80 likes | 244 Vues
PCI Compliance Update. Presented by: Jeff Gassaway, Information Security Officer – CISSP Lucas Walker, Information Security Analyst – GSEC. The Way We W ere. FY 2012-2013 Improved oversight and direction Improved compliance with PCI data security standards
E N D
PCI Compliance Update Presented by: Jeff Gassaway, Information Security Officer – CISSP Lucas Walker, Information Security Analyst – GSEC
The Way We Were • FY 2012-2013 • Improved oversight and direction • Improved compliance with PCI data security standards • Improved campus-wide security controls
What We Did to Improve • Brought CoalFire on site for departments with largest volume and highest risk PCI transactions. • Established PCI mailing list to facilitate communication • Brought PCI trainings to campus • Created PCI Working Group • Based on number of transactions per year • How credit cards are being taken • Essentially, risk to the consumer
How We Reduced Costs • Reduced reliance on CoalFire’s services • Shadowed CoalFire site visits and interviews • Assisted departments in utilizing CoalFire’s tools • Navis • LightHouse • PCI Working Group • Working to develop standard solutions to meet a variety of departmental needs • Provide guidance • Consistency
Where We Are • Reducing Scope and Complexity • Clarifying PCI terms • Bringing significant issues to PCI Working group: • Developing approved enterprise solutions • Advising on business processes changes • Researching and supporting common tools and technology • Reviewing and enhancing policies and procedures • Cost Reduction
Where We Must Go • Quarterly scans (internal and external) conducted • Robust change and patch management implemented • Everything in scope logged and reviewed daily • Consistent policies developed • Annual departmental policy review and trainings conducted • No cards stored • No non-compliance
Q&A • Help.unm.edu • security@unm.edu • kmellor@unm.edu • Policy 7215 • it.unm.edu/security