PCI V2

Document Sample
PCI V2 Powered By Docstoc
					PCI v2
PCI operations radar & compliance dashboard
Ben Oguntala info@riesgoriskmanagement.com www.riesgoriskmanagement.com 07812039867

For a pilot, email Ben Oguntala info@riesgoriskmanagement.com

Introduction
Objective • This presentation describes the features of Riesgo PCI V2 that assists organisations in managing the activities of related to PCI compliance. Key modules include: • PCI operations radar – real time monitoring of all PCI assets across your network • PCI compliance dashboard - policy compliance in accordance with the PCI DSS In this presentation:

• PCI assessment process • PCI operations radar process • PCI operation log retrieval system • PCI Asset register • PCI Audit process • Project & Business unit PCI assessment

For a pilot, email Ben Oguntala info@riesgoriskmanagement.com

Riesgo PCI v2 solution captures the end to end cycle of PCI within your organisation.

PCI Audits

PCI reports

PCI assessments

PCI compliance
Dashboard

PCI program

PCI Risk register

PCI log retrieval system PCI operations radar For a pilot, email Ben Oguntala info@riesgoriskmanagement.com

PCI Asset register

Overview
PCI compliance Dashboard
Application server

PCI Operations Radar
Database server Business logic server

Business unit assessments

Project assessments

Asset assessments

Web server

Firewalls

Routers

PCI asset register

PCI Log retrieval system

PCI compliance dashboard
Risk Register Radar alerts Policy compliance Likelihood Business impact Audits

PCI operations radar
Web server Application server Business logic server Database server Database server Routers

Business impact

PCI ID

Asset

BU

PCI ID

123 124 125 126 127

Serv1 Serv3 Serv4 Serv5 Serv6

AG AG AG AG AG

128
129 130

Serv7
Serv8 Serv9

AG
AG AG

Ben Gee Olu Gee Mark Seal Olu Gee Ray Ban See More Olu Gee Cee Cee

H H H H H

L L L L L

Y N Y N N

2/3/09 2/3/09 2/3/09 2/5/09 2/3/09

3 -

-

123 124 125 126 127 H H H H H H

L L L L L L

Violation

3 3 3

3

1

4

H
H H

L
L L

Y
Y Y

2/3/09
2/3/09 2/3/09

-

-

128 -

For a pilot,-email Ben Oguntala info@riesgoriskmanagement.com

IPS/IDS
5 1

Asset owner

Review date

Likelihood

Firewalls

IPS/IDS

PCI assessment process
Type PCI Assessment Risk rating
PCI compliance Dashboard

Project PCI registration form Business unit

Asset

1. Do not retain full magnetic stripe, card validation code or value 2. Protect stored cardholder data 3. Provide secure authentication features 4. Log payment application activity 5. Develop secure payment applications 6. Protect wireless transmissions 7. Test payment applications to address vulnerabilities 8. Facilitate secure network implementation 9. Cardholder data must never be stored on a server connected to the Internet 10. Facilitate secure remote software updates 11. Facilitate secure remote access to payment application 12. Encrypt sensitive traffic over public networks 13. Encrypt all non-console administrative access 14. Maintain instructional documentation and training programs for customers, resellers, and integrators

L MH

PCI risk register

For a pilot, email Ben Oguntala info@riesgoriskmanagement.com

PCI operation radar process
PCI compliance Dashboard

PCI operations radar
Web server Application server Business logic server Database server Database server Routers
3 1

Business impact

Likelihood

Firewalls

Project name Project ID Project Manager Project Manager Description Assets

PCI ID

123

H

L

Violation

3

Web Servers
Business logic Firewalls Databases

Asset owner
Asset owner Asset owner Asset owner

Log interface
Log interface Log interface Legal interface

Riesgo Log retrieval system

For a pilot, email Ben Oguntala info@riesgoriskmanagement.com

IPS/IDS
5

Project details

PCI log retrieval system
PCI project ID Business impact Web server Application server Business logic server Database server
Log
PCI ID

PCI operations radar
Web server Application server Business logic server Database server Database server Routers
3 1

Likelihood

Firewalls

Log

123

H

L

Violation

3

Log

Log

PCI Log retrieval system

Alert rating

Routers Firewalls
IPS/IDS

Log

Log

Log

For a pilot, email Ben Oguntala info@riesgoriskmanagement.com

IPS/IDS
5

PCI Asset register
PCI project ID Web server
Log

PCI compliance dashboard
PCI ID Asset BU Asset owner Ben Gee Olu Gee Mark Seal Olu Gee Ray Ban See More Olu Gee Cee Cee Policy compliance Likelihood

Business impact

Application server Business logic server Database server Routers Firewalls IPS/IDS

Log

Log

123 124 125 126 127 128 129 130

Serv1 Serv3 Serv4 Serv5 Serv6 Serv7 Serv8 Serv9

AG AG AG AG AG AG AG AG

H H H H H H H H

L L L L L L L L

Y N Y N N Y Y Y

Log

Log

Log

Log

info@riesgoriskmanagement.com

Each PCI project can identify its assets and assessed against the policy compliance and For a pilot, email Ben Oguntala transmitted data via its logs. ready -

PCI Audit
Audit schedule
Business units BU PCI projects PCI Assets PCI Policies compliance Asset Audit non compliance report Non compliance Policy compliance Risk rating Likelihood Business impact Audit findings

Asset owner

PCI compliance dashboard
Risk Register Radar alerts Policy compliance Likelihood Business impact

PCI ID

Asset

BU

Asset owner

Review date

For a pilot, email Ben Oguntala info@riesgoriskmanagement.com

Audits

PCI related projects

PCI related Assets

Business units with PCI

Business unit assessments

Project assessments

Asset assessments

Project & business unit PCI assessment

Reports
Likelihood

Business impact

Risk rating

Risk Register

Policy compliance

PCI risk assessment form The 14 key PCI assessments 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14.

Review date

Audits PCI compliance dashboard

Do not retain full magnetic stripe, card validation code or value Protect stored cardholder data Provide secure authentication features Log payment application activity Develop secure payment applications Protect wireless transmissions Test payment applications to address vulnerabilities Facilitate secure network implementation Cardholder data must never be stored on a server connected to the Internet Facilitate secure remote software updates Facilitate secure remote access to payment application Encrypt sensitive traffic over public networks Encrypt all non-console administrative access Maintain instructional documentation and training programs for customers, resellers, and integrators

For a pilot, email Ben Oguntala info@riesgoriskmanagement.com

Contact details
Interested in PCI v2? Contact us

For a pilot, email Ben Oguntala info@riesgoriskmanagement.com


				
DOCUMENT INFO
Shared By:
Stats:
views:401
posted:8/2/2009
language:English
pages:11
Description: This presentation describes the features of Riesgo PCI V2 that assists organisations in managing the activities of related to PCI compliance. Key modules include: PCI operations radar – real time monitoring of all PCI assets across your network PCI compliance dashboard - policy compliance in accordance with the PCI DSS In this presentation: PCI assessment process PCI operations radar process PCI operation log retrieval system PCI Asset register PCI Audit process Project & Business unit PCI assessment