PCI - It's an Open Book Test

Preview:

Click to see full reader

Citation preview

By Mark D. Gelhardt, Sr. PCIP, C|CIO, CISM, PMP, ITIL, CC

mark@gelhardt.com

7/22/2016 1

//elavonglobal@SSL/DavWWWRoot/sites/sc4/gp/go/Shared Documents/Global Envision Elavon 2015 Facilitation PowerPoint/Shailesh Intro v4-SD.mp4

Why should you care about PCI compliance?

PCI compliance can be hard – So what are you doing to improve – year over year?

How are you using PCI to make your company more secure (not just compliant)?

Author: Mark Gelhardt, mark@gelhardt.com 2 7/22/2016

3

4

5

Credit Cards are the primary target 2/10 were Processors 5/10 were stolen credit cards at Retailers

7

7/22/2016 Author: Mark Gelhardt,

mark@gelhardt.com 8

•Application owners don't know their own app set up

•What servers the app’s are on, what IP’s,

•In cloud or not Application

•No true asset management system

•Your company doesn’t even know its own full network

•Network not segmented well, stuff all over the place

Complex IT Environments

•Business wants fast paced change

•New products more than they want security Business Needs

•Ever changing PCI compliance requirements - v3.2

•What’s next in compliance, privacy, EU Safe Harbor??

Compliance changes

Author: Mark Gelhardt, mark@gelhardt.com 9

Gap item – remediation

Projects – to fix items

Budget/Money to become compliant

Monthly reviews of PCI items

Company focuses on compliance at lest

annually

Author: Mark Gelhardt, mark@gelhardt.com 10

Project Plan – Time Line

Scope - Executive Summary

Data Flow Diagrams

Third Party Service Providers

SME Meetings – several

Author: Mark Gelhardt, mark@gelhardt.com 11

•Two weeks for iRoC

•Two weeks for QSA QA review

•Two weeks for VISA review

Time

•Take your time to research your CDE

•Use your Data Flow diagram discussions

•Use SME interviews

Scope

•SME interviews

•Research your own system/enterprise Data Flow

Diagrams

•SME prep-interviews – prior to assessment

•SME Data Flow interviews

•Sit in on QSA assessment with SME

Subject Matter

Experts

Author: Mark Gelhardt, mark@gelhardt.com 12

•Project Plan – Prior Planning works Planning

•Do PCI Stuff Monthly – don’t wait until the annual assessment Monthly

•Get the SMEs involved early and often SMEs

•You cant do it all yourself – use networking, app’s team, SMEs Teamwork

•PCI Compliance isn’t security – but it can sure help improve your system Security

•Help your company – get out of your box – do more then compliance Get out of your Box

Recommended

A Simple Quality Assurance Test for Strand Bond - PCI
Documents
PCI Express 3.0 and 4.0 Test Tim Fairfield FAE Challenges: Tim … · 2015-04-22 · PCI Express 3.0 and 4.0 Test Challenges: Link Equalization Testing 8Gbps vs 16Gbps Rx Testing
Documents
PCI Express™ Architecture - Rajamangala University of ...teacher.en.rmutt.ac.th/ktw/MicroProcessor/buses/Intel PCI Express... · 70 PCI Express Compliance Clear Test Output Maps
Documents
PCI Express Family Datasheet v0315 - Teledyne LeCroycdn.teledynelecroy.com/files/pdf/pci-express-family-datasheet.pdf · Teledyne LeCroy, a worldwide leader in serial data test solutions,
Documents
PCI Express (Rev1.1) Test Methodologies Data Signal
Documents
PCI Express Family Datasheet v1112 - Teledyne LeCroycdn.teledynelecroy.com › files › pdf › lecroy_pcie_series... · 2012-11-13 · PCI-SIG as an official test tool for PCI Express
Documents
10 Gigabit Ethernet Test Lab PCI-X Motherboards Related work & Initial tests
Documents
Note : No test bank for chapter 2, it's missing Chapter 03
Documents
Montena's EMP PCI test system
Documents
PCI Express 4 - teledynelecroy.com.cn · The PCI Express 4.0 Timetable Preliminary workshop: Primary purpose is test and specification development. Test results are not required to
Documents
PCI Gen3 (8GT/s) Receiver Jitter Tolerance Test · test equipment, test connections and setup, for the PCI Express Gen3 compliance program. This MOI reduces the ‘PCI Express Architecture
Documents
PCI Express Connector High Speed Electrical Test Procedure ...djm202/pdf/specifications/pcie/PCI_Express_CHSET1_0.p…This PCI Express Connector High Speed Electrical Test Procedure
Documents
Tektronix Method of Implementation for PCI Express Gen 4.0 ... Test Procedur… · Tektronix Method of Implementation for PCI Express Gen 4.0 TX CEM Test Procedure This document is
Documents
Complying with PCI DSS | F5 White Paper · 2018-05-10 · Complying with PCI DSS Goals PCI DSS Requirements Regularly Monitor and Test Networks 10. Track and monitor all access to
Documents
It's a myth: High stakes cause test score inflation
Education
802R-PCI Video Test Generator - Quantum Data - Home Page
Documents
The Most Comprehensive and Only Protocol Aware Test Tools for PCI
Documents
B. TECH. ELECTRONICS AND COMMUNICATION … · Matrix and it's Properties — Concepts of Controllability and ... (PCI) Bus, Introduction to Standard Serial Communication Protocols
Documents
It's a Phone First! How to Test Your Five-star Mobile Apps
Technology
Next Generation I/O Bus PCI-Express BER Test Solutionliterature.cdn.keysight.com/litweb/pdf/5989-2690EN.pdfNext Generation I/O Bus PCI-Express BER Test Solution Page 1 Introduction
Documents