NWA ISSA Meeting

•Transferir como PPT, PDF•

0 gostou•734 visualizações

Branden Williams

What can companies do to comply with PCI? What ARE companies doing?

Tecnologia

PCI: The Real Deal
How to do PCI Right
(And how to really hose it up)
Branden R. Williams, CISSP, CISM
bwilliams@verisign.com
www.brandenwilliams.com

Why companies succeed
What are the steps to success?

PCI Requires Planning
Programmatic approach
Fully staffed compliance office
Trained and/or certified
Must be baked into culture

Getting it RIGHT
Medium sized service
provider
Assessment scope
less than 1% of
systems
On-Site Assessment
done in 1 week
No gaps last three
years

How do they do it?
Simple & elegant
payment systems
Complex ≠ Competitive
Advantage
Simplicity+Elegance =
Competitive Advantage
Go into assessment
knowing you will pass

Good Program Makeup
Documented Data Flows
Accountability
Documentation
Plan for Maintenance
Process Integration
Training
Assessment Prep/Self Assessment

Why companies fail
Avoid these pitfalls!

Getting it wrong
Medium US-Based
Retail
< 1000 locations
Fail every year
But remediate in 60 days
Out of compliance for
most of year
Risk breach in
between

Getting it wronger
No repeatable processes
Compliance viewed as “audit”
Security/Compliance office buried
All reporting to IT?
CISO unable to sell MGT
Process stagnates

How could we improve?
Build a program to MAINTAIN PCI
Security reporting elsewhere
CFO
HR
Legal
CISO take a business need
Audit results

Encrypt all stored data
What are my options?
Retrofit applications
Use an encryption appliance
Use an encrypting database
Render unreadable withoutencryption (truncation, hashing)
The Dangers of Encryption
Enterprise-Wide Approach
Create a sound strategy
Data flows required!

Hashing/Rainbow Tables
What is the risk of Hashing?
Hashed Data = Cardholder Data. Wait… What?
Hashes must be treated like encrypted card data
Hashing is still a viable method!
Watch other data stored nearby
What is a Rainbow Table?
Subvert complex math
Orange vs. Juice
Pre-computed hashes
Secrecy in Salt/Algorithm

Truncation
What is Truncation?
Remove all but First 6, Last 4
Identify any transaction
First 6, Last 4
Date/Time of Purchase
Amount
Auth Code

What is on the horizon?
What does the future hold?

Fees, Fines, and
Penalties, OH MY!
Cost of assessments rising (Q/A)
Global Fines in 18 months
Payment App Mandates
Scrutiny of Assessments

High Tech Payments
SIM Based Payments
PED Encryption
Chip/PIN (BUSTED)
RFID/Contactless
Examples!

Questions & Answers
Branden R. Williams, CISSP, CISM
bwilliams@verisign.com
www.brandenwilliams.com

Mais conteúdo relacionado

Semelhante a NWA ISSA Meeting

Secrets of crm success 2016 presentation

Martha Lord

myeNovation_Deck_Kaizen Dec 2023.pdf

NishantB11

What we need in 2009

Bogdana

Bogdana Butnar: What I need…

IMTO

Increasingly strategic in modern organizations, IT departments have adopted multiple protocols and performance measurements to maximize value to their business by enabling greater efficiency. However, while IT has often been the source of intelligence for other departments, IT leaders have lagged in deploying their own analytics to support service improvement. In this session, you’ll find out how analytics can expand the view of IT as you evaluate five innovations that affect service attainment and cost. Gain new insights into using analytics to increase IT value to the business, improve resource utilization, eliminate bottle necks, and understand support cost.

HDI 2016 five innovations in analytics

Numerify

Small Law Key Performance Indicators

Evolve Law

Funding for middleware monitoring projects is sometimes difficult to obtain - unless you know how to build a business model that effectively communicates business value to all stakeholders - both inside and outside of IT. In this presentation, you’ll learn why funding has become more difficult and how to quantify the value using SL’s ROI model that calculates both costs and savings associated with SL’s RTView monitoring solutions. Citibank also provides advice based on their own experience in obtaining and implementing middleware monitoring. To see the actual demonstration of Citibank’s RTView monitoring platform for their TIBCO Online Banking Applications, watch the recorded video here: http://sl.com/about-us/webinars-events/

Need Middleware Monitoring? Build a Better Business Case.

SL Corporation

How To Save Millions At Your Company

richlanza

3 Questions Every Board Needs to Ask About Enterprise Risks

CBIZ, Inc.

Governance, Risk & Compliance Management Solution

Rishabh Software

How to take the pain out of auditing in fast growing businesses

DavidAltmen

Credit Union Cyber Security

Stacy Willis

Accounting power point

mford08

gtFace: Business intelligence (BI - presentation)

kostienko2

gtFace: Business Intelligence BI

kostienko1

2016 Risk Management Workshop

Stacy Willis

Digital Marketing Audit Template (2016)

Tim Bourgeois

The Dream Team - Getting Involvement Above and Beyond Sales

dreamforce2006

Invest in Specialty Skills and Other Tips for Internal Audit Planning

CBIZ Risk & Advisory Services

Governance risk and compliance

Magdalena Matell

Semelhante a NWA ISSA Meeting (20)

Secrets of crm success 2016 presentation

myeNovation_Deck_Kaizen Dec 2023.pdf

What we need in 2009

Bogdana Butnar: What I need…

HDI 2016 five innovations in analytics

Small Law Key Performance Indicators

Need Middleware Monitoring? Build a Better Business Case.

How To Save Millions At Your Company

3 Questions Every Board Needs to Ask About Enterprise Risks

Governance, Risk & Compliance Management Solution

How to take the pain out of auditing in fast growing businesses

Credit Union Cyber Security

Accounting power point

gtFace: Business intelligence (BI - presentation)

gtFace: Business Intelligence BI

2016 Risk Management Workshop

Digital Marketing Audit Template (2016)

The Dream Team - Getting Involvement Above and Beyond Sales

Invest in Specialty Skills and Other Tips for Internal Audit Planning

Governance risk and compliance

Último

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

Scaling API-first – The story of a global engineering organization

Radu Cotescu

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

[2024]Digital Global Overview Report 2024 Meltwater.pdf

hans926745

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

This presentation explores the impact of HTML injection attacks on web applications, detailing how attackers exploit vulnerabilities to inject malicious code into web pages. Learn about the potential consequences of such attacks and discover effective mitigation strategies to protect your web applications from HTML injection vulnerabilities. for more information visit https://bostoninstituteofanalytics.org/category/cyber-security-ethical-hacking/

HTML Injection Attacks: Impact and Mitigation Strategies

Boston Institute of Analytics

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

HampshireHUG

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

NWA ISSA Meeting

1. PCI: The Real Deal How to do PCI Right (And how to really hose it up) Branden R. Williams, CISSP, CISM bwilliams@verisign.com www.brandenwilliams.com

2. Why companies succeed What are the steps to success?

3. PCI Requires Planning Programmatic approach Fully staffed compliance office Trained and/or certified Must be baked into culture

4. Getting it RIGHT Medium sized service provider Assessment scope less than 1% of systems On-Site Assessment done in 1 week No gaps last three years

5. How do they do it? Simple & elegant payment systems Complex ≠ Competitive Advantage Simplicity+Elegance = Competitive Advantage Go into assessment knowing you will pass

6. Good Program Makeup Documented Data Flows Accountability Documentation Plan for Maintenance Process Integration Training Assessment Prep/Self Assessment

7. Why companies fail Avoid these pitfalls!

8. Getting it wrong Medium US-Based Retail < 1000 locations Fail every year But remediate in 60 days Out of compliance for most of year Risk breach in between

9. Getting it wronger No repeatable processes Compliance viewed as “audit” Security/Compliance office buried All reporting to IT? CISO unable to sell MGT Process stagnates

10. How could we improve? Build a program to MAINTAIN PCI Security reporting elsewhere CFO HR Legal CISO take a business need Audit results

11. What are secure companies doing?

12. Encrypt all stored data What are my options? Retrofit applications Use an encryption appliance Use an encrypting database Render unreadable withoutencryption (truncation, hashing) The Dangers of Encryption Enterprise-Wide Approach Create a sound strategy Data flows required!

13. Hashing/Rainbow Tables What is the risk of Hashing? Hashed Data = Cardholder Data. Wait… What? Hashes must be treated like encrypted card data Hashing is still a viable method! Watch other data stored nearby What is a Rainbow Table? Subvert complex math Orange vs. Juice Pre-computed hashes Secrecy in Salt/Algorithm

14. Truncation What is Truncation? Remove all but First 6, Last 4 Identify any transaction First 6, Last 4 Date/Time of Purchase Amount Auth Code

15. Who does what?

16. What is on the horizon? What does the future hold?

17. Fees, Fines, and Penalties, OH MY! Cost of assessments rising (Q/A) Global Fines in 18 months Payment App Mandates Scrutiny of Assessments

18. High Tech Payments SIM Based Payments PED Encryption Chip/PIN (BUSTED) RFID/Contactless Examples!

19. Discuss Breaches

20. Questions & Answers Branden R. Williams, CISSP, CISM bwilliams@verisign.com www.brandenwilliams.com

NWA ISSA Meeting

Recomendados

Recomendados

Mais conteúdo relacionado

Semelhante a NWA ISSA Meeting

Semelhante a NWA ISSA Meeting (20)

Último

Último (20)

NWA ISSA Meeting