290 likes | 507 Views
PCI 101. Trustwave Corporate Profile. Trustwave is an established company serving a global client base with industry-leading solutions. Founded in 1995. Approximately 600 employees in 21 locations on six continents.
E N D
Trustwave is an established company serving a global client base with industry-leading solutions Founded in 1995 Approximately 600 employees in 21 locations on six continents Thousands of customers throughout the world, including 6 of the Fortune Top 10 Chicago is global HQ; London, Sydney and Sao Paolo are regional HQs Secure Operation Centers in Chicago and Warsaw Award-winning, patented security technology 2010 SC Magazine “Finalist” Encryption 2009 Frost & Sullivan NAC Best Practices 2009 SC Magazine “Recommended” Managed Security Services Forrester 9 out of 10 rating NAC solution
The leader in compliance and data security MSSP with more than 1,400 devices under management Monitor more than 18 million events per day Top 10 global Certificate Authority with more than 40,000 SSL certificates issued Performed more than 2,000 network and application penetration tests Conducted more than 740 forensic investigations Benchmark work for HIPAA, GLBA, SOX, ISO 27000 series PCI DSS leader – Trustwave has certified 42 percent of PsPs; 40 percent of Payment Apps. Fully qualified for all PCI-related work: QSA (2002); ASV (2003); PA-QSA (2005); QIRA (2005)
Global Presence Global Headquarters Chicago, IL EMEA Headquarters London, UK Toronto, Canada Pittsburg, PA Frankfurt, Germany Dallas, TX Stockholm, Sweden Annapolis, MD Austin,TX Budapest, Hungary Boston, MA Beijing, China Denver, CO Warsaw, Poland Shanghai, China Rennes, France Kiev, Ukraine Bogota’, Columbia Tokyo, Japan Belo Horizonte, Brazil Mumbai, India Mexico City, Mexico Dubai, United Arab Emirates Pretoria, South Africa APAC Headquarters Sydney, Australia LAC Headquarters Sao Paolo, Brazil Santiago, Chile
Payment Card Acceptance • The Payment Card Industry’s Data Security Standard states: • PCI Data Security Requirements apply to allmembers, merchants, and service providersthat store, process or transmit cardholder data 6
Six Goals, Twelve Requirements Track and monitor all access to network resources and cardholder data Install and maintain a firewall configuration to protect cardholder data Use and regularly update anti-virus software or programs Regularly test security systems and processes Do not use vendor-supplied defaults for system passwords and other security parameters Develop and maintain secure systems and applications Maintain a vulnerability management program Implement strong access control measures Build and Maintain a Secure Network Regularly monitor and test networks Maintain an information security policy Protect cardholder data Restrict access to cardholder data by business need-to-know Encrypt transmission of cardholder data across open, public networks Maintain a policy that addresses information security for employees and contractors Assign a unique ID to each person with computer access Protect stored cardholder data Restrict physical access to cardholder data
Top PCI DSS Violations Requirement 1: Install and maintain a firewall to protect cardholder data Requirement 2: Do not use vendor-supplied defaults Requirement 3: Protect stored data Requirement 6: Develop and maintain secure systems and applications Requirement 8: Assign a unique ID to each person with computer access Requirement 10: Track and monitor access to network and card data Requirement 11: Regularly test security systems and processes Requirement 12: Maintain a policy that addresses information security Violations found in incident response investigations in 2009.
Resources PCI Security Standards Council: https://www.pcisecuritystandards.org/index.shtml Visa CISP: http://www.visa.com/cisp MasterCard SDP: http://www.mastercard.com/sdp
TrustKeeper • TrustKeeper is Trustwave's compliance portal that merchants will use to manage, track and validate their compliance status. • TrustKeeper is the leading portal used by acquiring banks to monitor PCI DSS compliance status among merchants. • TrustKeeper offers easy-to-use vulnerability assessment and management services to help merchants meet all their PCI DSS compliance requirements.
TrustKeeper Agent • TrustKeeper Agent is an optional component of TrustKeeper that installs on Windows PCs or PC based payment terminals. • TrustKeeper Agent: • Assists with setting up and managing vulnerability scans • Collects information needed to answer technical system questions and reports back to TrustKeeper • Monitors systems to ensure the security and data storage settings meet the requirements of the PCI DSS • Provides information for summarized and detailed reports in TrustKeeper
Questions and Help Text How Do I Choose?
Security Policy Advisor TrustKeeper’s Security Policy Advisor