anx risk assessment tips webinar
DESCRIPTION
PCI DSS Requirement 12.1.2 emphasizes a need for a formal risk assessment methodology. Utilizing a risk assessment within your organization can be very helpful when determining whether to implement new technologies or determining the next steps in your on-going security process. A “set it and forget it” mentality is one of the biggest myths when it comes to Payment Card Industry Data Security Standard (PCI DSS) compliance. A recent study showed that only 37% of companies in 2010 regularly test their security systems and processes. Unfortunately, this mindset creates the vulnerability that hackers seek out. A January 2012 report revealed: • Only 21% of companies were PCI Compliant at their initial risk assessment • Companies met an average of 78% test procedures This webinar will cover the process of implementing a Risk Assessment for your business and regularly capitalizing on the findings to create a secure environment and achieving PCI compliance. Learn how to take the first step in becoming PCI DSS compliant by eliminating the gaps in your company’s security that cyber criminals seek out.TRANSCRIPT
Using a Risk Assessment
to become PCI Compliant
.com
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
Logistics
All lines are in listen-only mode. We will answer questions at the end of the event. But feel free to ask questions at any time. A link to the webinar recording will be e-mailed shortly after the event, and it will be available on-demand at: www.anx.com
Every attendee receives a $5 Starbucks Gift Card
One attendee will receive a $50 Amazon.com Gift Certificate
All series attendees will be Entered to win a Kindle Fire
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
THE THREE PILLARS OF PCI
Presenter
Mark A. Wayne Executive Vice President
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
PCI DSS Requirements – the Digital Dozen
1. Install and maintain a firewall configuration to protect data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect Stored Data
4. Encrypt transmission of cardholder data and sensitive information across public networks
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that address information security
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
PCI DSS Requirements
1. Install and maintain a firewall configuration to protect data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect Stored Data
4. Encrypt transmission of cardholder data and sensitive information across public networks
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that address information security
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
12. Maintain a policy that address information security
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
12. Maintain a policy that address information security
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
12. Maintain a policy that address information security
12.1.2 Establish, publish, maintain, and disseminate a security policy that includes an annual process that identifies threats and vulnerabilities, and results in a formal risk assessment
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
12. Maintain a policy that address information security
12.1.2 Establish, publish, maintain, and disseminate a security policy that includes an annual process that identifies threats and vulnerabilities, and results in a formal risk assessment
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
Definition
Risk As•sess•ment [risk uh-ses-muhnt] 1. Define the Environment
2. Identify Threats
3. Identify Vulnerabilities
4. Evaluate and Address Risk
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
Two Parts
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
Two Parts
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
Why is a Risk
Assessment
important
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
Steps of a Risk Assessment
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
Steps of a Risk Assessment
Define the Environment
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
Steps of a Risk Assessment
Define the Environment
Identify Threats
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
Steps of a Risk Assessment
Define the Environment
Identify Threats
Identify Vulnerabilities
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
Steps of a Risk Assessment
Define the Environment
Identify Threats
Identify Vulnerabilities
Evaluate and Address Risk
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
19
Level 4 Merchants the Target of Choice
RISK
LEVEL
Level 4
90%
Level 1-3
10%
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
PCI DSS Requirements
1. Install and maintain a firewall configuration to protect data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect Stored Data
4. Encrypt transmission of cardholder data and sensitive information across public networks
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that address information security
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
PCI DSS Requirements
1. Install and maintain a firewall configuration to protect data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect Stored Data
4. Encrypt transmission of cardholder data and sensitive information across public networks
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that address information security
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
PCI DSS Requirements
1. Install and maintain a firewall configuration to protect data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect Stored Data
4. Encrypt transmission of cardholder data and sensitive information across public networks
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
PCI DSS Requirements
1. Install and maintain a firewall configuration to protect data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect Stored Data
4. Encrypt transmission of cardholder data and sensitive information across public networks
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that address information security
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
PCI DSS Requirements
12. Maintain a policy that address information security
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
How do I conduct
a Risk Assessment
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
REQUIREMENTS
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
Identify and track regulations
Create of organized framework
Develop policies
Perform assessments
Prioritize deficiencies
Manage remediation activity
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
What can
ANX do for me
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
30
.com
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
31
.com
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
32
.com
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
33
.com
Identify and track regulations
Create of organized framework
Develop policies
Perform assessments
Prioritize deficiencies
Manage remediation activity
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
34
.com
Managed
Security
Data Breach Protection
PCI Support Remote Access
One Affordable Monthly Charge
CONFIDENTIAL | www.ANX.com | 4/20/2012 | © 2012 ANXeBusiness Corp. All rights reserved.
Using a Risk Assessment to become PCI Compliant
35
.com
E-mail us at [email protected]
Call us 248-447-4050
Or visit us at www.facebook.com/anxebusiness
anx
Drawing and Questions