Pci compliance update
Download
1 / 8

PCI Compliance Update - PowerPoint PPT Presentation


  • 138 Views
  • Uploaded on

PCI Compliance Update. Presented by: Jeff Gassaway, Information Security Officer – CISSP Lucas Walker, Information Security Analyst – GSEC. The Way We W ere. FY 2012-2013 Improved oversight and direction Improved compliance with PCI data security standards

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'PCI Compliance Update' - donald


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Pci compliance update

PCI Compliance Update

Presented by:

Jeff Gassaway, Information Security Officer – CISSP

Lucas Walker, Information Security Analyst – GSEC


The way we w ere
The Way We Were

  • FY 2012-2013

    • Improved oversight and direction

    • Improved compliance with PCI data security standards

    • Improved campus-wide security controls


What we did to improve
What We Did to Improve

  • Brought CoalFire on site for departments with largest volume and highest risk PCI transactions.

  • Established PCI mailing list to facilitate communication

  • Brought PCI trainings to campus

  • Created PCI Working Group

  • Based on number of transactions per year

  • How credit cards are being taken

  • Essentially, risk to the consumer


How we reduced costs
How We Reduced Costs

  • Reduced reliance on CoalFire’s services

    • Shadowed CoalFire site visits and interviews

  • Assisted departments in utilizing CoalFire’s tools

    • Navis

    • LightHouse

  • PCI Working Group

    • Working to develop standard solutions to meet a variety of departmental needs

    • Provide guidance

    • Consistency


Where we are
Where We Are

  • Reducing Scope and Complexity

  • Clarifying PCI terms

  • Bringing significant issues to PCI Working group:

  • Developing approved enterprise solutions

  • Advising on business processes changes

  • Researching and supporting common tools and technology

  • Reviewing and enhancing policies and procedures

  • Cost Reduction


  • Where we must go
    Where We Must Go

    • Quarterly scans (internal and external) conducted

    • Robust change and patch management implemented

    • Everything in scope logged and reviewed daily

    • Consistent policies developed

    • Annual departmental policy review and trainings conducted

    • No cards stored

    • No non-compliance


    Pci compliance update
    Q&A

    • Help.unm.edu

    • security@unm.edu

    • kmellor@unm.edu

    • Policy 7215

    • it.unm.edu/security