1

2

3

4

Albert Gonzalez, 28

With accomplices, he was involved in data breaches of most of the major data breaches: Heartland, Hannaford Bros., 7-Eleven, T.J. Maxx, Marshalls, BJ’s Wholesale Club, OfficeMax, Barnes & Noble, Sports Authority, Dave & Busters, Boston Market, Forever 21, DSW and others.

The public trusts that we will keep their information safe

from crooks like these.

5Source:

6

Number of incidents per year.Source:

7

8

Source:

9

Source:

10

Source:

11

Source:

12

13

Source:

14

15

Source:

16

1. Securing the IT environment 2. Managing and retaining data 3. Managing IT risk and compliance 4. Ensuring privacy

6. Managing System Implementations 7. Preventing and responding to computer fraud

10. Managing vendors and service providers http://www.aicpa.org/InterestAreas/InformationTechnology/Resources/TopTechnologyInitiatives/Pages/2013TTI.aspx

Orange text are all PCI related

17

18

Determine Objectives

Assess Risk

Apply Controls

Assess Controls Monitor

19

20Source: Internal Control Guidelines California Local Agencies 2015 SCO

21

Source: AICPA’s Auditing Standard AU-C §315.A91

22

23

24

25

26

utility model

27

28

29

Efficiency

Agility

Innovation

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48