Achieving PCI-DSS Compliance with ZirMed financial services Darren J. Hobbs, CPA and James S. Lacy, JD

Similar documents
City of Portland Audit: Follow-Up on Compliance with Payment Card Industry Data Security Standard BY ALEXANDRA FERCAK SENIOR MANAGEMENT AUDITOR

PCI DSS 3.2 AWARENESS NOVEMBER 2017

Commerce PCI: A Four-Letter Word of E-Commerce

The Devil is in the Details: The Secrets to Complying with PCI Requirements. Michelle Kaiser Bray Faegre Baker Daniels

PDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.2)

University of Sunderland Business Assurance PCI Security Policy

PCI COMPLIANCE IS NO LONGER OPTIONAL

June 2013 PCI DSS COMPLIANCE GUIDE. Look out for the tips in the blue boxes if you use Fetch TM payment solutions.

PCI Compliance. What is it? Who uses it? Why is it important?

Overview: Compliance and Security Management PCI-DSS Control Compliance Suite Overview

Section 1: Assessment Information

Donor Credit Card Security Policy

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Merchant Guide to PCI DSS

PCI compliance the what and the why Executing through excellence

Section 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016

Table of Contents. PCI Information Security Policy

Incident Policy Version 01, April 2, 2008 Provided by: CSRSI

Payment Card Industry (PCI) Data Security Standard

PCI Compliance: It's Required, and It's Good for Your Business

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

The IT Search Company

Daxko s PCI DSS Responsibilities

Vendor Security Questionnaire

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

Managing Cybersecurity Risk

PCI Data Security. Meeting the Challenges of PCI DSS Payment Card Security

PCI DSS 3.1 is here. Are you ready? Mike Goldgof Sr. Director Product Marketing

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications

Data Classification, Security, and Privacy

PCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

Navigating the PCI DSS Challenge. 29 April 2011

Cybersecurity in Higher Ed

An Overview of the Gramm-Leach-Bliley (GLB) Act and the Safeguards Rule

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) banksa.com.au

Achieving PCI Compliance: Long and Short Term Strategies

2017 Annual Meeting of Members and Board of Directors Meeting

in PCI Regulated Environments

Policy. Sensitive Information. Credit Card, Social Security, Employee, and Customer Data Version 3.4

PCI DSS COMPLIANCE 101

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

01.0 Policy Responsibilities and Oversight

PCI DSS Compliance. Verba SOLUTION GUIDE. Introduction. Verba and the Payment Card Industry Data Security Standard

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

CACUBO Higher Education Accounting Workshop Top 10 Cyber Security Issues for Higher Education Business Managers. May 2017

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance

Oracle Database Vault

Oracle Security Products and Their Relationship to EBS. Presented By: Christopher Carriero

Data Security: Public Contracts and the Cloud

Will you be PCI DSS Compliant by September 2010?

A QUICK PRIMER ON PCI DSS VERSION 3.0

University of Maine System Payment Card Industry Data Security Standard (PCI DSS) Guide for Completing Self Assessment Questionnaire (SAQ) SAQ C

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)

Regulation P & GLBA Training

Ready Theatre Systems RTS POS

Employee Security Awareness Training Program

REQUIREMENT Build and Maintain a Secure Network and Systems 1. Install and maintain a firewall configuration to protect cardholder data

CRIMINAL NETWORK INTRUSION AND DATA THEFT: Today s Security Landscape and What to Do If You ve Been Compromised

2012PHILIPPINES ECC International :: MALAYSIA :: VIETNAM :: INDONESIA :: INDIA :: CHINA

Point ipos Implementation Guide. Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core

Qualified Integrators and Resellers (QIR) TM. QIR Implementation Statement, v2.0

Projectplace: A Secure Project Collaboration Solution

FAQs. The Worldpay PCI Program. Help protect your business and your customers from data theft

PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)

Designing Polycom SpectraLink VoWLAN Solutions to Comply with Payment Card Industry (PCI) Data Security Standard (DSS)

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

Payment Card Industry Data Security Standard (PCI DSS) Incident Response Plan

CONSIDERATIONS BEFORE MOVING TO THE CLOUD

Section 1: Assessment Information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire P2PE and Attestation of Compliance

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

All 3 Billion Yahoo Accounts Were Affected by 2013 Attack NY Times 10/3/17

Best Practices (PDshop Security Tips)

Payment Card Industry (PCI) Qualified Integrator and Reseller (QIR)

CCISO Blueprint v1. EC-Council

WHITE PAPER- Managed Services Security Practices

CSP & PCI DSS Compliance on HPE NonStop systems

PCI DSS COMPLIANCE DATA

Operations & Technology Seminar. Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire P2PE and Attestation of Compliance

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

UCSB Audit and Advisory Services Internal Audit Report. Credit Cards PCI Compliance. July 1, 2016

PCI Compliance Assessment Module with Inspector

DeMystifying Data Breaches and Information Security Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard

A Perfect Fit: Understanding the Interrelationship of the PCI Standards

Client Alert: Significant WiFi vulnerability exposed

Payment Card Industry Internal Security Assessor: Quick Reference V1.0

SAQ A AOC v3.2 Faria Systems LLC

AuthAnvil for Retail IT. Exploring how AuthAnvil helps to reach compliance objectives

PCI DSS Compliance for Healthcare

PAYMENT CARD INDUSTRY DATA SECURITY STANDARD SELF-ASSESSMENT QUESTIONNAIRE (SAQ) B GUIDE

Credit Card Data Compromise: Incident Response Plan

Cyber Risks in the Boardroom Conference

The Impact of Cybersecurity, Data Privacy and Social Media

Information Technology General Control Review

Transcription:

Achieving PCI-DSS Compliance with ZirMed financial services Darren J. Hobbs, CPA and James S. Lacy, JD THE PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS Goals PCI-DSS Requirements Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored data 4. Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management 5. Use and regularly update anti-virus software Program 6. Develop and maintain secure systems and applications Implement Strong Access Control Measures 7. Restrict access to cardholder data by business need-to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes Maintain an Information Security Policy 12. Maintain a policy that addresses information security 1 Bureau of Justice Statistics: Identity Theft Series November 30, 2011 2 Identity Theft Resource Center. 2007 Data Breach Stats.

2 ZirMed Performance Series: Achieving PCI-DSS Compliance with ZirMed Financial Services THE COSTS OF NON-COMPLIANCE Data Breach Cost Per Exposed Record 4 Direct Incremental Costs $54 Indirect Productivity Costs $30 Customer Opportunity Costs $98 Total Cost Per Exposed Record $182 PCI-DSS FOR HEALTHCARE PROVIDERS 4 Ponemon Institute, LLC. 2006 Annual Cost Study: Cost of a Data Breach 5 Hines, Matt. Bottom line impact of data breaches unclear. InfoWorld, April 2007. 6 Baum, Neil and Gretchen Henkel. Marketing Your Clinical Practice, Third Edition. Jones and Bartlett Publishers, Inc., 2004.

3 ZirMed Performance Series: Achieving PCI-DSS Compliance with ZirMed Financial Services ZIRMED YOUR SOLUTION TO PCI-DSS COMPLIANCE Questions Yes No Is access to cardholder data limited to those individuals whose jobs require such access? Does your system prevent storage of the full magnetic strip contents and card verification values? Are all pieces of paper with cardholder information cross-cut shredded, incinerated, or pulped when no longer needed? Do you have a formal security awareness program in place which addresses cardholder data? Have you established, published, maintained, and disseminated an information security policy? If you answered No to any of the questions, or if you were unsure of the answer, your business may not be in compliance with PCI-DSS. For more information, or to view the complete Self-Assessment Questionnaire, please visit www.pcisecuritystandards.org. 7 Rothke, Ben. The Smart Approach to PCI-DSS Compliance Braintree Payment Solutions. 8 Verizon Business Risk Team. 2008 Data Breach Investigation Report

4 ZirMed Performance Series: Achieving PCI-DSS Compliance with ZirMed Financial Services Disaster Plan Essentials To be compliant with PCI-DSS, all merchants must have an information security policy and disaster recovery plan in place. The disaster recovery planning process should include the following elements: Notify Senior Management Contact and establish a disaster recovery team Determine the degree of disaster/breach Review the PCI-DSS regulations related to disclosures and reporting, along with state and federal laws and regulations Evaluate whether disaster also affected HIPAA, Gramm-Leach- Bliley or other privacy and security laws Implement proper recovery plan dependent on extent of the disaster Monitor progress Inform all necessary personnel Notify vendors, banks, auditors, lawyers, etc. Create follow-up checklist and monitoring

5 ZirMed Performance Series: Achieving PCI-DSS Compliance with ZirMed Financial Services CONCLUSIONS PCI-DSS Requirements ZirMed 1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters 3. Protect stored data 4. Encrypt transmission of cardholder data across open, public networks 5. Use and regularly update anti-virus software 6. Develop and maintain secure systems and applications 7. Restrict access to cardholder data by business need-to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes 12. Maintain a policy that addresses information security = ZirMed addresses all requirements = ZirMed addresses most, but not all, requirements About ZirMed Copyright c2011 ZirMed, Inc. All rights reserved. www.zirmed.com (877) 494-1032

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback