PCI V2

Description

This presentation describes the features of Riesgo PCI V2 that assists organisations in managing the activities of related to PCI compliance.
Key modules include:
PCI operations radar – real time monitoring of all PCI assets across your network
PCI compliance dashboard - policy compliance in accordance with the PCI DSS
In this presentation:
PCI assessment process
PCI operations radar process
PCI operation log retrieval system
PCI Asset register
PCI Audit process
Project & Business unit PCI assessment

Reviews

Shared by: ben oguntala LLB Hons

Tags

PCI DSS, PCI V2, Payment card industry, PCI operations radar, PCI compliance dashboard

Stats

views:: 105
rating:: not rated
reviews:: 0
posted:: 8/2/2009
language:: English
pages:: 0

Public Domain

PCI v2 PCI operations radar & compliance dashboard Ben Oguntala info@riesgoriskmanagement.com www.riesgoriskmanagement.com 07812039867 For a pilot, email Ben Oguntala info@riesgoriskmanagement.com Introduction Objective • This presentation describes the features of Riesgo PCI V2 that assists organisations in managing the activities of related to PCI compliance. Key modules include: • PCI operations radar – real time monitoring of all PCI assets across your network • PCI compliance dashboard - policy compliance in accordance with the PCI DSS In this presentation: • PCI assessment process • PCI operations radar process • PCI operation log retrieval system • PCI Asset register • PCI Audit process • Project & Business unit PCI assessment For a pilot, email Ben Oguntala info@riesgoriskmanagement.com Riesgo PCI v2 solution captures the end to end cycle of PCI within your organisation. PCI Audits PCI reports PCI assessments PCI compliance Dashboard PCI program PCI Risk register PCI log retrieval system PCI operations radar For a pilot, email Ben Oguntala info@riesgoriskmanagement.com PCI Asset register Overview PCI compliance Dashboard Application server PCI Operations Radar Database server Business logic server Business unit assessments Project assessments Asset assessments Web server Firewalls Routers PCI asset register PCI Log retrieval system PCI compliance dashboard Risk Register Radar alerts Policy compliance Likelihood Business impact Audits PCI operations radar Web server Application server Business logic server Database server Database server Routers Business impact PCI ID Asset BU PCI ID 123 124 125 126 127 Serv1 Serv3 Serv4 Serv5 Serv6 AG AG AG AG AG 128 129 130 Serv7 Serv8 Serv9 AG AG AG Ben Gee Olu Gee Mark Seal Olu Gee Ray Ban See More Olu Gee Cee Cee H H H H H L L L L L Y N Y N N 2/3/09 2/3/09 2/3/09 2/5/09 2/3/09 3 - - 123 124 125 126 127 H H H H H H L L L L L L Violation 3 3 3 3 1 4 H H H L L L Y Y Y 2/3/09 2/3/09 2/3/09 - - 128 - For a pilot,-email Ben Oguntala info@riesgoriskmanagement.com IPS/IDS 5 1 Asset owner Review date Likelihood Firewalls IPS/IDS PCI assessment process Type PCI Assessment Risk rating PCI compliance Dashboard Project PCI registration form Business unit Asset 1. Do not retain full magnetic stripe, card validation code or value 2. Protect stored cardholder data 3. Provide secure authentication features 4. Log payment application activity 5. Develop secure payment applications 6. Protect wireless transmissions 7. Test payment applications to address vulnerabilities 8. Facilitate secure network implementation 9. Cardholder data must never be stored on a server connected to the Internet 10. Facilitate secure remote software updates 11. Facilitate secure remote access to payment application 12. Encrypt sensitive traffic over public networks 13. Encrypt all non-console administrative access 14. Maintain instructional documentation and training programs for customers, resellers, and integrators L MH PCI risk register For a pilot, email Ben Oguntala info@riesgoriskmanagement.com PCI operation radar process PCI compliance Dashboard PCI operations radar Web server Application server Business logic server Database server Database server Routers 3 1 Business impact Likelihood Firewalls Project name Project ID Project Manager Project Manager Description Assets PCI ID 123 H L Violation 3 Web Servers Business logic Firewalls Databases Asset owner Asset owner Asset owner Asset owner Log interface Log interface Log interface Legal interface Riesgo Log retrieval system For a pilot, email Ben Oguntala info@riesgoriskmanagement.com IPS/IDS 5 Project details PCI log retrieval system PCI project ID Business impact Web server Application server Business logic server Database server Log PCI ID PCI operations radar Web server Application server Business logic server Database server Database server Routers 3 1 Likelihood Firewalls Log 123 H L Violation 3 Log Log PCI Log retrieval system Alert rating Routers Firewalls IPS/IDS Log Log Log For a pilot, email Ben Oguntala info@riesgoriskmanagement.com IPS/IDS 5 PCI Asset register PCI project ID Web server Log PCI compliance dashboard PCI ID Asset BU Asset owner Ben Gee Olu Gee Mark Seal Olu Gee Ray Ban See More Olu Gee Cee Cee Policy compliance Likelihood Business impact Application server Business logic server Database server Routers Firewalls IPS/IDS Log Log 123 124 125 126 127 128 129 130 Serv1 Serv3 Serv4 Serv5 Serv6 Serv7 Serv8 Serv9 AG AG AG AG AG AG AG AG H H H H H H H H L L L L L L L L Y N Y N N Y Y Y Log Log Log Log info@riesgoriskmanagement.com Each PCI project can identify its assets and assessed against the policy compliance and For a pilot, email Ben Oguntala transmitted data via its logs. ready - PCI Audit Audit schedule Business units BU PCI projects PCI Assets PCI Policies compliance Asset Audit non compliance report Non compliance Policy compliance Risk rating Likelihood Business impact Audit findings Asset owner PCI compliance dashboard Risk Register Radar alerts Policy compliance Likelihood Business impact PCI ID Asset BU Asset owner Review date For a pilot, email Ben Oguntala info@riesgoriskmanagement.com Audits PCI related projects PCI related Assets Business units with PCI Business unit assessments Project assessments Asset assessments Project & business unit PCI assessment Reports Likelihood Business impact Risk rating Risk Register Policy compliance PCI risk assessment form The 14 key PCI assessments 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. Review date Audits PCI compliance dashboard Do not retain full magnetic stripe, card validation code or value Protect stored cardholder data Provide secure authentication features Log payment application activity Develop secure payment applications Protect wireless transmissions Test payment applications to address vulnerabilities Facilitate secure network implementation Cardholder data must never be stored on a server connected to the Internet Facilitate secure remote software updates Facilitate secure remote access to payment application Encrypt sensitive traffic over public networks Encrypt all non-console administrative access Maintain instructional documentation and training programs for customers, resellers, and integrators For a pilot, email Ben Oguntala info@riesgoriskmanagement.com Contact details Interested in PCI v2? Contact us For a pilot, email Ben Oguntala info@riesgoriskmanagement.com