pci breach scenarios and the cyber threat landscape with brian honan
Post on 15-Jul-2015
350 Views
Preview:
TRANSCRIPT
3
2
1
“Total Global Impact of CyberCrime US $3 Trillion, making it more profitable
than the global trade in marijuana, cocaine and heroin combined.”-Europol Serious & Organised Threat Assessment 2013
IT security is no longer a trivial issue and is now becoming
part of a company’s boardroom discussion
PCI DSS 3.0
How Secure Is Your Cardholder Data?
How To Protect
Identify & Value Key Assets
Recommendation: Have meetings with Application Developers, Networking and Security
teams to understand and document current state and communicate expectations. Use
some type of discovery tool to aid your inventory work.
Recommendation: Vulnerability scanning, and security configuration assessments can validate mitigations. Tripwire’s solutions produce audit-ready reporting, including a special PCI 3.0 Reporting Pak we have available to our Log Center customers.
Recommendation: Centrally manage (discover, monitor, report,
log) on your wireless infrastructure to get visibility early
for PCI (ASV)
Monitor & Respond
Recommendation: Work across development and IT operations to clearly define
access rights based on consistent roles and business purpose. Divide the work
into business units for clearer ownership as well as executive support.
Ponemenon Risk-Based
Security - Only 34% of the
retail sector measure the
reduction in access and
authentication violations to
assess risk management efforts
Verizon’s 2014 PCI
Compliance Report shows that
64.4% of accounts with access
to cardholder data failed to
restrict access to just one user
— limiting traceability and
increasing security risk.
Security Awareness Training
95% of Breaches Were Due to “Human Error”- IBM
90% of Malware Requires Human Interaction- Symantec
100% of Successful Attacks Compromised The Human- Mandiant
64% of Orgs See Security Awareness As a Challenge- E&Y 2010
3 times as many breaches are caused by accidental insider activity than malicious intent
- Open Security Foundation
The Human Element
How Secure Is Your Provider?
Business Context – connect your
security efforts to what matters
to your business
Security Automation – apply
intelligence and drive automation
for more effective operations
Enterprise Integration – across
our portfolio and also with other
security ecosystem partner solutions
http://www.tripwire.com/securescan/
3
2
1
tripwire.com | @TripwireInc
@BrianHonan
top related