SlideShare a Scribd company logo

PCI DSS Myths 2009: Myths and Reality

Anton Chuvakin
Anton Chuvakin

The document discusses eight common myths about PCI DSS compliance and security. The myths are that PCI does not apply, PCI is too confusing, PCI is too hard, breaches prove PCI is irrelevant, PCI is easy by just filling out forms, any tool or system is PCI compliant, PCI provides full security, and non-compliance does not matter. The document argues that PCI establishes basic security practices and continuous compliance is needed, not just passing an audit. Understanding requirements and maintaining ongoing security is important.

Technology
1 of 22
PCI DSS Myths 2009: Fiction and Reality Dr. Anton Chuvakin Security Warrior Consulting www.securitywarriorconsulting.com November 2009
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object]
What is PCI DSS or PCI? ,[object Object],[object Object],[object Object],[object Object],[object Object]
PCI DSS is based on basic data security practices! ,[object Object],[object Object],Protect Cardholder Data ,[object Object],Maintain an Information Security Policy ,[object Object],[object Object],Regularly Monitor and Test Networks ,[object Object],[object Object],[object Object],Implement Strong Access Control Measures ,[object Object],[object Object],Maintain a Vulnerability Management Program ,[object Object],[object Object],Build and Maintain a Secure Network
Ceiling vs Floor ,[object Object],[object Object],[object Object],[object Object],[object Object]
M1 - PCI just doesn’t apply to us … ,[object Object],[object Object],Reality: PCI DSS DOES apply to you if you “ accept, capture, store, transmit or process credit and debit card data ”, no exceptions! At some point, your acquirer will make it clear to you!
M2 - PCI is confusing ,[object Object],[object Object],[object Object],Reality: PCI DSS documents explain both what to do and how to validate it; take some time to read and understand it. <- Also, read our book on PCI! 
M3 - PCI is too hard ,[object Object],[object Object],Reality: PCI DSS is basic, common sense, baseline security practice; it is only hard if you were not doing it before. It is no harder than running your business or IT – and you’ve been doing it!
M4 - Breaches prove PCI irrelevant ,[object Object],[object Object],Reality: Data breaches prove that basic PCI DSS security is not enough, but you have to start from the basics. PCI is actually easier to understand than other advanced security and risk matters. Start there!
M5 – PCI is Easy : Just Say “YES” ,[object Object],[object Object],Reality: Not exactly - you need to: a) Get a scan – and then resolve the vulnerabilities found b) Do the things that the questions refer to – and prove it c) Keep doing a) and b) forever!
M6 – My tool is PCI compliant ,[object Object],[object Object],[object Object],Reality: There is no such thing as “PCI compliant tool, network”, PCI DSS compliance applies to organizations . PCI DSS combines technical AND process, policy, management issues; awareness and practices as well.
M7 – PCI Is Enough Security ,[object Object],[object Object],Reality: PCI is basic security, it is a necessary baseline, but NOT sufficient (floor – not the ceiling!) PCI is also about cardholder data security , not the rest of private data, not your intellectual property, not SSNs, etc. It also covers confidentiality , and NOT integrity and availability. There is more to security than PCI!
M8 – PCI DSS Is Toothless ,[object Object],[object Object],Reality: Possible fines + lawsuits + breach disclosure costs + investigation costs + CC rate increases + contractual breaches + cost of more security measures + cost of credit monitoring = will you risk ALL that?
Summary: Eight Common PCI Myths ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Your Approach To PCI DSS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Continuous Compliance vs Validation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
PCI and Security Today ,[object Object],[object Object],[object Object],[object Object]
Conclusions and Action Items ,[object Object],[object Object],[object Object]
Get More Info! ,[object Object],[object Object],[object Object]
About Anton Chuvakin ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],For more: http://www.chuvakin.org
More on Anton ,[object Object],[object Object],[object Object],[object Object],[object Object]
Security Warrior Consulting Services ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Recommended

PCI DSS Myths 2010: Why Are They STILL Alive by Dr. Anton Chuvakin
PCI DSS Myths 2010: Why Are They STILL Alive by Dr. Anton ChuvakinPCI DSS Myths 2010: Why Are They STILL Alive by Dr. Anton Chuvakin
PCI DSS Myths 2010: Why Are They STILL Alive by Dr. Anton ChuvakinAnton Chuvakin
 
PCI 2010: Trends and Technologies
PCI 2010: Trends and TechnologiesPCI 2010: Trends and Technologies
PCI 2010: Trends and TechnologiesAnton Chuvakin
 
PCI Myths
PCI MythsPCI Myths
PCI MythsSasha Nunke
 
PCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
PCI DSS-based Security: Is This For Real? by Dr. Anton ChuvakinPCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
PCI DSS-based Security: Is This For Real? by Dr. Anton ChuvakinAnton Chuvakin
 
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER VersionPCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Versionguest3af00b8
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the Warcentralohioissa
 
What do I really need to do to STAY compliant with PCI DSS?
What do I really need to do to STAY compliant with PCI DSS?What do I really need to do to STAY compliant with PCI DSS?
What do I really need to do to STAY compliant with PCI DSS?Anton Chuvakin
 
Security and Risk Mitigation
Security and Risk MitigationSecurity and Risk Mitigation
Security and Risk Mitigationhaydenchamber
 

Recommended

PCI DSS Myths 2010: Why Are They STILL Alive by Dr. Anton Chuvakin
PCI DSS Myths 2010: Why Are They STILL Alive by Dr. Anton ChuvakinPCI DSS Myths 2010: Why Are They STILL Alive by Dr. Anton Chuvakin
PCI DSS Myths 2010: Why Are They STILL Alive by Dr. Anton ChuvakinAnton Chuvakin
 
PCI 2010: Trends and Technologies
PCI 2010: Trends and TechnologiesPCI 2010: Trends and Technologies
PCI 2010: Trends and TechnologiesAnton Chuvakin
 
PCI Myths
PCI MythsPCI Myths
PCI MythsSasha Nunke
 
PCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
PCI DSS-based Security: Is This For Real? by Dr. Anton ChuvakinPCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
PCI DSS-based Security: Is This For Real? by Dr. Anton ChuvakinAnton Chuvakin
 
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER VersionPCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Versionguest3af00b8
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the Warcentralohioissa
 
What do I really need to do to STAY compliant with PCI DSS?
What do I really need to do to STAY compliant with PCI DSS?What do I really need to do to STAY compliant with PCI DSS?
What do I really need to do to STAY compliant with PCI DSS?Anton Chuvakin
 
Security and Risk Mitigation
Security and Risk MitigationSecurity and Risk Mitigation
Security and Risk Mitigationhaydenchamber
 
How Not to Lose Your Bitcoin in 2017
How Not to Lose Your Bitcoin in 2017How Not to Lose Your Bitcoin in 2017
How Not to Lose Your Bitcoin in 2017Anil X
 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are ComingErnest Staats
 
RSA 2017 - CISO's 5 steps to Success
RSA 2017 - CISO's 5 steps to SuccessRSA 2017 - CISO's 5 steps to Success
RSA 2017 - CISO's 5 steps to SuccessGary Hayslip CISSP, CISA, CRISC, CCSK
 
Mobile Devices and Internet of Things
Mobile Devices and Internet of ThingsMobile Devices and Internet of Things
Mobile Devices and Internet of ThingsPaul Hastings
 
10 Practical Tips to Prepare for the New Privacy Shield Era
10 Practical Tips to Prepare for the New Privacy Shield Era10 Practical Tips to Prepare for the New Privacy Shield Era
10 Practical Tips to Prepare for the New Privacy Shield EraPaul Hastings
 
10 Rules for Vendors - an Overview
10 Rules for Vendors - an Overview10 Rules for Vendors - an Overview
10 Rules for Vendors - an OverviewGary Hayslip CISSP, CISA, CRISC, CCSK
 
Helping SME’S to face cybersecurity threats
Helping SME’S to face cybersecurity threatsHelping SME’S to face cybersecurity threats
Helping SME’S to face cybersecurity threatsAgence du Numérique (AdN)
 
Data Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
Data Loss Prevention in SharePoint 2016 Webinar with Crow CanyonData Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
Data Loss Prevention in SharePoint 2016 Webinar with Crow CanyonVlad Catrinescu
 
10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the CloudPeak 10
 
5 Ways to Stay #CyberSecure
5 Ways to Stay #CyberSecure5 Ways to Stay #CyberSecure
5 Ways to Stay #CyberSecureMedia Sonar
 
(SACON) Srinivas posarala - Challenges & Approach
(SACON) Srinivas posarala - Challenges & Approach(SACON) Srinivas posarala - Challenges & Approach
(SACON) Srinivas posarala - Challenges & ApproachPriyanka Aash
 
Blockchain for Accounting & Assurance
Blockchain for Accounting & AssuranceBlockchain for Accounting & Assurance
Blockchain for Accounting & AssuranceEryk Budi Pratama
 
Cloud adoption in the EU - and analyst's perspective (revised)
Cloud adoption in the EU - and analyst's perspective (revised)Cloud adoption in the EU - and analyst's perspective (revised)
Cloud adoption in the EU - and analyst's perspective (revised)Mike Davis
 
Verderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCIVerderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCIBen Rothke
 
Privacies are coming
Privacies are comingPrivacies are coming
Privacies are comingErnest Staats
 
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionDigital Guardian
 
Metrics, Risk Management & DLP
Metrics, Risk Management & DLPMetrics, Risk Management & DLP
Metrics, Risk Management & DLPRobert Kloots
 
Spirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinAnton Chuvakin
 
Myths of PCI DSS
Myths of PCI DSSMyths of PCI DSS
Myths of PCI DSSAnton Chuvakin
 
What PCI DSS Taught Us About Security by Dr. Anton Chuvakin
What PCI DSS Taught Us About Security by Dr. Anton ChuvakinWhat PCI DSS Taught Us About Security by Dr. Anton Chuvakin
What PCI DSS Taught Us About Security by Dr. Anton ChuvakinAnton Chuvakin
 
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER VersionPCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Versionguest3af00b8
 
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER VersionPCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Versionguest3af00b8
 

More Related Content

What's hot

How Not to Lose Your Bitcoin in 2017
How Not to Lose Your Bitcoin in 2017How Not to Lose Your Bitcoin in 2017
How Not to Lose Your Bitcoin in 2017Anil X
 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are ComingErnest Staats
 
Mobile Devices and Internet of Things
Mobile Devices and Internet of ThingsMobile Devices and Internet of Things
Mobile Devices and Internet of ThingsPaul Hastings
 
10 Practical Tips to Prepare for the New Privacy Shield Era
10 Practical Tips to Prepare for the New Privacy Shield Era10 Practical Tips to Prepare for the New Privacy Shield Era
10 Practical Tips to Prepare for the New Privacy Shield EraPaul Hastings
 
Data Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
Data Loss Prevention in SharePoint 2016 Webinar with Crow CanyonData Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
Data Loss Prevention in SharePoint 2016 Webinar with Crow CanyonVlad Catrinescu
 
10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the CloudPeak 10
 
5 Ways to Stay #CyberSecure
5 Ways to Stay #CyberSecure5 Ways to Stay #CyberSecure
5 Ways to Stay #CyberSecureMedia Sonar
 
(SACON) Srinivas posarala - Challenges & Approach
(SACON) Srinivas posarala - Challenges & Approach(SACON) Srinivas posarala - Challenges & Approach
(SACON) Srinivas posarala - Challenges & ApproachPriyanka Aash
 
Blockchain for Accounting & Assurance
Blockchain for Accounting & AssuranceBlockchain for Accounting & Assurance
Blockchain for Accounting & AssuranceEryk Budi Pratama
 
Cloud adoption in the EU - and analyst's perspective (revised)
Cloud adoption in the EU - and analyst's perspective (revised)Cloud adoption in the EU - and analyst's perspective (revised)
Cloud adoption in the EU - and analyst's perspective (revised)Mike Davis
 
Verderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCIVerderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCIBen Rothke
 
Privacies are coming
Privacies are comingPrivacies are coming
Privacies are comingErnest Staats
 
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionDigital Guardian
 
Metrics, Risk Management & DLP
Metrics, Risk Management & DLPMetrics, Risk Management & DLP
Metrics, Risk Management & DLPRobert Kloots
 

What's hot (17)

How Not to Lose Your Bitcoin in 2017
How Not to Lose Your Bitcoin in 2017How Not to Lose Your Bitcoin in 2017
How Not to Lose Your Bitcoin in 2017
 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are Coming
 
RSA 2017 - CISO's 5 steps to Success
RSA 2017 - CISO's 5 steps to SuccessRSA 2017 - CISO's 5 steps to Success
RSA 2017 - CISO's 5 steps to Success
 
Mobile Devices and Internet of Things
Mobile Devices and Internet of ThingsMobile Devices and Internet of Things
Mobile Devices and Internet of Things
 
10 Practical Tips to Prepare for the New Privacy Shield Era
10 Practical Tips to Prepare for the New Privacy Shield Era10 Practical Tips to Prepare for the New Privacy Shield Era
10 Practical Tips to Prepare for the New Privacy Shield Era
 
10 Rules for Vendors - an Overview
10 Rules for Vendors - an Overview10 Rules for Vendors - an Overview
10 Rules for Vendors - an Overview
 
Helping SME’S to face cybersecurity threats
Helping SME’S to face cybersecurity threatsHelping SME’S to face cybersecurity threats
Helping SME’S to face cybersecurity threats
 
Data Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
Data Loss Prevention in SharePoint 2016 Webinar with Crow CanyonData Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
Data Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
 
10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud
 
5 Ways to Stay #CyberSecure
5 Ways to Stay #CyberSecure5 Ways to Stay #CyberSecure
5 Ways to Stay #CyberSecure
 
(SACON) Srinivas posarala - Challenges & Approach
(SACON) Srinivas posarala - Challenges & Approach(SACON) Srinivas posarala - Challenges & Approach
(SACON) Srinivas posarala - Challenges & Approach
 
Blockchain for Accounting & Assurance
Blockchain for Accounting & AssuranceBlockchain for Accounting & Assurance
Blockchain for Accounting & Assurance
 
Cloud adoption in the EU - and analyst's perspective (revised)
Cloud adoption in the EU - and analyst's perspective (revised)Cloud adoption in the EU - and analyst's perspective (revised)
Cloud adoption in the EU - and analyst's perspective (revised)
 
Verderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCIVerderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCI
 
Privacies are coming
Privacies are comingPrivacies are coming
Privacies are coming
 
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss Prevention
 
Metrics, Risk Management & DLP
Metrics, Risk Management & DLPMetrics, Risk Management & DLP
Metrics, Risk Management & DLP
 

Similar to PCI DSS Myths 2009: Myths and Reality

Spirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinAnton Chuvakin
 
What PCI DSS Taught Us About Security by Dr. Anton Chuvakin
What PCI DSS Taught Us About Security by Dr. Anton ChuvakinWhat PCI DSS Taught Us About Security by Dr. Anton Chuvakin
What PCI DSS Taught Us About Security by Dr. Anton ChuvakinAnton Chuvakin
 
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER VersionPCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Versionguest3af00b8
 
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER VersionPCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Versionguest3af00b8
 
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER VersionPCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER VersionAnton Chuvakin
 
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER VersionPCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Versionguest3af00b8
 
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden WilliamsPCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden WilliamsAnton Chuvakin
 
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGhimalya sharma
 
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGhimalya sharma
 
"Compliance First" or "Security First"
"Compliance First" or "Security First""Compliance First" or "Security First"
"Compliance First" or "Security First"Anton Chuvakin
 
PCI Compliance for Dummies
PCI Compliance for DummiesPCI Compliance for Dummies
PCI Compliance for DummiesLiberteks
 
Pci dss compliance
Pci dss compliancePci dss compliance
Pci dss compliancepcidss14s
 
Payment account data security – PCI DSS
Payment account data security – PCI DSSPayment account data security – PCI DSS
Payment account data security – PCI DSSsocassurance
 
Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...
Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...
Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...i2Coalition
 
Webinar - PCI DSS Merchant Levels validations and applicable
Webinar - PCI DSS Merchant Levels validations and applicableWebinar - PCI DSS Merchant Levels validations and applicable
Webinar - PCI DSS Merchant Levels validations and applicableVISTA InfoSec
 
Quick & Dirty Dozen: PCI Compliance Simplified
Quick & Dirty Dozen: PCI Compliance SimplifiedQuick & Dirty Dozen: PCI Compliance Simplified
Quick & Dirty Dozen: PCI Compliance SimplifiedAlienVault
 
PCI Compliance - How To Keep Your Business Safe From Credit Card Criminals
PCI Compliance - How To Keep Your Business Safe From Credit Card CriminalsPCI Compliance - How To Keep Your Business Safe From Credit Card Criminals
PCI Compliance - How To Keep Your Business Safe From Credit Card CriminalsFit Small Business
 
Data Security For Compliance 2
Data Security For Compliance 2Data Security For Compliance 2
Data Security For Compliance 2Flaskdata.io
 

Similar to PCI DSS Myths 2009: Myths and Reality (20)

Spirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton Chuvakin
 
Myths of PCI DSS
Myths of PCI DSSMyths of PCI DSS
Myths of PCI DSS
 
What PCI DSS Taught Us About Security by Dr. Anton Chuvakin
What PCI DSS Taught Us About Security by Dr. Anton ChuvakinWhat PCI DSS Taught Us About Security by Dr. Anton Chuvakin
What PCI DSS Taught Us About Security by Dr. Anton Chuvakin
 
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER VersionPCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
 
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER VersionPCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
 
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER VersionPCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
 
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER VersionPCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
 
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden WilliamsPCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
 
Don’t Fear PCI DSS!
Don’t Fear PCI DSS!Don’t Fear PCI DSS!
Don’t Fear PCI DSS!
 
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
 
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
 
"Compliance First" or "Security First"
"Compliance First" or "Security First""Compliance First" or "Security First"
"Compliance First" or "Security First"
 
PCI Compliance for Dummies
PCI Compliance for DummiesPCI Compliance for Dummies
PCI Compliance for Dummies
 
Pci dss compliance
Pci dss compliancePci dss compliance
Pci dss compliance
 
Payment account data security – PCI DSS
Payment account data security – PCI DSSPayment account data security – PCI DSS
Payment account data security – PCI DSS
 
Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...
Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...
Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...
 
Webinar - PCI DSS Merchant Levels validations and applicable
Webinar - PCI DSS Merchant Levels validations and applicableWebinar - PCI DSS Merchant Levels validations and applicable
Webinar - PCI DSS Merchant Levels validations and applicable
 
Quick & Dirty Dozen: PCI Compliance Simplified
Quick & Dirty Dozen: PCI Compliance SimplifiedQuick & Dirty Dozen: PCI Compliance Simplified
Quick & Dirty Dozen: PCI Compliance Simplified
 
PCI Compliance - How To Keep Your Business Safe From Credit Card Criminals
PCI Compliance - How To Keep Your Business Safe From Credit Card CriminalsPCI Compliance - How To Keep Your Business Safe From Credit Card Criminals
PCI Compliance - How To Keep Your Business Safe From Credit Card Criminals
 
Data Security For Compliance 2
Data Security For Compliance 2Data Security For Compliance 2
Data Security For Compliance 2
 

More from Anton Chuvakin

Future of SOC: More Security, Less Operations
Future of SOC: More Security, Less OperationsFuture of SOC: More Security, Less Operations
Future of SOC: More Security, Less OperationsAnton Chuvakin
 
SOC Meets Cloud: What Breaks, What Changes, What to Do?
SOC Meets Cloud: What Breaks, What Changes, What to Do?SOC Meets Cloud: What Breaks, What Changes, What to Do?
SOC Meets Cloud: What Breaks, What Changes, What to Do?Anton Chuvakin
 
Meet the Ghost of SecOps Future by Anton Chuvakin
Meet the Ghost of SecOps Future by Anton ChuvakinMeet the Ghost of SecOps Future by Anton Chuvakin
Meet the Ghost of SecOps Future by Anton ChuvakinAnton Chuvakin
 
SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...
SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...
SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...Anton Chuvakin
 
SOC Lessons from DevOps and SRE by Anton Chuvakin
SOC Lessons from DevOps and SRE by Anton ChuvakinSOC Lessons from DevOps and SRE by Anton Chuvakin
SOC Lessons from DevOps and SRE by Anton ChuvakinAnton Chuvakin
 
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 BoothHey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 BoothAnton Chuvakin
 
20 Years of SIEM - SANS Webinar 2022
20 Years of SIEM - SANS Webinar 202220 Years of SIEM - SANS Webinar 2022
20 Years of SIEM - SANS Webinar 2022Anton Chuvakin
 
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton ChuvakinAnton Chuvakin
 
SOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends
SOCstock 2020 Groovy SOC Tunes aka Modern SOC TrendsSOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends
SOCstock 2020 Groovy SOC Tunes aka Modern SOC TrendsAnton Chuvakin
 
SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC Anton Chuvakin
 
Modern SOC Trends 2020
Modern SOC Trends 2020Modern SOC Trends 2020
Modern SOC Trends 2020Anton Chuvakin
 
Anton's 2020 SIEM Best and Worst Practices - in Brief
Anton's 2020 SIEM Best and Worst Practices - in BriefAnton's 2020 SIEM Best and Worst Practices - in Brief
Anton's 2020 SIEM Best and Worst Practices - in BriefAnton Chuvakin
 
Five SIEM Futures (2012)
Five SIEM Futures (2012)Five SIEM Futures (2012)
Five SIEM Futures (2012)Anton Chuvakin
 
RSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics PresentationRSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics PresentationAnton Chuvakin
 
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
 
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
 
Practical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin
Practical Strategies to Compliance and Security with SIEM by Dr. Anton ChuvakinPractical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin
Practical Strategies to Compliance and Security with SIEM by Dr. Anton ChuvakinAnton Chuvakin
 

More from Anton Chuvakin (20)

Future of SOC: More Security, Less Operations
Future of SOC: More Security, Less OperationsFuture of SOC: More Security, Less Operations
Future of SOC: More Security, Less Operations
 
SOC Meets Cloud: What Breaks, What Changes, What to Do?
SOC Meets Cloud: What Breaks, What Changes, What to Do?SOC Meets Cloud: What Breaks, What Changes, What to Do?
SOC Meets Cloud: What Breaks, What Changes, What to Do?
 
Meet the Ghost of SecOps Future by Anton Chuvakin
Meet the Ghost of SecOps Future by Anton ChuvakinMeet the Ghost of SecOps Future by Anton Chuvakin
Meet the Ghost of SecOps Future by Anton Chuvakin
 
SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...
SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...
SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...
 
SOC Lessons from DevOps and SRE by Anton Chuvakin
SOC Lessons from DevOps and SRE by Anton ChuvakinSOC Lessons from DevOps and SRE by Anton Chuvakin
SOC Lessons from DevOps and SRE by Anton Chuvakin
 
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 BoothHey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth
 
20 Years of SIEM - SANS Webinar 2022
20 Years of SIEM - SANS Webinar 202220 Years of SIEM - SANS Webinar 2022
20 Years of SIEM - SANS Webinar 2022
 
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
 
SOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends
SOCstock 2020 Groovy SOC Tunes aka Modern SOC TrendsSOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends
SOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends
 
SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC
 
Modern SOC Trends 2020
Modern SOC Trends 2020Modern SOC Trends 2020
Modern SOC Trends 2020
 
Anton's 2020 SIEM Best and Worst Practices - in Brief
Anton's 2020 SIEM Best and Worst Practices - in BriefAnton's 2020 SIEM Best and Worst Practices - in Brief
Anton's 2020 SIEM Best and Worst Practices - in Brief
 
Generic siem how_2017
Generic siem how_2017Generic siem how_2017
Generic siem how_2017
 
Tips on SIEM Ops 2015
Tips on SIEM Ops 2015Tips on SIEM Ops 2015
Tips on SIEM Ops 2015
 
Five SIEM Futures (2012)
Five SIEM Futures (2012)Five SIEM Futures (2012)
Five SIEM Futures (2012)
 
RSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics PresentationRSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics Presentation
 
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
 
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
 
Practical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin
Practical Strategies to Compliance and Security with SIEM by Dr. Anton ChuvakinPractical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin
Practical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:
 

Recently uploaded

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 

PCI DSS Myths 2009: Myths and Reality

  • 1. PCI DSS Myths 2009: Fiction and Reality Dr. Anton Chuvakin Security Warrior Consulting www.securitywarriorconsulting.com November 2009
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.