anx risk assessment tips webinar

Report

Post on 24-Jan-2015

882 Views

Category:

Economy & Finance

0 Downloads

Preview:

Click to see full reader

DESCRIPTION

PCI DSS Requirement 12.1.2 emphasizes a need for a formal risk assessment methodology. Utilizing a risk assessment within your organization can be very helpful when determining whether to implement new technologies or determining the next steps in your on-going security process. A “set it and forget it” mentality is one of the biggest myths when it comes to Payment Card Industry Data Security Standard (PCI DSS) compliance. A recent study showed that only 37% of companies in 2010 regularly test their security systems and processes. Unfortunately, this mindset creates the vulnerability that hackers seek out. A January 2012 report revealed: • Only 21% of companies were PCI Compliant at their initial risk assessment • Companies met an average of 78% test procedures This webinar will cover the process of implementing a Risk Assessment for your business and regularly capitalizing on the findings to create a secure environment and achieving PCI compliance. Learn how to take the first step in becoming PCI DSS compliant by eliminating the gaps in your company’s security that cyber criminals seek out.

TRANSCRIPT

Using a Risk Assessment

to become PCI Compliant

.com

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

Logistics

All lines are in listen-only mode. We will answer questions at the end of the event. But feel free to ask questions at any time. A link to the webinar recording will be e-mailed shortly after the event, and it will be available on-demand at: www.anx.com

Every attendee receives a $5 Starbucks Gift Card

One attendee will receive a $50 Amazon.com Gift Certificate

All series attendees will be Entered to win a Kindle Fire

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

THE THREE PILLARS OF PCI

Presenter

Mark A. Wayne Executive Vice President

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

PCI DSS Requirements – the Digital Dozen

1. Install and maintain a firewall configuration to protect data.

2. Do not use vendor-supplied defaults for system passwords and other security parameters

3. Protect Stored Data

4. Encrypt transmission of cardholder data and sensitive information across public networks

5. Use and regularly update anti-virus software

6. Develop and maintain secure systems and applications

7. Restrict access to data by business need-to-know

8. Assign a unique ID to each person with computer access

9. Restrict physical access to cardholder data

10. Track and monitor all access to network resources and cardholder data

11. Regularly test security systems and processes

12. Maintain a policy that address information security

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

PCI DSS Requirements

1. Install and maintain a firewall configuration to protect data.

2. Do not use vendor-supplied defaults for system passwords and other security parameters

3. Protect Stored Data

4. Encrypt transmission of cardholder data and sensitive information across public networks

5. Use and regularly update anti-virus software

6. Develop and maintain secure systems and applications

7. Restrict access to data by business need-to-know

8. Assign a unique ID to each person with computer access

9. Restrict physical access to cardholder data

10. Track and monitor all access to network resources and cardholder data

11. Regularly test security systems and processes

12. Maintain a policy that address information security

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

12. Maintain a policy that address information security

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

12. Maintain a policy that address information security

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

12. Maintain a policy that address information security

12.1.2 Establish, publish, maintain, and disseminate a security policy that includes an annual process that identifies threats and vulnerabilities, and results in a formal risk assessment

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

12. Maintain a policy that address information security

12.1.2 Establish, publish, maintain, and disseminate a security policy that includes an annual process that identifies threats and vulnerabilities, and results in a formal risk assessment

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

Definition

Risk As•sess•ment [risk uh-ses-muhnt] 1. Define the Environment

2. Identify Threats

3. Identify Vulnerabilities

4. Evaluate and Address Risk

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

Two Parts

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

Two Parts

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

Why is a Risk

Assessment

important

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

Steps of a Risk Assessment

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

Steps of a Risk Assessment

Define the Environment

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

Steps of a Risk Assessment

Define the Environment

Identify Threats

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

Steps of a Risk Assessment

Define the Environment

Identify Threats

Identify Vulnerabilities

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

Steps of a Risk Assessment

Define the Environment

Identify Threats

Identify Vulnerabilities

Evaluate and Address Risk

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

19

Level 4 Merchants the Target of Choice

RISK

LEVEL

Level 4

90%

Level 1-3

10%

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

PCI DSS Requirements

1. Install and maintain a firewall configuration to protect data.

2. Do not use vendor-supplied defaults for system passwords and other security parameters

3. Protect Stored Data

4. Encrypt transmission of cardholder data and sensitive information across public networks

5. Use and regularly update anti-virus software

6. Develop and maintain secure systems and applications

7. Restrict access to data by business need-to-know

8. Assign a unique ID to each person with computer access

9. Restrict physical access to cardholder data

10. Track and monitor all access to network resources and cardholder data

11. Regularly test security systems and processes

12. Maintain a policy that address information security

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

PCI DSS Requirements

1. Install and maintain a firewall configuration to protect data.

2. Do not use vendor-supplied defaults for system passwords and other security parameters

3. Protect Stored Data

4. Encrypt transmission of cardholder data and sensitive information across public networks

5. Use and regularly update anti-virus software

6. Develop and maintain secure systems and applications

7. Restrict access to data by business need-to-know

8. Assign a unique ID to each person with computer access

9. Restrict physical access to cardholder data

10. Track and monitor all access to network resources and cardholder data

11. Regularly test security systems and processes

12. Maintain a policy that address information security

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

PCI DSS Requirements

1. Install and maintain a firewall configuration to protect data.

2. Do not use vendor-supplied defaults for system passwords and other security parameters

3. Protect Stored Data

4. Encrypt transmission of cardholder data and sensitive information across public networks

5. Use and regularly update anti-virus software

6. Develop and maintain secure systems and applications

7. Restrict access to data by business need-to-know

8. Assign a unique ID to each person with computer access

9. Restrict physical access to cardholder data

10. Track and monitor all access to network resources and cardholder data

11. Regularly test security systems and processes

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

PCI DSS Requirements

1. Install and maintain a firewall configuration to protect data.

2. Do not use vendor-supplied defaults for system passwords and other security parameters

3. Protect Stored Data

4. Encrypt transmission of cardholder data and sensitive information across public networks

5. Use and regularly update anti-virus software

6. Develop and maintain secure systems and applications

7. Restrict access to data by business need-to-know

8. Assign a unique ID to each person with computer access

9. Restrict physical access to cardholder data

10. Track and monitor all access to network resources and cardholder data

11. Regularly test security systems and processes

12. Maintain a policy that address information security

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

PCI DSS Requirements

12. Maintain a policy that address information security

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

How do I conduct

a Risk Assessment

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

REQUIREMENTS

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

Identify and track regulations

Create of organized framework

Develop policies

Perform assessments

Prioritize deficiencies

Manage remediation activity

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

What can

ANX do for me

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

30

.com

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

31

.com

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

32

.com

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

33

.com

Identify and track regulations

Create of organized framework

Develop policies

Perform assessments

Prioritize deficiencies

Manage remediation activity

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

34

.com

Managed

Security

Data Breach Protection

PCI Support Remote Access

One Affordable Monthly Charge

CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.

Using a Risk Assessment to become PCI Compliant

35

.com

E-mail us at waynem@anx.com

Call us 248-447-4050

Or visit us at www.facebook.com/anxebusiness

anx

Drawing and Questions

top related

heslp applications tips webinar oct. 2014
Education
4 tips to make your brand more consistent | webinar...
Documents
cyber security lockdown tips webinar
Technology
two-step verification on anx
Technology
anx edi webinar slides - enabling trading partners
Business
anx b specification dovra-2-2013
Documents
tips and tricks for photography webinar
Technology
webinar download: darian's top 6 fundraising tips
Technology
webinar swfitpage tips tricks
Documents
webinar design tips for facilitators and presenters
Education
social media tips with nasa webinar
Education
portfolio - ttu · 2020. 1. 13. · portfolio. time...
Documents
top facebook tips webinar
Social Media
proven tips for citizenship and pshe webinar
Education
disaster recovery planning tips for smbs webinar
Technology
act anx and dep
Documents
tips for the webinar - training industry · tips for the...
Documents
webinar: 'tips and tricks' for biopharmaceutical...
Documents
successful selling tips for introverted authors webinar
Documents
zoom webinar tips and notes
Documents