SlideShare a Scribd company logo

A systematic approach to pci compliance using rsa archer

Subhajit Bhuiya, profile picture
Subhajit Bhuiya

This document summarizes an RSA Archer webcast on PCI compliance management. It discusses the business challenges of PCI compliance, including the proliferation of credit cards and numerous entry points for credit card data theft. It outlines RSA Archer's PCI compliance management process and how its pre-configured solution provides benefits like efficiency, visibility, and scalability. It demonstrates the PCI compliance component layout in RSA Archer and how organizations can define cardholder data environments, capture evidence, and report on compliance. It provides an example of how one organization improved compliance measurement by consolidating work in RSA Archer.

BusinessTechnology
1 of 12
Downloaded 36 times
1
2
3
4
5
6
7
8
9
10
11
12
1EMC CONFIDENTIAL—INTERNAL USE ONLY RSA Archer PCI Compliance Management RSA Archer Focused Solutions Webcast Clifford Huntington – RSA Archer Product Management
2EMC CONFIDENTIAL—INTERNAL USE ONLY Business Challenges and Issues Proliferation of credit cards has increased the potential for fraudulent transactions Many parties involved in the payment process Numerous entry points for access and misuse of credit card data Failure to comply can result in fines, withdrawal from card programs, greater operational costs and potential reputational damage Costs associated with gaining & maintaining PCI compliance can be substantial Organizations have realized that PCI compliance must be a continuous assessment effort and not a point in time exercise Payment Card Industry (PCI) program has placed significant pressure on businesses to establish enterprise- grade security programs PCI Data is Both a Benefit and Liability for Organizations
3EMC CONFIDENTIAL—INTERNAL USE ONLY Storage of Personal Card Data is a Common Practice Recent Survey of Businesses in the U.S. and Europe 81% 73% 71% 57% 16% Store Payment Card Numbers Store Payment Card Expiration Dates Store Payment Card Verification Codes Store Magnetic Data from the Payment Card Magnetic Strip Store Other Personal Data Common Business Practices That Put Cardholder Data at Risk Source: Forrester Research – The State of PCI Compliance (commissioned by RSA/EMC)
4EMC CONFIDENTIAL—INTERNAL USE ONLY RSA Archer PCI Compliance Management Process ID Cardholder Data Flows Determine Scope ID & Implement Controls Gather Evidence Review Controls / Complete SAQ Remediate Complete Validation Requirements Submit Validation Requirements
5EMC CONFIDENTIAL—INTERNAL USE ONLY PCI Compliance Value Proposition Business Benefits of RSA Archer PCI Solution Pre-Configured Solution Efficiency Visibility Scalability • Jumpstart PCI Compliance Program • Pre-written Policies, Standards, Procedures & Assessments • Streamlines the compliance process • Automates assessments • Reduces test & maintenance costs • Integrates with broader RSA GRC solutions • Easily add additional solutions as business requirements grow • Real-time visibility into the state of organizational PCI compliance • Powerful executive dashboards & reports
6EMC CONFIDENTIAL—INTERNAL USE ONLY eGRC Platform Policy Management Enterprise Management Compliance Management PCI Compliance Management Cardholder Data Environments PCI Compliance Projects Reports on Compliance PCI Compliance Component Layout
7EMC CONFIDENTIAL—INTERNAL USE ONLY  Define your Cardholder Data Environment, Deploy Control Self Assessments, schedule ongoing compliance activities integrate technical compliance tools, manage issues, exceptions and remediation actions. Capture Evidence Schedule Ongoing Compliance Assessments Document Your Control Framework Report on Overall Compliance Manage Issues, Exceptions and Remediations Define your Cardholder Data Environment How We Do It
8EMC CONFIDENTIAL—INTERNAL USE ONLY Time to Prepare Compliance Metrics and Reports # PCI Requirements Met Reduced Time to Measure Compliance with New Versions # Closed Findings Cost of Regulatory Audit Fines Measuring Your Success Before we managed work in two or three places. With RSA Archer, we have one place to manage all of our work. People are completing assessments and migrating risk, not focusing on administrative tasks. “ “
9EMC CONFIDENTIAL—INTERNAL USE ONLY Product Demonstration
10EMC CONFIDENTIAL—INTERNAL USE ONLY Questions & Answers
11© Copyright 2011 EMC Corporation. All rights reserved. Upcoming RSA Archer Webcasts • Aug 8 at 11ET: ACI/AIMS/Archer/Security Analytics • Register on the RSA public website or Archer Community http://www.emc.com/campaign/global/rsa/rsa-webcast.htm • Webcast replays are also on public website or Community
12© Copyright 2011 EMC Corporation. All rights reserved. THANK YOU

More Related Content

PPTX
Rsa archer training
Global Online Trainings
 
PDF
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Rui Miguel Feio
 
PDF
ITAM Tools Day, November 2015 - ITAM Review
Martin Thompson
 
PDF
Flexera Software Tools Day 2015
Martin Thompson
 
PPTX
SAP Governance,Risk and Compliance
TLI GrowthSession
 
PPTX
Salesforce Security Review Tips and Tricks
Ryan Flood
 
PDF
081712 isaca-atl-auditing sap-grc
hkodali
 
PDF
brainwaregroup ITAM Review Tools Day Presentation 2015
Martin Thompson
 
Rsa archer training
Global Online Trainings
 
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Rui Miguel Feio
 
ITAM Tools Day, November 2015 - ITAM Review
Martin Thompson
 
Flexera Software Tools Day 2015
Martin Thompson
 
SAP Governance,Risk and Compliance
TLI GrowthSession
 
Salesforce Security Review Tips and Tricks
Ryan Flood
 
081712 isaca-atl-auditing sap-grc
hkodali
 
brainwaregroup ITAM Review Tools Day Presentation 2015
Martin Thompson
 

What's hot (20)

PDF
ITAM Tools Day, November 2015 - Concorde
Martin Thompson
 
PPTX
Pg presentation for steph
Kjohnson33
 
PDF
In2SAM Audit Defence_ITAM Review Amsterdam April 2016
Martin Thompson
 
PDF
8MANOverview
Paul James Thompson
 
PDF
Iia los angeles sap security presentation
hkodali
 
PPTX
Ewug 1811 break the glass
Per Larsen
 
PDF
Microsoft audit defence gotchas check list
Martin Thompson
 
PPT
Isms3
aaditya
 
PPT
Isms4
aaditya
 
PDF
Are you the next sitting duck that will be moved to the Oracle Cloud as a res...
Martin Thompson
 
PPTX
Network security in Chennai
JoshuaMichael01
 
PDF
Why your works council has nothing to fear from SAP security. [Webinar]
akquinet enterprise solutions GmbH
 
PDF
Effective Cyber Security – the difference between “point in time” and “period...
akquinet enterprise solutions GmbH
 
PDF
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
akquinet enterprise solutions GmbH
 
PPTX
Identity Management: Front and Center for Healthcare Providers
Andrew Ames
 
PPTX
Quest One Identity Management Summary
Quest Software
 
PDF
SAST Authorization Management: How to integrate your SoD analysis into the SA...
akquinet enterprise solutions GmbH
 
PDF
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
akquinet enterprise solutions GmbH
 
PDF
Communication & making your ITAM strategy stick Workshop: Barbara Scott, Pres...
Martin Thompson
 
PDF
Microsoft audit defence entitlement check list
Martin Thompson
 
ITAM Tools Day, November 2015 - Concorde
Martin Thompson
 
Pg presentation for steph
Kjohnson33
 
In2SAM Audit Defence_ITAM Review Amsterdam April 2016
Martin Thompson
 
8MANOverview
Paul James Thompson
 
Iia los angeles sap security presentation
hkodali
 
Ewug 1811 break the glass
Per Larsen
 
Microsoft audit defence gotchas check list
Martin Thompson
 
Isms3
aaditya
 
Isms4
aaditya
 
Are you the next sitting duck that will be moved to the Oracle Cloud as a res...
Martin Thompson
 
Network security in Chennai
JoshuaMichael01
 
Why your works council has nothing to fear from SAP security. [Webinar]
akquinet enterprise solutions GmbH
 
Effective Cyber Security – the difference between “point in time” and “period...
akquinet enterprise solutions GmbH
 
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
akquinet enterprise solutions GmbH
 
Identity Management: Front and Center for Healthcare Providers
Andrew Ames
 
Quest One Identity Management Summary
Quest Software
 
SAST Authorization Management: How to integrate your SoD analysis into the SA...
akquinet enterprise solutions GmbH
 
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
akquinet enterprise solutions GmbH
 
Communication & making your ITAM strategy stick Workshop: Barbara Scott, Pres...
Martin Thompson
 
Microsoft audit defence entitlement check list
Martin Thompson
 
Ad

Similar to A systematic approach to pci compliance using rsa archer (20)

PDF
PCI Certification and remediation services
Tariq Juneja
 
PPT
eCommerce Summit Atlanta Mountain Media
eCommerce Merchants
 
PPT
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
Melanie Beam
 
PPT
Evolution Pci For Pod1
Amanda Squires@Pod1
 
PDF
PCI-DSS for IDRBT
Shanmugavel Sankaran
 
PDF
PCI DSS Implementation: A Five Step Guide
AlienVault
 
PPT
Indonesian e-Commerce requires Scalability, Reliability and Security to Achi...
Sutedjo Tjahjadi
 
PPTX
Educause+PCI+briefing+4-19-20162345.pptx
gealehegn
 
PDF
IT Security and Risk Management - Visionet Systems
Visionet Systems, Inc.
 
PPTX
PCI PIN Security & Key Management Compliance
ControlCase
 
PPTX
Secrets for Successful Regulatory Compliance Projects
Christopher Foot
 
PPT
Information Security Program & PCI Compliance Planning for your Business
Laura Perry
 
PDF
Tripwire PCI Customer Success Stories
LOGON Software
 
PPTX
Managing Multiple Assessments Using Zero Trust Principles
ControlCase
 
PPTX
Payment card industry data security standard
sallychiu
 
PDF
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Jason Dover
 
PDF
Credit Card Processing for Small Business
Mark Ginnebaugh
 
PDF
Reduce PCI Scope - Maximise Conversion - Whitepaper
Shaun O'keeffe
 
PPTX
Vendor Management for PCI DSS, HIPAA, and FFIEC
ControlCase
 
PPT
PCI DSS
Duy Do Phan
 
PCI Certification and remediation services
Tariq Juneja
 
eCommerce Summit Atlanta Mountain Media
eCommerce Merchants
 
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
Melanie Beam
 
Evolution Pci For Pod1
Amanda Squires@Pod1
 
PCI-DSS for IDRBT
Shanmugavel Sankaran
 
PCI DSS Implementation: A Five Step Guide
AlienVault
 
Indonesian e-Commerce requires Scalability, Reliability and Security to Achi...
Sutedjo Tjahjadi
 
Educause+PCI+briefing+4-19-20162345.pptx
gealehegn
 
IT Security and Risk Management - Visionet Systems
Visionet Systems, Inc.
 
PCI PIN Security & Key Management Compliance
ControlCase
 
Secrets for Successful Regulatory Compliance Projects
Christopher Foot
 
Information Security Program & PCI Compliance Planning for your Business
Laura Perry
 
Tripwire PCI Customer Success Stories
LOGON Software
 
Managing Multiple Assessments Using Zero Trust Principles
ControlCase
 
Payment card industry data security standard
sallychiu
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Jason Dover
 
Credit Card Processing for Small Business
Mark Ginnebaugh
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Shaun O'keeffe
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
ControlCase
 
PCI DSS
Duy Do Phan
 
Ad

Recently uploaded (20)

PPTX
Dragon_Fruit_Cultivation_in Nepal ppt.pptx
UmeshTimilsina1
 
PDF
pdfcoffee.com-opt-b1plus-sb-answers.pdfvi
thaoonguyenn2311
 
DOCX
Euro SEO Services 1st 3 General Updates.docx
AmirNazir49
 
DOCX
Business Management - unit 1 and 2
anithak410
 
PDF
kom-180-proposal-for-a-directive-amending-directive-2014-45-eu-and-directive-...
nlusch08
 
PDF
WRN_Investor_Presentation_August 2025.pdf
cmagee4
 
PDF
DOC-20250806-WA0002._20250806_112011_0000.pdf
dhanusriss08
 
PPTX
5 Stages of group development guide.pptx
keerthanashanmugam201
 
PPTX
Probability Distribution, binomial distribution, poisson distribution
gayusakktivel
 
PDF
Types of control:Qualitative vs Quantitative
reshmaaslm06
 
DOCX
unit 1 COST ACCOUNTING AND COST SHEET
MANJU N
 
PDF
Elevate Cleaning Efficiency Using Tallfly Hair Remover Roller Factory Expertise
farsookmon97766765
 
DOCX
unit 2 cost accounting- Tender and Quotation & Reconciliation Statement
MANJU N
 
PDF
Traveri Digital Marketing Seminar 2025 by Corey and Jessica Perlman
Corey Perlman, Social Media Speaker and Consultant
 
PDF
Stem Cell Market Report | Trends, Growth & Forecast 2025-2034
Claight Corporation
 
PDF
Power and position in leadershipDOC-20250808-WA0011..pdf
meghavinikumar2006
 
PPT
Chapter four Project-Preparation material
argachewbochena1
 
PDF
IFRS Notes in your pocket for study all the time
jjj81507
 
PDF
Ôn tập tiếng anh trong kinh doanh nâng cao
thaoonguyenn2311
 
PPT
Data mining for business intelligence ch04 sharda
salmaalsaeed3
 
Dragon_Fruit_Cultivation_in Nepal ppt.pptx
UmeshTimilsina1
 
pdfcoffee.com-opt-b1plus-sb-answers.pdfvi
thaoonguyenn2311
 
Euro SEO Services 1st 3 General Updates.docx
AmirNazir49
 
Business Management - unit 1 and 2
anithak410
 
kom-180-proposal-for-a-directive-amending-directive-2014-45-eu-and-directive-...
nlusch08
 
WRN_Investor_Presentation_August 2025.pdf
cmagee4
 
DOC-20250806-WA0002._20250806_112011_0000.pdf
dhanusriss08
 
5 Stages of group development guide.pptx
keerthanashanmugam201
 
Probability Distribution, binomial distribution, poisson distribution
gayusakktivel
 
Types of control:Qualitative vs Quantitative
reshmaaslm06
 
unit 1 COST ACCOUNTING AND COST SHEET
MANJU N
 
Elevate Cleaning Efficiency Using Tallfly Hair Remover Roller Factory Expertise
farsookmon97766765
 
unit 2 cost accounting- Tender and Quotation & Reconciliation Statement
MANJU N
 
Traveri Digital Marketing Seminar 2025 by Corey and Jessica Perlman
Corey Perlman, Social Media Speaker and Consultant
 
Stem Cell Market Report | Trends, Growth & Forecast 2025-2034
Claight Corporation
 
Power and position in leadershipDOC-20250808-WA0011..pdf
meghavinikumar2006
 
Chapter four Project-Preparation material
argachewbochena1
 
IFRS Notes in your pocket for study all the time
jjj81507
 
Ôn tập tiếng anh trong kinh doanh nâng cao
thaoonguyenn2311
 
Data mining for business intelligence ch04 sharda
salmaalsaeed3
 

A systematic approach to pci compliance using rsa archer

  • 1. 1EMC CONFIDENTIAL—INTERNAL USE ONLY RSA Archer PCI Compliance Management RSA Archer Focused Solutions Webcast Clifford Huntington – RSA Archer Product Management
  • 2. 2EMC CONFIDENTIAL—INTERNAL USE ONLY Business Challenges and Issues Proliferation of credit cards has increased the potential for fraudulent transactions Many parties involved in the payment process Numerous entry points for access and misuse of credit card data Failure to comply can result in fines, withdrawal from card programs, greater operational costs and potential reputational damage Costs associated with gaining & maintaining PCI compliance can be substantial Organizations have realized that PCI compliance must be a continuous assessment effort and not a point in time exercise Payment Card Industry (PCI) program has placed significant pressure on businesses to establish enterprise- grade security programs PCI Data is Both a Benefit and Liability for Organizations
  • 3. 3EMC CONFIDENTIAL—INTERNAL USE ONLY Storage of Personal Card Data is a Common Practice Recent Survey of Businesses in the U.S. and Europe 81% 73% 71% 57% 16% Store Payment Card Numbers Store Payment Card Expiration Dates Store Payment Card Verification Codes Store Magnetic Data from the Payment Card Magnetic Strip Store Other Personal Data Common Business Practices That Put Cardholder Data at Risk Source: Forrester Research – The State of PCI Compliance (commissioned by RSA/EMC)
  • 4. 4EMC CONFIDENTIAL—INTERNAL USE ONLY RSA Archer PCI Compliance Management Process ID Cardholder Data Flows Determine Scope ID & Implement Controls Gather Evidence Review Controls / Complete SAQ Remediate Complete Validation Requirements Submit Validation Requirements
  • 5. 5EMC CONFIDENTIAL—INTERNAL USE ONLY PCI Compliance Value Proposition Business Benefits of RSA Archer PCI Solution Pre-Configured Solution Efficiency Visibility Scalability • Jumpstart PCI Compliance Program • Pre-written Policies, Standards, Procedures & Assessments • Streamlines the compliance process • Automates assessments • Reduces test & maintenance costs • Integrates with broader RSA GRC solutions • Easily add additional solutions as business requirements grow • Real-time visibility into the state of organizational PCI compliance • Powerful executive dashboards & reports
  • 6. 6EMC CONFIDENTIAL—INTERNAL USE ONLY eGRC Platform Policy Management Enterprise Management Compliance Management PCI Compliance Management Cardholder Data Environments PCI Compliance Projects Reports on Compliance PCI Compliance Component Layout
  • 7. 7EMC CONFIDENTIAL—INTERNAL USE ONLY  Define your Cardholder Data Environment, Deploy Control Self Assessments, schedule ongoing compliance activities integrate technical compliance tools, manage issues, exceptions and remediation actions. Capture Evidence Schedule Ongoing Compliance Assessments Document Your Control Framework Report on Overall Compliance Manage Issues, Exceptions and Remediations Define your Cardholder Data Environment How We Do It
  • 8. 8EMC CONFIDENTIAL—INTERNAL USE ONLY Time to Prepare Compliance Metrics and Reports # PCI Requirements Met Reduced Time to Measure Compliance with New Versions # Closed Findings Cost of Regulatory Audit Fines Measuring Your Success Before we managed work in two or three places. With RSA Archer, we have one place to manage all of our work. People are completing assessments and migrating risk, not focusing on administrative tasks. “ “
  • 9. 9EMC CONFIDENTIAL—INTERNAL USE ONLY Product Demonstration
  • 10. 10EMC CONFIDENTIAL—INTERNAL USE ONLY Questions & Answers
  • 11. 11© Copyright 2011 EMC Corporation. All rights reserved. Upcoming RSA Archer Webcasts • Aug 8 at 11ET: ACI/AIMS/Archer/Security Analytics • Register on the RSA public website or Archer Community http://www.emc.com/campaign/global/rsa/rsa-webcast.htm • Webcast replays are also on public website or Community
  • 12. 12© Copyright 2011 EMC Corporation. All rights reserved. THANK YOU