PCI DSS compliance monitoring software

Information about PCI DSS compliance monitoring software

Published on August 18, 2008

Author: oguntala

Source: authorstream.com

Content

PCI monitoring tool : PCI monitoring tool An end to end capture of PCI requirements Riesgo Risk Management 1 Slide 2: The PCI life cycle Current situation Mapping of PCI requirements PCI compliance tool : project assessment PCI compliance tool : asset assessment PCI compliance: dashboard The plan Operation end to end monitoring PCI project elements 2 Pg 3 Pg 4 Pg 5 Pg 6 Pg 7 Pg 8/9/10 The PCI cycle : The PCI cycle Online Shops 3rd party Fraud monitoring The aim of the PCI compliance tool to assist FRS P&SS team and other FRS departments in the assurance assessment of PCI related projects and also in being able provide ongoing monitoring of the capability for post implementation monitoring of PCI projects that we have provided a clean bill of health. As PCI breaches are equally fraudulent activities, we are equally concerned with the project initiation phase as well as the in-flight phase of the project. Operationally where breaches of PCI occur, the tool will notify in real time the PCI team as well as the relevant security team, impacted assets will be highlighted in real time to prevent continued usage until the risk is mitigated. 3 Slide 4: Project with PCI impact Highlighted in FRS P&SS FRS survey From management approval, the project manager submits the FRS survey that indicates whether or not The project will impact PCI. FRS P&SS BIA Data security Technical security Data protection Legal Data security Technical security Data protection Legal  BIA result    Data security Technical security Data protection Legal BIA result    Any adverse feedback from the Departments will result in a Negative BIA result. Current problem, we have no concurrent/consolidated view of these Department’s assessments and when we Retrospectively look at the project it can be lethargic to Find the unequivocal truth relating to the project. Further complication occurs when there is a change to the project or a reversal ? Current situation Project goes lives No visibility of the risks When in-flight, part of the PCI assessment often requires contemporary integrity of the assets being used. 4 Slide 5: Logs from firewalls IS policies & procedures Project & asset BIA Project & Asset compliance Encryption policy Access control policy Asset vs. AV status System & application security Access control to cardholder assets Unique ID policy Access control breaches to cardholder assets Security systems & processes assessment ISMS forum 3 5 11 5 0 5 5 5 5 3 5 11 3 5 11 3 5 11 Mapping of PCI 12 requirements to PCI compliance tool 5 Slide 6: project BIA Logs from firewalls IS policies & procedures Project & asset BIA Project & Asset compliance Encryption policy Access control policy Asset vs. AV status System & application security Access control to cardholder assets Unique ID policy Access control breaches to cardholder assets Security systems & processes assessment ISMS forum 3 5 11 5 0 5 5 5 5 3 5 11 3 5 11 3 5 11 Data security Technical security Data protection Legal Data security Technical security Data protection Legal BIA result PCI Db PCI compliance Tool: project Assessment Risk Register RAF 6 Slide 7: PCI compliance Tool: Asset Assessment 7 PCI compliance operation end to end monitoring : PCI compliance operation end to end monitoring PSP provider Project DSS Assessment System assessment Network Assessment Trends NMS feeds 3rd party Fraud monitoring 3 4 7 BIA 3 4 7 3 4 7 Database security Policy firewall Servers Project A Project B Project C encryption 3 5 11 5 0 5 5 5 5 3 5 11 3 5 11 3 5 11 8 Slide 9: 3 5 11 5 0 5 5 5 5 3 5 11 3 5 11 3 5 11 PCI compliance tool: Dashboard 3 4 7 BIA 3 4 7 3 4 7 Data security Technical security Data protection Legal Project A Project B Project C Risk Register RAF 9 PCI project elements : PCI project elements 3 5 11 5 0 5 5 5 5 3 5 11 3 5 11 3 5 11 Compliance fed into the dashboard pre and post live 10 Intellectual property : Intellectual property Each project will have to pay for the usage and compliance with PCI. The project elements and therefore profile on to the system to allow monitoring. Extension of the system will allow for a customer profile, at a premium of, for example of £1 per month, the card profile is stored and they are protecting themselves against identity fraud on your network. 11

Related presentations


Other presentations created by oguntala

Risk management user guide
05. 05. 2008
0 views

Risk management user guide

DPA compliance solution
18. 08. 2008
0 views

DPA compliance solution

FOI
25. 04. 2009
0 views

FOI