much as £18 per compromised record. • Containing the size of the breach and improving responsiveness can result in lower organisational costs by £7 per compromised record. • Outside consultants assisting with the breach response can save as much as £11 per record. Factors increasing the cost of a data breach • Data breaches caused by third parties can increase the overall cost by £9 per compromised record. • Data breaches resulting from lost/stolen devices can increase the overall cost by £6 per compromised record. Source: Symantec, Cost of a Data Breach Study, United Kingdom, March 2012 payment acceptance PCI London – 24th January 2013 15
  • 16. What does this mean for the CIO?... payment acceptance PCI London – 24th January 2013 16
  • 17. Arise, Sir Lancelot.... The CIO is going through a metamorphosis... Legal Expertise Corporate Finance MC Escher “Metamorphosis” Enterprise Data Management Partner/ IT Vendor Management IT Project Management IT Security & Compliance Source: www.searchcio.techtarget.com “Six ways the CIO job description is changing” November 2012 payment acceptance PCI London – 24th January 2013 17
  • 18. payment acceptance PCI London – 24th January 2013 18
  • 19. 23rd February 2013: the European Commission will propose a new obligation for security breach notifications for the energy, transport, banking and financial sectors,” said an official working at the Commission's digital agenda department. It also confirmed plans to extend security breach notifications to new industries, other than telecommunication companies and internet firms which in Europe are already subject to reporting obligations. payment acceptance PCI London – 24th January 2013 19
  • 20. What does this mean for the CISO?... payment acceptance PCI London – 24th January 2013 20
  • 21. Multi-perspective & multi-disciplinary... Incident Preparedness Speaking The Language Continuous Monitoring Human Risks MC Escher “Convexe & Concave” Third Party Risk Management Using GRC To Improve Business & IT Processes Getting Quantitative (Measure Performance) Source: darkREADING, November 2012, 7 Risk Management Priorities For 2013 payment acceptance PCI London – 24th January 2013 21
  • 22. Global Mobile Device Management (MDM) Enterprise Software market forecast to grow at a CAGR of 7.8% over the period 2010- 2014. One of the key factors contributing to this market growth is the increasing need for enhanced mobile communication security. The global mobile security market, projected to have reached $1.6 billion in 2012, is expected to continue its growth spike in 2013, according to a Visiongain report. payment acceptance PCI London – 24th January 2013 22
  • 23. Mobile and social... • As social media usage explodes, what are the risks?... • As mobile device pervasiveness increases, so will the attacks... • As mobile payment acceptance emerges, what are the security implications?... • The monetisation of social networks introduces new risks... • Social mobile payments?... • F-commerce • Shoppable videos • Pinterest... payment acceptance PCI London – 24th January 2013 23
  • 24. payment acceptance PCI London – 24th January 2013 24
  • 25. Count down 2013... Mobile • mobile device attacks • BYOD • Mobile Device Management • Mobile Payments • Social Mobile Payments MC Escher “Crystal Ball” • Mobile Payment Acceptance • etc. payment acceptance PCI London – 24th January 2013 25
  • 26. Count down 2013... Social Media • Social Media Risk • Social Media Engagement • Social Media Servicing • Marketing drive • Finance pressure • Alternative payments • Monetisation of social networks • Social Engineering MC Escher “Crystal Ball” • New social platforms • etc. payment acceptance PCI London – 24th January 2013 26
  • 27. Count down 2013... Laws & Regulations • EU Data Protection Laws • Disclosure Laws • PCI DSS • All Privacy Laws • Cloud implications • Legal Counsel MC Escher “Crystal Ball” • Etc. payment acceptance PCI London – 24th January 2013 27
  • 28. Count down 2013... MC Escher “Crystal Ball” payment acceptance PCI London – 24th January 2013 28
  • 29. Count down 2013... MC Escher “Crystal Ball” payment acceptance PCI London – 24th January 2013 29
  • 30. Count down 2013... Incident Response • 84% of organisations were notified of a breach by external entities. • Containing the size of the breach and improving responsiveness can result in lower organisational costs by MC Escher “Crystal Ball” £7 per compromised record. • etc. payment acceptance PCI London – 24th January 2013 30
  • 31. Count down 2013... Enterprise GRC • Laws/ Regulations tracking • Enterprise Asset Management • Security & Compliance • Automation • Economies of scale • Process efficiencies • Continuous monitoring • Performance measurement MC Escher “Crystal Ball” • Finance KPIs • New social platforms • etc. payment acceptance PCI London – 24th January 2013 31
  • 32. Count down 2013... Third Parties • Cloud security • Big data • Merchant agents • Card scheme mandates • Data breaches caused by third parties can increase the overall cost by £9 per compromised record. MC Escher “Crystal Ball” • etc. payment acceptance PCI London – 24th January 2013 32
  • 33. Count down 2013... Authentication • Credentials breaches • Authentication failures • Multi-factor authentication • Identity & Access Management • Behavioural analysis • Fraud management MC Escher “Crystal Ball” • etc. payment acceptance PCI London – 24th January 2013 33
  • 34. Count down 2013... Awareness & Education • Having a CISO with overall responsibility for enterprise data protection can reduce the average cost of a data breach by as much as £18 per compromised record. • Speaking the language (finance, law, marketing, business development, etc.) • Human risks • Data breaches resulting from lost/stolen devices can increase the overall cost by £6 per compromised record. • 36% breaches were due to negligence. MC Escher “Crystal Ball” • Social engineering. • etc. payment acceptance PCI London – 24th January 2013 34
  • 35. Count down 2013... Risk Management • Corporate finance • Regulations • Existing risks • Emerging risks • Emerging technologies • Business growth • And everything else to deploy an MC Escher “Crystal Ball” effective and convergent business framework... • etc. payment acceptance PCI London – 24th January 2013 35
  • 36. Count down 2013... Mobile Social Media Law/ Regulation Incident Response Governance, Risk & Compliance Third Parties Authentication MC Escher “Crystal Ball” Awareness & Education Risk Management payment acceptance PCI London – 24th January 2013 36
  • 37. And don’t take my word for it... payment acceptance PCI London – 24th January 2013 37
  • 38. payment acceptance PCI London – 24th January 2013 38
  • 39. The John Lewis Partnership is proud to have been one of the first companies to join the Barclaycard Risk reduction programme as we take information security extremely seriously and for all our Partners reputational risk is paramount. The single most advantageous thing when we transitioned across to the BRRP was the desire of all parties (Barclaycard, IRM our QSA and the Partnership as a whole) to bring judgement into play rather than just ticking boxes for ticking boxes sake. The end result is that we have a clear agreed remediation path which is fully endorsed by the executive board and which can show real return on investment for the Partnership, on-going security maturity for Barclaycard and a reduction in our security risk profile. I would encourage any company to fully explore the benefits of the BRRP and the risk based approach as a whole. Ben Farrell, Head of Operational Risk Management John Lewis Partnership The Barclaycard Risk Reduction Programme is very applicable to the aggressive growth of Paddy Power. The BRRP process allows Paddy Power to reduce and control risk levels in an appropriate manner that also aligns with company growth and objectives. With this in mind we feel that this programme will result in Paddy Power becoming fully compliant with PCI DSS. Moreover, IT security and operational BAUs will ensure that PCI is permanently retained. Stephen Breen, IT Security Manager Paddy Power The Barclaycard Risk Reduction Programme enabled TfL to conduct a standalone review of PCI-DSS risk across the organisation and identify the areas where both additional and less input were required. The structure of the programme makes it possible for TfL to work more closely with Barclaycard and to track business areas through to compliance. Nigel Tate, Treasury Manager Transport for London payment acceptance PCI London – 24th January 2013 39
  • 40. Join our LinkedIn Group... payment acceptance PCI London – 24th January 2013 40
  • 41. Know your risk, educate, select the right partners, fix the basics first and be prepared… Neira Jones neira.jones@barclaycard.co.uk http://uk.linkedin.com/pub/neira-jones/0/7a5/140 @neirajones neirajones.blogspot.co.uk http://pinterest.com/neirajones/ https://plus.google.com/110320990111565528559?prsrc=2 payment acceptance PCI London – 24th January 2013 41