how to achieve pci compliance with an enterprise job scheduler
TRANSCRIPT
How to Achieve
PCI Compliance with an
Enterprise Job Scheduler
© HelpSystems. Company Confidential.
All trademarks and registered trademarks contained herein are the property of their respective owners.
© HelpSystems3/9/2015 2
Pat CameronDirector of Automation Technology
Compliance and Automation
Robin Tatam, CISMDirector of Security Technologies
© HelpSystems3/9/2015 3
• PCI Security Standards
– What is PCI?
– PCI Requirements
• Job Scheduler
– How can automation help?
– Secure systems
– Documentation
– System availability
Today’s Agenda
© HelpSystems3/9/2015 5
• What is PCI DSS?
– Payment Card Industry (PCI) Data Security Standard (DSS)
• Developed to encourage and enhance cardholder data security
• Facilitates the broad adoption of consistent data security measures globally
– PCI DSS Requirements & Security Assessment Procedures
• Uses the 12 PCI DSS requirements as its foundation
• Combines them with corresponding testing procedures
– Designed for use by assessors conducting on-site reviews for:
• Merchants
• Service providers
Overview of PCI
© HelpSystems3/9/2015 6
• Each card issuing brand has its own
set of validation & reporting requirements:
– Any entity that stores, processes, and/or transmits
cardholder data must comply with PCI DSS
– Entities may include but are not limited to:
• Merchants
• Service providers
Who must comply with PCI DSS?
© HelpSystems3/9/2015 7
JANUARY 1
ALL YEAR
NOVEMBER
DECEMBER 31
APRIL-AUGUST
NOVEMBER-APRIL
MAY-JULY
NOVEMBER
KEY DATES
Best practices
for v3 become
requirements
June 2015
PCI = 3yr Lifecycle
© HelpSystems3/9/2015 9
Build and Maintain a
Secure Network
1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and
other security parameters
Protect Cardholder Data 3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
Maintain Vulnerability
Management Program
5. Use and regularly update anti-virus software or programs
6. Develop and maintain secure systems and applications
Implement Strong Access
Control Measures
7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
Regularly Monitor and
Test Networks
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an Information
Security Policy12. Maintain a policy that addresses information security for all personnel
The 12 Requirements of PCI DSS
© HelpSystems3/9/2015 10
• Develop and maintain
secure systems and
applications
– Change control
– Development and test
separate from production
– Control access to production
systems
– Database replication for
disaster recovery
Requirement #6
© HelpSystems3/9/2015 11
Control access to production systems High Availability option
Requirement #6
© HelpSystems3/9/2015 12
• Restrict access to cardholder
data by business need-to-
know
– Limit access to system
components and cardholder
data
– Establish access control for
systems with multiple users
Requirement #7
© HelpSystems3/9/2015 13
Limit access to system components Limit access for multiple users
Requirement #7
© HelpSystems3/9/2015 14
• Track and monitor all access
to network resources and
cardholder data
– Audit history trail
– Exception reports
• Job history
• Job monitors
• Agent event history
– Archive logs
Requirement #10
© HelpSystems3/9/2015 16
• Maintain a policy that
addresses information
security
– Documentation
– Role security
– Audit
– Reporting
– Exceptions
Requirement #12
© HelpSystems3/9/2015 19
800-328-1000 or +1 952-933-0609
www.helpsystems.com
Thank You for Joining Us!Thank you for joining us!