Welcome. IT Exchange. November 19, 2013

Similar documents
PCI DSS 3.2 AWARENESS NOVEMBER 2017

Evolution of Cyber Attacks

PCI DSS v3. Justin

University of Sunderland Business Assurance PCI Security Policy

All the Latest Data Security News. Best Practices and Compliance Information From the PCI Council

Section 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016

Webinar: How to keep your hotel guest data secure

ISACA Kansas City Chapter PCI Data Security Standard v2.0 Overview

Navigating the PCI DSS Challenge. 29 April 2011

Payment Card Industry Internal Security Assessor: Quick Reference V1.0

Merchant Guide to PCI DSS

The Future of PCI: Securing payments in a changing world

Dan Lobb CRISC Lisa Gable CISM Katie Friebus

Site Data Protection (SDP) Program Update

Managing Risk in the Digital World. Jose A. Rodriguez, Director Visa Consulting and Analytics

PCI DATA SECURITY STANDARDS VERSION 3.2. What's Next?

PCI DSS Addressing Cyber-Security Threats. ETCAA June Gabriel Leperlier

Customer Compliance Portal. User Guide V2.0

June 2012 First Data PCI RAPID COMPLY SM Solution

PCI compliance the what and the why Executing through excellence

PCI Time-Based Requirements as a Starting Point for Business-As-Usual Process Monitoring

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Data Sheet The PCI DSS

PCI DSS COMPLIANCE 101

Commerce PCI: A Four-Letter Word of E-Commerce

Merchant e-solutions Payment Acceptance User Guide for Magento (M1)

FAQs. The Worldpay PCI Program. Help protect your business and your customers from data theft

PCI COMPLIANCE IS NO LONGER OPTIONAL

June 2013 PCI DSS COMPLIANCE GUIDE. Look out for the tips in the blue boxes if you use Fetch TM payment solutions.

Payment Card Industry Data Security Standard (PCI DSS) Incident Response Plan

How PayPal can help colleges and universities reduce PCI DSS compliance scope. Prepared by PayPal and Sikich LLP.

ISE Canada Executive Forum and Awards

Cipherithm LLC 2013 PCI SSC North America Community Meeting Notes

The Devil is in the Details: The Secrets to Complying with PCI Requirements. Michelle Kaiser Bray Faegre Baker Daniels

PCI DSS V3.2. Larry Newell MasterCard

PCI 3.0 What You Need to Know!

The sign-in area is located at the back of the room. Grab a name tag and let us know who you are! Annual PCI Overview

PCI Compliance. Network Scanning. Getting Started Guide

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) banksa.com.au

PCI Compliance: It's Required, and It's Good for Your Business

PDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.2)

Overview: Compliance and Security Management PCI-DSS Control Compliance Suite Overview

Introduction to the PCI DSS: What Merchants Need to Know

The IT Search Company

Segmentation, Compensating Controls and P2PE Summary

Payment Card Industry Data Security Standards Version 1.1, September 2006

PCI Compliance Assessment Module

Planned End Date (if known): The date the emarket should be decommissioned if this store should not remain active after a certain date.

K12 Cybersecurity Roadmap

2012PHILIPPINES ECC International :: MALAYSIA :: VIETNAM :: INDONESIA :: INDIA :: CHINA

Cybersecurity The Evolving Landscape

Introduction NOTE IF THE REQUEST IS APPROVED, BEFORE PROCEEDING, THE REQUESTING DEPARTMENT MUST AGREE TO BE

Payment Card Industry - Data Security Standard (PCI-DSS)

Payment Card Industry - Data Security Standard (PCI-DSS) v3.2 Systems Security Standard

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

The Honest Advantage

Will you be PCI DSS Compliant by September 2010?

Processing Payments Securely in the Digital World

PCI Compliance Assessment Module with Inspector

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Minimizing the PCI Footprint: Reduce Risk and Simplify Compliance

SECURITY PRACTICES OVERVIEW

PCI DSS. Compliance and Validation Guide VERSION PCI DSS. Compliance and Validation Guide

Defensible Security DefSec 101

Maintaining Trust: Visa Inc. Payment Security Strategy

Altius IT Policy Collection

Merchant Certificate of Compliance

Payment Card Industry (PCI) Data Security Standard

Merchant e-solutions Payment Acceptance User Guide for Magento version 2.x ( M2 )

A Comprehensive Guide to Remote Managed IT Security for Higher Education

INFORMATION SECURITY BRIEFING

PCI Guidance Check-In Where are We Now? Diana

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

in PCI Regulated Environments

Industry Best Practices for Securing Critical Infrastructure

Payment Card Industry (PCI) Data Security Standard

SECTION: SUBJECT: PCI-DSS General Guidelines and Procedures

PCI DSS Compliance for Healthcare

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

ISE North America Leadership Summit and Awards

Best Practices (PDshop Security Tips)

PCI Compliance Updates

How to Complete Your P2PE Self-Assessment Questionnaire

Assurance through the ISO27002 Standard and the US NIST Cybersecurity Framework. Keith Price Principal Consultant

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

PCI DSS 3.1 is here. Are you ready? Mike Goldgof Sr. Director Product Marketing

Carbon Black PCI Compliance Mapping Checklist

Compliance Audit Readiness. Bob Kral Tenable Network Security

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

UC SAN DIEGO 2018 MERCHANT PCI DSS CYCLE

WELCOME ISO/IEC 27001:2017 Information Briefing

SCALEFAST COMMERCE CLOUD INFRASTRUCTURE

Payment Card Industry (PCI) Data Security Standard. Summary of Changes from PCI DSS Version to 2.0

Enforcing PCI Data Security Standard Compliance Marco Misitano, CISSP, CISA, CISM Business Development Manager Security Cisco Italy

COMPLETING THE PAYMENT SECURITY PUZZLE

PCI Compliance in Oracle E-Business Suite

Manchester Metropolitan University Information Security Strategy

INFORMATION SUPPLEMENT. Use of SSL/Early TLS for POS POI Terminal Connections. Date: June 2018 Author: PCI Security Standards Council

Payment Card Industry (PCI) Data Security Standard

Transcription:

Welcome IT Exchange November 19, 2013

Agenda IT Services Action Plan Cybersecurity Payment Card Industry Data Security Standards GitLab OAuth 2.0

itservices.msu.edu/actionplan

Cyber Security Challenges in Higher Education Chief Information Security Officer Communicating Potential Threats Forming Group; Any Interest? End User Education http://tech.msu.edu/secureit/ Faculty and Staff Education http://eis.msu.edu/sid/

Payment Card Security Mary Nelson Gene Willacker Sally Burns

Mary Nelson Manager, Cashier s Office MSU must validate compliance Required by Bank/Visa/MC Due by March 31, 2014 Each merchant/unit/activity must complete Self-Assessment Questionnaire (SAQ) 5 versions PCI Office will help identify which SAQ is appropriate

Mary Nelson Manager, Cashier s Office Survey issued to gather information Survey data will indicate how card data is stored, processed, and transmitted Survey responses due December 4, 2013 SAQ validation process will be annual event going forward

Gene Willacker University PCI Compliance Officer PCI DSS v3.0 Payment Card Industry Data Security Standard PCI Scope of Compliance

PCI DSS 3.0 Effective January 1, 2014 2014 is the v2 to v3 transition year Goals Focus on security, compliance will follow PCI compliance as business as usual Increase education Influencers CHD still a target; poor implementation, maintenance; malware; weak passwords; lack of awareness

PCI DSS 3.0 What will it do? Focus on higher risk areas Clarify many requirements Add flexibility Improve assessments Evolve with best practices, risks and threats

What is in scope for PCI compliance?

What is in scope for PCI DSS? All system components in or connected to the cardholder data environment (CDE) CDE People, processes, and technology that store, process, or transmit cardholder data Connected to includes Connected-to connected-to systems What about CASHNet scope? Today, data entry workstations

Changes in Scope Definition Web re-direction servers added Visa and MasterCard concern since 2010 May impact the security of the CDE Guidance in the E-Commerce SIG report Requirement in PCI DSS v3.0 CASHNet checkout stores now in scope!

Likely additional requirements for MSU CASHNet Servers Firewalls Hardened server configurations External vulnerability scanning Internal vulnerability scanning Patching critical updates within 30 days Security training for developers and sysadmins Code reviews Web application scanning Penetration tests

Sally Burns MS E-Commerce Team, University Systems Support, IT Services

CASHNet is the ONLY pre-approved ecommerce solution that MSU Units may use IT Services - University Systems - Business System s - ecommerce Team Goal is to help you find the simplest path to PCI compliance while meeting your business requirements.

CASHNet- Over $1 Billion in Revenue More than 250 Merchants Active since 2010 CASHNet at MSU Activity Year Transaction Counts Annual Revenue 2010 22,256 $ 71,035,438.14 2011 269,630 $ 295,160,429.74 2012 337,462 $ 359,971,100.82 2013 (Ytd) 307,212 $ 303,843,527.98 Total 936,560 $ 1,030,010,496.68

The simplest path to PCI compliance and meeting your business requirements includes CASHNet ecommerce Team offers one-on-one consulting with technical and business staff. The CASHNet at MSU User Guide, CASHNet at MSU website, and monthly training are always available. Support is through the IT Services - Service Desk at itserve@msu.edu

CASHNet Storefronts Configurable to meet many needs. CASHNet emarket Storefront Samples: Conference Storefront https://commerce.cashnet.com/msutest_0100 Invoice Storefront https://commerce.cashnet.com/msutest_0110 More Samples: https://paymentsupport.ais.msu.edu/cashnetatmsu_stores.asp

CASHNet - Advanced emarket Storefront configurations can meet sophisticated requirements. Newer Features: Ability to collect data for unpaid items (i.e. attendee info). Variable pricing options (price depends on quantity purchased, menu selected, etc). CASHNet Storefront Features in the Pipeline: Sub-items (multiple account numbers per item). Discount codes. Report (excel) is emailed to user on a daily basis. Testing use of MSUPayment with storefront.

CASHNet Reporting Item Code 3999-GTKSELF 3999-GTKSELF 3999-GTKSELF 3999-USRGRP 3999-USRGRP Attendee Email Attendee First Name Attendee Last Name Attendee Phone Number Name of Employer scoobydo@charter Nancy scooby 920-333-1212 Teachin the kids.com.net scoobydp@charter Dean Scooby 616-777-1313 School District of Eugene, OR.net smith1234567@ch arter.net Cyntha Smith 616-111-1234 Teachin the kids.com hartford@ahsd125 Paula Hartford 616-222-2345.org cinzoooon@ahsd1 Amanda Cinzone 616-333-1234 25.org Amount 395.00 395.00 395.00 195.00 195.00 Two items sold, different data collected for each. Exported into Excel. No real transaction data is shown on this page.

Questions? Contact Info PCIDSS@ctlr.msu.edu Twitter @MSUPCI Mary Nelson nelsonm@ctlr.msu.edu Gene Willacker willacke@ctlr.msu.edu Sally Burns burnssal@msu.edu PCISecurityStandards.org

GitLab Beta Code Repository and Oauth 2.0 Troy Murray

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback