1 / 27

PCI 101

PCI 101. Trustwave Corporate Profile. Trustwave is an established company serving a global client base with industry-leading solutions. Founded in 1995. Approximately 600 employees in 21 locations on six continents.

elsa
Download Presentation

PCI 101

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PCI 101

  2. Trustwave Corporate Profile

  3. Trustwave is an established company serving a global client base with industry-leading solutions Founded in 1995 Approximately 600 employees in 21 locations on six continents Thousands of customers throughout the world, including 6 of the Fortune Top 10 Chicago is global HQ; London, Sydney and Sao Paolo are regional HQs Secure Operation Centers in Chicago and Warsaw Award-winning, patented security technology 2010 SC Magazine “Finalist” Encryption 2009 Frost & Sullivan NAC Best Practices 2009 SC Magazine “Recommended” Managed Security Services Forrester 9 out of 10 rating NAC solution

  4. The leader in compliance and data security MSSP with more than 1,400 devices under management Monitor more than 18 million events per day Top 10 global Certificate Authority with more than 40,000 SSL certificates issued Performed more than 2,000 network and application penetration tests Conducted more than 740 forensic investigations Benchmark work for HIPAA, GLBA, SOX, ISO 27000 series PCI DSS leader – Trustwave has certified 42 percent of PsPs; 40 percent of Payment Apps. Fully qualified for all PCI-related work: QSA (2002); ASV (2003); PA-QSA (2005); QIRA (2005)

  5. Global Presence Global Headquarters Chicago, IL EMEA Headquarters London, UK Toronto, Canada Pittsburg, PA Frankfurt, Germany Dallas, TX Stockholm, Sweden Annapolis, MD Austin,TX Budapest, Hungary Boston, MA Beijing, China Denver, CO Warsaw, Poland Shanghai, China Rennes, France Kiev, Ukraine Bogota’, Columbia Tokyo, Japan Belo Horizonte, Brazil Mumbai, India Mexico City, Mexico Dubai, United Arab Emirates Pretoria, South Africa APAC Headquarters Sydney, Australia LAC Headquarters Sao Paolo, Brazil Santiago, Chile

  6. Payment Card Acceptance • The Payment Card Industry’s Data Security Standard states: • PCI Data Security Requirements apply to allmembers, merchants, and service providersthat store, process or transmit cardholder data 6

  7. The Mandate: Visa Merchant Levels Defined

  8. Validation Actions Depend on Level

  9. Validation Actions Depend on Level (cont.)

  10. PCI DSS Standard Overview

  11. Six Goals, Twelve Requirements Track and monitor all access to network resources and cardholder data Install and maintain a firewall configuration to protect cardholder data Use and regularly update anti-virus software or programs Regularly test security systems and processes Do not use vendor-supplied defaults for system passwords and other security parameters Develop and maintain secure systems and applications Maintain a vulnerability management program Implement strong access control measures Build and Maintain a Secure Network Regularly monitor and test networks Maintain an information security policy Protect cardholder data Restrict access to cardholder data by business need-to-know Encrypt transmission of cardholder data across open, public networks Maintain a policy that addresses information security for employees and contractors Assign a unique ID to each person with computer access Protect stored cardholder data Restrict physical access to cardholder data

  12. Top PCI DSS Violations Requirement 1: Install and maintain a firewall to protect cardholder data Requirement 2: Do not use vendor-supplied defaults Requirement 3: Protect stored data Requirement 6: Develop and maintain secure systems and applications Requirement 8: Assign a unique ID to each person with computer access Requirement 10: Track and monitor access to network and card data Requirement 11: Regularly test security systems and processes Requirement 12: Maintain a policy that addresses information security Violations found in incident response investigations in 2009.

  13. Self Assessment Questionnaire (SAQ) 1.2

  14. Resources PCI Security Standards Council: https://www.pcisecuritystandards.org/index.shtml Visa CISP: http://www.visa.com/cisp MasterCard SDP: http://www.mastercard.com/sdp

  15. Program Features and Value Proposition

  16. TrustKeeper • TrustKeeper is Trustwave's compliance portal that merchants will use to manage, track and validate their compliance status. • TrustKeeper is the leading portal used by acquiring banks to monitor PCI DSS compliance status among merchants. • TrustKeeper offers easy-to-use vulnerability assessment and management services to help merchants meet all their PCI DSS compliance requirements.

  17. TrustKeeper Agent • TrustKeeper Agent is an optional component of TrustKeeper that installs on Windows PCs or PC based payment terminals. • TrustKeeper Agent: • Assists with setting up and managing vulnerability scans • Collects information needed to answer technical system questions and reports back to TrustKeeper • Monitors systems to ensure the security and data storage settings meet the requirements of the PCI DSS • Provides information for summarized and detailed reports in TrustKeeper

  18. Welcome Splash Page

  19. PCI Wizard Choice

  20. PCI Wizard for a Dial-up Merchant

  21. Questions and Help Text How Do I Choose?

  22. Resolve Issues with Remediation Advice

  23. Pre-Filled SAQ for Merchant Review

  24. Certificate of Compliance

  25. Security Policy Advisor TrustKeeper’s Security Policy Advisor

  26. Security Awareness Training

  27. TrustKeeper Agent

More Related