1 / 8

Information Security 2013 Roadshow - PCI

Information Security 2013 Roadshow - PCI. What IS PCI Why we Care about PCI What PCI Means to You and Me. Roadshow Outline. What is PCI. Payment Card Industry Data Security Standard or PCI-DSS Enforced by the Banks not by the Government (Recently became law in NV, WA, and MN)

margiet
Download Presentation

Information Security 2013 Roadshow - PCI

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security 2013 Roadshow - PCI

  2. What IS PCI • Why we Care about PCI • What PCI Means to You and Me Roadshow Outline

  3. What is PCI Payment Card Industry Data Security Standard or PCI-DSS Enforced by the Banks not by the Government (Recently became law in NV, WA, and MN) Financial Control more than a Technical Control The PCI DSS v2.0 Standards: 1.0: Install and maintain a firewall configuration to protect cardholder data. 2.0: Do not use vendor supplied defaults for system passwords and other security parameters. 3.0: Protect cardholder data. 4.0: Encrypt transmission of cardholder data across open, public networks. 5.0: Use and regularly update anti-virus software and programs. 6.0: Develop and maintain secure systems and applications. 7.0: Restrict access to cardholder data by business need to know. 8.0: Assign a unique ID to each person with a computer access. 9.0: Restrict physical access to cardholder data. 10.0: Track and monitor all access to network resources and cardholder data. 11.0: Regularly test security systems and processes. 12.0: Maintain a policy that addresses information security for all personnel.

  4. Why Do We Care About PCI • Compliance with PCI determines our ability to process credit cards. • A Breach of PCI data could result in penalties from the bank as well as from the FTC. • Reputation is perhaps the hardest thing to recover after a breach of any sort.

  5. A Credit Card Breach could include your data. • As a data processor or an MDRP you are partially responsible for the protection of the card holder data. • Middlebury has committed to PCI through policy and practice. • A part of PCI-DSS includes education which will help you better understand the security concerns Why PCI Matters to You and Me

  6. Montana State University • University of Illinois • Mercer County Community College • University of Massachusetts • Champlain College • University of Florida – Health Pediatrics • Idaho State University • Louisiana State University • Columbia University Medical Center • York Technical College • Oakland Community College • Chapman University • Kirkwood Community College • Tallahassee Community College • ETC… Known Data Breaches in Higher-Ed - 2013

  7. http://go.Middlebury.edu/pcidss • http://go.Middlebury.edu/infosec • email://pcioperationsteam@middlebury.edu • Email://infosec@Middlebury.edu Resources

  8. Please share your thoughts! Information Security Resources: http://go.middlebury.edu/infosec http://go.miis.edu/infosec Report Information Security Events To: infosec@middlebury.edu Discussion and Links

More Related