Benvenuto in Scribd!

Salta carosello

PCI Presentation by Carl Terrantroy

Caricato da

Carl Terrantroy

Il 0% ha trovato utile questo documento (0 voti)

298 visualizzazioni23 pagine

This presentation covers the 12 PCI requirements and how the relate to real day to day challenges within IT.

Copyright

Formati disponibili

PPT, PDF o leggi online da Scribd

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Segnala questo documento

This presentation covers the 12 PCI requirements and how the relate to real day to day challenges within IT.

Copyright:

Formati disponibili

Scarica in formato PPT, PDF o leggi online su Scribd

Segnala contenuti inappropriati

Il 0% ha trovato utile questo documento (0 voti)

298 visualizzazioni23 pagine

PCI Presentation by Carl Terrantroy

Caricato da

Carl Terrantroy

This presentation covers the 12 PCI requirements and how the relate to real day to day challenges within IT.

Copyright:

Formati disponibili

Scarica in formato PPT, PDF o leggi online su Scribd

Segnala contenuti inappropriati

Salta alla pagina

Sei sulla pagina 1di 23

Cerca all'interno del documento

<Insert Picture Here>

Security Payment Card Industry (PCI) Compliance

Carl Terrantroy
Directory Technology GTMi’s ANZ
Oracle PCI Review

1
3 Guiding Principles

2
12 PCI Requirements

3
Action plan
Access Control
Provides merchants with a single source
for valid user identification.
External

Internal
SOA Apps Customers Partners IT Staff Employees SOA Apps

Access Identity
Auditing Management Administration Monitoring
and and
Reporting Directory Identity Management
Services Provisioning

Applications Systems & Repositories

SCM ERP CRM OS (Unix) HR Mainframe NOS/Directories

Data Privacy Control

Protect data
at all levels:
Network,
Decryption Encryption
application
database and
storage.
Encrypted
Data on
Backup Media
Compliance Control
Automation and enforcement of access
policies, software maintenance and
business process’s

Gather Model Reconcile Enforce Audit

Recipient Policy

Recipient Policy
12 PCI Requirements

Discuss
Oracle Solution
Requirements
Footprint
Detail

Why its important to

= address these
requirements
Requirement 1

Install and maintain aEnterprise

firewall Manager
Audit Vault
configuration to protect cardholder data

Monitor software version

= Centralise log files
Requirement 2

Do not use vendor

Enterprise Manager
supplied defaults
Data Vault
for passwords

Provides checks
= Password management
Requirement 3

Protect stored TDE

cardholder ASO
data Secure Backup

In session

= At rest on disk
On tape backups
Requirement 4

Application
Encrypt transmission of cardholderServer
data
TDE
across open public networks

Wireless security
= Data in motion protection
Requirement 5

Maintain a GRC Manager

vulnerability Partner
program

ITIL / Cobit alignment

= Services
Requirement 6

Develop and maint. Enterprise Manager

secure systems Change Management
and applications Application Manager

Automate patching

= Evaluate DB changes
Monitor applications
Requirement 7

Restrict access to Label Security

Cardholder data by Access Manager
need to know eSSO

Protect Data Source

= Automate manual process

Desktop Single Sign On
Requirement 8

Assign a unique id Access Manager

to each person Identity Manager
with access EUS

Consistent access

= Automate on / off boarding

Cetralised access
Requirement 9

Restrict physical Identity Manager

access to card Data Vault
holder data Adaptive Access

Logical = physical access

= Harden credentials
Continuous monitoring
Requirement 10

Track and monitor Access Manager

all access to Identity Manager
resources and data Audit Vault

Application access

= Verify and test access policy

Secure audit data
Requirement 11

Regularly test Control Manager

security systems Identity Manager
and processes Enterprise Manager

Test Internal Controls

= Attestation
Secure audit data
Requirement 12

Maintain a policy that addresses

information security

= Partner services
PCI Suite
1 2 3 4 5 6 7 8 9 10 11
Identity Manager
   
IDM
Access Manager   
eSSO 
Suite
Virtual Directory 
Adaptive Access 
Data Vault
DB
Audit Vault 




Security
ASO   
Secure Backup 
Options
Enterprise Manager   
Summary

#1 Encryption

#2 User access

Foundation for GRC V2.0

Next Steps
1
Schedule Security PCI Review
2
Prioritize and define the remediation
plan for solution
– What’s the greatest risk
– Gains vs. effort
– Re use for other projects

3
Feedback Forms
Q&
A

Potrebbero piacerti anche

CISSP Fast Track Master: CISSP Essentials for Exam Success - Exam Cram Notes: 1st Edition - 2024
Da Everand
CISSP Fast Track Master: CISSP Essentials for Exam Success - Exam Cram Notes: 1st Edition - 2024
VERSAtile Reads
Nessuna valutazione finora
DS SecureSphere PCI
Documento7 pagine
DS SecureSphere PCI
Yeruel Birku
Nessuna valutazione finora
Mastering System Center Configuration Manager
Da Everand
Mastering System Center Configuration Manager
Vangel Krstevski
Nessuna valutazione finora
4pt0308 2
Documento47 pagine
4pt0308 2
sa9317982
Nessuna valutazione finora
Teradata InfoSec Slides Defense in Depth Best Practices Pres December 2011 - FINAL
Documento134 pagine
Teradata InfoSec Slides Defense in Depth Best Practices Pres December 2011 - FINAL
Miguel Chia
Nessuna valutazione finora
Chapter 16 IT Controls Part II Security and Access
Documento41 pagine
Chapter 16 IT Controls Part II Security and Access
Gazelem Zeryne Agoot
Nessuna valutazione finora
1.1 - Introduction and Technical Overview - Presentation
Documento27 pagine
1.1 - Introduction and Technical Overview - Presentation
Mohannad Dawoud
Nessuna valutazione finora
Oracle Security Solutions: Carl Terrantroy Director Technology Initiatives ANZ
Documento59 pagine
Oracle Security Solutions: Carl Terrantroy Director Technology Initiatives ANZ
Carl Terrantroy
Nessuna valutazione finora
Clinical Data Management Best Practices
Documento5 pagine
Clinical Data Management Best Practices
mail4syed
Nessuna valutazione finora
PCI DSS ComplianceWithout The Headache
Documento10 pagine
PCI DSS ComplianceWithout The Headache
Ahmed A
100% (1)
Alestra Maipark 2017 Old
Documento25 pagine
Alestra Maipark 2017 Old
endahnuftapia
Nessuna valutazione finora
Ensuring Database Compliance With Real-Time Database Monitoring, Security & Auditing
Documento39 pagine
Ensuring Database Compliance With Real-Time Database Monitoring, Security & Auditing
mohitsport
Nessuna valutazione finora
02 - AFA - PPT - Unit 5
Documento38 pagine
02 - AFA - PPT - Unit 5
tfknr
Nessuna valutazione finora
Group 6-Log Management & Review Policy
Documento43 pagine
Group 6-Log Management & Review Policy
Gattu Giridhar
Nessuna valutazione finora
CISA Exam Prep Domain 4 - 2019
Documento148 pagine
CISA Exam Prep Domain 4 - 2019
poornima24
Nessuna valutazione finora
PCI Slides Merged
Documento161 pagine
PCI Slides Merged
Chan espina
Nessuna valutazione finora
PCI Slides
Documento97 pagine
PCI Slides
Jorge L. Merchán
100% (1)
DLP
Documento30 pagine
DLP
Harish Jain
Nessuna valutazione finora
Symantec Privileged Access Management: Product Brief
Documento3 pagine
Symantec Privileged Access Management: Product Brief
Ko Ko Aung
Nessuna valutazione finora
Whitepaper - Vormetric Data Security Platform
Documento8 pagine
Whitepaper - Vormetric Data Security Platform
gastonpantana
Nessuna valutazione finora
Desktop Central It Admin
Documento22 pagine
Desktop Central It Admin
support lantai5
Nessuna valutazione finora
Achieving PCI DSS Compliance With Thales Data Protection White Paper
Documento21 pagine
Achieving PCI DSS Compliance With Thales Data Protection White Paper
Minh Quang Intercom Vietnam
Nessuna valutazione finora
Oracle Database Security Solutions
Documento43 pagine
Oracle Database Security Solutions
myfriend2me
Nessuna valutazione finora
2022 Qatar CSF Mapping Guide - ID
Documento27 pagine
2022 Qatar CSF Mapping Guide - ID
Ajmul India
Nessuna valutazione finora
Sailpoint Predictive Identity Platform
Documento30 pagine
Sailpoint Predictive Identity Platform
Puja Devkan
Nessuna valutazione finora
Miller Auditing
Documento52 pagine
Miller Auditing
Syed Nouman
Nessuna valutazione finora
PCI DSS-Payment Card Industry Data Security Standard: Alfredo Valenza Master Principal Sales Consultant - Oracle Italia
Documento43 pagine
PCI DSS-Payment Card Industry Data Security Standard: Alfredo Valenza Master Principal Sales Consultant - Oracle Italia
AhmedAliyev
Nessuna valutazione finora
Copie de CIS-RAM-Workbook-Version-1.0.a-cc
Documento543 pagine
Copie de CIS-RAM-Workbook-Version-1.0.a-cc
Razik Haddad
Nessuna valutazione finora
Data Encryption 101: A Pragmatic Approach To PCI Compliance: Securosis, L.L.C. 1
Documento13 pagine
Data Encryption 101: A Pragmatic Approach To PCI Compliance: Securosis, L.L.C. 1
Ramón Antonio Parada
Nessuna valutazione finora
Session 9-10 PDF
Documento26 pagine
Session 9-10 PDF
rajesh shekar
Nessuna valutazione finora
Comparison of PCI DSS and ISO IEC 27001 Standards Joa Eng 0116
Documento5 pagine
Comparison of PCI DSS and ISO IEC 27001 Standards Joa Eng 0116
penumudi233
Nessuna valutazione finora
MDM MSP Presentation
Documento25 pagine
MDM MSP Presentation
aforabad
Nessuna valutazione finora
BeyondTrust Password Safe External Presentation
Documento32 pagine
BeyondTrust Password Safe External Presentation
Anonymous H5wWCh
Nessuna valutazione finora
PCI DSS Policies and Procedures
Documento38 pagine
PCI DSS Policies and Procedures
justforfun2009
Nessuna valutazione finora
Exploring Identity and Access Solutions
Documento28 pagine
Exploring Identity and Access Solutions
Feijao Rb
Nessuna valutazione finora
Compliance, Data and Identity Protection
Documento48 pagine
Compliance, Data and Identity Protection
Ecaterina Stan
100% (1)
1 PT 250308
Documento29 pagine
1 PT 250308
sa9317982
Nessuna valutazione finora
7 IAM Must-Haves To Reduce Your Cyber Insurance Premium
Documento40 pagine
7 IAM Must-Haves To Reduce Your Cyber Insurance Premium
Jayavignesh Zoho
Nessuna valutazione finora
CIS RAM Workbook Version CC
Documento551 pagine
CIS RAM Workbook Version CC
Ignacio Lanseros
Nessuna valutazione finora
Viva IT Exposure
Documento12 pagine
Viva IT Exposure
mgt2019007
Nessuna valutazione finora
PCI-DSS and Crypto Key Management:: White Paper
Documento10 pagine
PCI-DSS and Crypto Key Management:: White Paper
Pramav
Nessuna valutazione finora
Desktop Central It MGR
Documento12 pagine
Desktop Central It MGR
indabhar
Nessuna valutazione finora
Brochure Operational Intelligence
Documento6 pagine
Brochure Operational Intelligence
Cristian Gonzalo Mansilla
Nessuna valutazione finora
ISMS Awareness Training - v2.6
Documento26 pagine
ISMS Awareness Training - v2.6
Naveenchdr
0% (1)
Add Structure and Credibility To Your Security Portfolio With CIS Controls v8 Cybersecurity Framework
Documento55 pagine
Add Structure and Credibility To Your Security Portfolio With CIS Controls v8 Cybersecurity Framework
Lâm Hữu Tiến
Nessuna valutazione finora
CIS Controls v8 Mapping To PCI v3.2.1 Final 08-19-2021
Documento113 pagine
CIS Controls v8 Mapping To PCI v3.2.1 Final 08-19-2021
Ramon Alvarez
Nessuna valutazione finora
Information Systems Audit Report: Presented by - Sanjiv Arora, Cisa, Cism, Cgeit
Documento15 pagine
Information Systems Audit Report: Presented by - Sanjiv Arora, Cisa, Cism, Cgeit
delhi guy
Nessuna valutazione finora
Azure Key Vault and Automated Deployment
Documento37 pagine
Azure Key Vault and Automated Deployment
gkathiravan
Nessuna valutazione finora
PPPP Presentation
Documento14 pagine
PPPP Presentation
Harsha K
Nessuna valutazione finora
Chapter 1 Information Security Governance Final
Documento84 pagine
Chapter 1 Information Security Governance Final
dgeeklord
Nessuna valutazione finora
Building Security Operation Center
Documento37 pagine
Building Security Operation Center
Muhdir Hisyam Abdul Karim
100% (1)
Pci-Dss 4.0
Documento13 pagine
Pci-Dss 4.0
phiphibk5
Nessuna valutazione finora
Check Point Identity Awareness Datasheet
Documento3 pagine
Check Point Identity Awareness Datasheet
Alejandro Flores
Nessuna valutazione finora
Channel Cast
Documento29 pagine
Channel Cast
nicolepetrescu
Nessuna valutazione finora
79 Guide To Cybersecurity Framework - Become Cyber Resilient
Documento16 pagine
79 Guide To Cybersecurity Framework - Become Cyber Resilient
botnet.inbox
Nessuna valutazione finora
Enhanced Security Admin Environment Solution Datasheet (En)
Documento2 pagine
Enhanced Security Admin Environment Solution Datasheet (En)
Mohammed Mojo
Nessuna valutazione finora
Module 01 - Summary of IT Security Compliance Solutions
Documento8 pagine
Module 01 - Summary of IT Security Compliance Solutions
Kenyan youth
Nessuna valutazione finora
Lecture 4 - Cloud Security
Documento20 pagine
Lecture 4 - Cloud Security
mba20238
Nessuna valutazione finora
CC-DBMS Security080305
Documento4 pagine
CC-DBMS Security080305
Mohamed Hassan Mohamed 171-15-9224
Nessuna valutazione finora
Information Technology: Aso U İ
Documento25 pagine
Information Technology: Aso U İ
Hikmət Şıxəliyev
Nessuna valutazione finora
Perth Case Study
Documento39 pagine
Perth Case Study
Carl Terrantroy
Nessuna valutazione finora
Business Driven Automation
Documento8 pagine
Business Driven Automation
Carl Terrantroy
Nessuna valutazione finora
Your Path To Cloud Computing: Carl Terrantroy Senior Director National Business Units
Documento30 pagine
Your Path To Cloud Computing: Carl Terrantroy Senior Director National Business Units
Carl Terrantroy
Nessuna valutazione finora
Mel Case Study
Documento26 pagine
Mel Case Study
Carl Terrantroy
Nessuna valutazione finora
Cent Report HSF Presentation - PDF Version
Documento7 pagine
Cent Report HSF Presentation - PDF Version
Carl Terrantroy
Nessuna valutazione finora
Best Practices in Budgeting and Forecasting: Oracle Thought Leaders Series September 2008
Documento15 pagine
Best Practices in Budgeting and Forecasting: Oracle Thought Leaders Series September 2008
Carl Terrantroy
100% (1)
Brisbane Case Study
Documento33 pagine
Brisbane Case Study
Carl Terrantroy
Nessuna valutazione finora
DTT RBAC Presentation 20080724
Documento41 pagine
DTT RBAC Presentation 20080724
Carl Terrantroy
100% (4)
Oracle Security Solutions: Carl Terrantroy Director Technology Initiatives ANZ
Documento59 pagine
Oracle Security Solutions: Carl Terrantroy Director Technology Initiatives ANZ
Carl Terrantroy
Nessuna valutazione finora
Sydney Case Study
Documento19 pagine
Sydney Case Study
Carl Terrantroy
Nessuna valutazione finora
Data Security: Tech Summit 08 Carl Terrantroy Directory Gtmi Technology Anz
Documento6 pagine
Data Security: Tech Summit 08 Carl Terrantroy Directory Gtmi Technology Anz
Carl Terrantroy
Nessuna valutazione finora
Window of Opportunity - PCI DSS Briefing External
Documento7 pagine
Window of Opportunity - PCI DSS Briefing External
Carl Terrantroy
Nessuna valutazione finora
PCI Marketing Event MEL SYD BRIS
Documento24 pagine
PCI Marketing Event MEL SYD BRIS
Carl Terrantroy
Nessuna valutazione finora
Lowering The Cost of Data Center Management
Documento45 pagine
Lowering The Cost of Data Center Management
Carl Terrantroy
Nessuna valutazione finora
Oracle Role Management Business Level
Documento16 pagine
Oracle Role Management Business Level
Carl Terrantroy
100% (1)
How Oracle Saved A Billion Dollars - The IT Story
Documento44 pagine
How Oracle Saved A Billion Dollars - The IT Story
Carl Terrantroy
100% (1)
Oracle Security Solutions: Carl Terrantroy Director Technology Initiatives ANZ
Documento59 pagine
Oracle Security Solutions: Carl Terrantroy Director Technology Initiatives ANZ
Carl Terrantroy
Nessuna valutazione finora
Session 3 Enabling and Securing WEB 2 0 Applications by Antony Krilis - Agreon
Documento27 pagine
Session 3 Enabling and Securing WEB 2 0 Applications by Antony Krilis - Agreon
Carl Terrantroy
Nessuna valutazione finora
Session 4 Content Management For WEB 2 0 by Phil Hoppe - Astral
Documento56 pagine
Session 4 Content Management For WEB 2 0 by Phil Hoppe - Astral
Carl Terrantroy
Nessuna valutazione finora
Session 1 Oracle Portal Usability and Accessibility For WEB 2 0 Applications by Allan Jansen - UberConsult
Documento21 pagine
Session 1 Oracle Portal Usability and Accessibility For WEB 2 0 Applications by Allan Jansen - UberConsult
Carl Terrantroy
100% (1)