SlideShare a Scribd company logo

PCI Change Detection: Thinking Beyond the Checkbox

Download as PPTX, PDF
Tripwire, profile picture
Tripwire

The document outlines key security requirements and best practices for protecting cardholder data, as emphasized by Glenn Rogers and Tim Erlin. It highlights the importance of maintaining a secure network, implementing strong access control measures, and regularly monitoring security systems. Additionally, it references compliance with PCI DSS 3.2 and promotes continuous monitoring and risk reduction strategies.

Technology
1 of 14
Downloaded 47 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
PCI Change Detection: Thinking Beyond the Checkbox
Glenn Rogers CIO Girl Scouts of Northern California Tim Erlin Dir. IT Risk and Security Strategist Tripwire
PCI Change Detection: Thinking Beyond the Checkbox
PCI Change Detection: Thinking Beyond the Checkbox
PCI Change Detection: Thinking Beyond the Checkbox
PCI Change Detection: Thinking Beyond the Checkbox
PCI Change Detection: Thinking Beyond the Checkbox
PCI Change Detection: Thinking Beyond the Checkbox
1: Build and Maintain a Secure Network 2: Protect Cardholder Data 3: Maintain a Vulnerability Management Program 4: Implement Strong Access Control Measures 5: Regularly Monitor and Test Networks 6: Maintain an Information Security Policy Requirement 1: Install and maintain a firewall configuration to Protect Cardholder Data Requirement 3: Protect stored cardholder data Requirement 5: Protect all systems against malware and regularly update anti- virus software or programs Requirement 7: Restrict access to cardholder data by business need to know Requirement 10: Track and monitor all access to network resources and cardholder data Requirement 12: Maintain a policy that addresses information security for all personnel Requirement 2: Do not use vendor- supplied defaults for system passwords and other security parameters Requirement 4: Encrypt transmission of cardholder data across open, public networks Requirement 6: Develop and maintain secure systems and applications Requirement 8: Identify and authenticate access to system components Requirement 11: Regularly test security systems and processes Requirement 9: Restrict physical access to cardholder data Validates Provides Supports
PCI Change Detection: Thinking Beyond the Checkbox
Tripwire and PCI DSS 3.2
Continuous Monitoring Risk Reduction Threat Detection and Response Operational Cost Reduction INTEGRATION AUTOM ATION CONTEXT
PCI Change Detection: Thinking Beyond the Checkbox
PCI Change Detection: Thinking Beyond the Checkbox

More Related Content

PPTX
Taking the Pain out of PCI Compliance
Tripwire
 
PPTX
Payment Card Industry Compliance Requirements
Jamal Soudi
 
PDF
DataPower as PCI
Shiu-Fun Poon
 
PPT
WE16 - Defense in Depth: Top 10 Critical Security Controls
Society of Women Engineers
 
PDF
2017 IT Control Environment for Local Gov
Donald E. Hester
 
PPTX
OWASP Nagpur Meet #4
OWASP Nagpur
 
PPTX
Network Security
Techknow Book
 
PDF
Understanding the Experian independent third party assessment (EI3PA ) requir...
Redspin, Inc.
 
Taking the Pain out of PCI Compliance
Tripwire
 
Payment Card Industry Compliance Requirements
Jamal Soudi
 
DataPower as PCI
Shiu-Fun Poon
 
WE16 - Defense in Depth: Top 10 Critical Security Controls
Society of Women Engineers
 
2017 IT Control Environment for Local Gov
Donald E. Hester
 
OWASP Nagpur Meet #4
OWASP Nagpur
 
Network Security
Techknow Book
 
Understanding the Experian independent third party assessment (EI3PA ) requir...
Redspin, Inc.
 

What's hot (20)

PPT
Security
Dr. Vardhan choubey
 
PDF
Pervasive Security Across Your Extended Network
Cisco Security
 
PPT
Security Readiness Profile
pds2k.com
 
PPTX
Security Essentials
Ashley Deuble
 
PDF
Cyber essentials-overview-sep-2021-211019100139
evaleng2
 
PDF
Brian Starr Cover Letter
Brian Starr
 
PPTX
6 Steps to Secure Network Devices
Lisa Kearney
 
PDF
Fire walls
Smit Panchal
 
PPTX
Sallysspecialservices networksecurityproposal2-100305141834-phpapp02
Sally's Special Services
 
PDF
Michael jarmark internet security basics
MichaelJarmark_
 
PPTX
IoT Threat Intel - Steppa
Steppa Cyber Security
 
PDF
Info and telecom_network_security
Brijesh Kumar
 
PPT
Telkom Sigma Software Security System v1
Directorate of Information Security | Ditjen Aptika
 
PDF
Midsize Business Solutions: Cybersecurity
Cisco Security
 
PDF
mcq edu03 Anju 23.pdf
ANJUMOHANANU
 
DOC
Mohammed imranuddin cv.DOC
mohammed imranuddin
 
PDF
Edu 03Anju 23 assignment.pdf
ANJUMOHANANU
 
PPTX
PCI Compliance Myths, Reality and Solutions for Retail
InDefense Security
 
PPTX
What is the UK Cyber Essentials scheme?
IT Governance Ltd
 
PDF
New VIPRE_DS_EndpointSecurity_2016
Cyd Isaak Francisco
 
Security
Dr. Vardhan choubey
 
Pervasive Security Across Your Extended Network
Cisco Security
 
Security Readiness Profile
pds2k.com
 
Security Essentials
Ashley Deuble
 
Cyber essentials-overview-sep-2021-211019100139
evaleng2
 
Brian Starr Cover Letter
Brian Starr
 
6 Steps to Secure Network Devices
Lisa Kearney
 
Fire walls
Smit Panchal
 
Sallysspecialservices networksecurityproposal2-100305141834-phpapp02
Sally's Special Services
 
Michael jarmark internet security basics
MichaelJarmark_
 
IoT Threat Intel - Steppa
Steppa Cyber Security
 
Info and telecom_network_security
Brijesh Kumar
 
Telkom Sigma Software Security System v1
Directorate of Information Security | Ditjen Aptika
 
Midsize Business Solutions: Cybersecurity
Cisco Security
 
mcq edu03 Anju 23.pdf
ANJUMOHANANU
 
Mohammed imranuddin cv.DOC
mohammed imranuddin
 
Edu 03Anju 23 assignment.pdf
ANJUMOHANANU
 
PCI Compliance Myths, Reality and Solutions for Retail
InDefense Security
 
What is the UK Cyber Essentials scheme?
IT Governance Ltd
 
New VIPRE_DS_EndpointSecurity_2016
Cyd Isaak Francisco
 
Ad

Viewers also liked (20)

PPTX
Leveraging Change Control for Security
Tripwire
 
PPTX
Tripwire University Boot Camp – Economy of Bad
Tripwire
 
PPTX
Tripwire University Boot Camp – The Shifting Landscape: Know Your Battlefield
Tripwire
 
PPTX
Survival of the Fittest: How to Build a Cyber Resilient Organization
Tripwire
 
PPTX
The RMF: New Emphasis on the Risk Management Framework for Government Organiz...
Tripwire
 
PPTX
Tripwire University: Cyberwar Boot Camp – Introduction and Overview
Tripwire
 
PPTX
8 Tips on Creating a Security Culture in the Workplace
Tripwire
 
PPTX
Threat Intelligence from Honeypots for Active Defense
Tripwire
 
PPTX
"Backoff" Malware: How to Know If You're Infected
Tripwire
 
PDF
Keep Your Guard: Stay Compliant and Be Secure
Tripwire
 
PPTX
An Essential Guide to EU GDPR
Tripwire
 
PPTX
Achieving Continuous Monitoring with Security Automation
Tripwire
 
PPTX
Tripwire IP360 Vulnerability Management
Tripwire
 
PPTX
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Tripwire
 
PPTX
Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes
Tripwire
 
PDF
How to Protect Your Organization from the Ransomware Epidemic
Tripwire
 
PPTX
Excellence in the Essentials: It's Not Whether You Implement Foundational Con...
Tripwire
 
PPTX
Overload: Critical Lessons from 15 Years of ICS Vulnerabilities
Tripwire
 
PPTX
3 Success Stories on the Tripwire Enterprise Journey
Tripwire
 
PDF
Industry Insights from Infosecurity Europe 2016
Tripwire
 
Leveraging Change Control for Security
Tripwire
 
Tripwire University Boot Camp – Economy of Bad
Tripwire
 
Tripwire University Boot Camp – The Shifting Landscape: Know Your Battlefield
Tripwire
 
Survival of the Fittest: How to Build a Cyber Resilient Organization
Tripwire
 
The RMF: New Emphasis on the Risk Management Framework for Government Organiz...
Tripwire
 
Tripwire University: Cyberwar Boot Camp – Introduction and Overview
Tripwire
 
8 Tips on Creating a Security Culture in the Workplace
Tripwire
 
Threat Intelligence from Honeypots for Active Defense
Tripwire
 
"Backoff" Malware: How to Know If You're Infected
Tripwire
 
Keep Your Guard: Stay Compliant and Be Secure
Tripwire
 
An Essential Guide to EU GDPR
Tripwire
 
Achieving Continuous Monitoring with Security Automation
Tripwire
 
Tripwire IP360 Vulnerability Management
Tripwire
 
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Tripwire
 
Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes
Tripwire
 
How to Protect Your Organization from the Ransomware Epidemic
Tripwire
 
Excellence in the Essentials: It's Not Whether You Implement Foundational Con...
Tripwire
 
Overload: Critical Lessons from 15 Years of ICS Vulnerabilities
Tripwire
 
3 Success Stories on the Tripwire Enterprise Journey
Tripwire
 
Industry Insights from Infosecurity Europe 2016
Tripwire
 
Ad

Similar to PCI Change Detection: Thinking Beyond the Checkbox (20)

PDF
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
Christopher Nanchengwa
 
PPTX
Stay Ahead of Threats with Advanced Security Protection - Fortinet
MarcoTechnologies
 
PPTX
Guidelines on Cyber Security in Power Sector 2021_R.pptx
srinivascooldude58
 
DOCX
1. Written assignmentscommunication must demonstrate professional.docx
paynetawnya
 
PPTX
Scrapping for Pennies: How to implement security without a budget
Ryan Wisniewski
 
PDF
Cisco Live Cancun PR Session
Felipe Lamus
 
PDF
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Shawn Tuma
 
DOCX
Performance MNIST Special Publicatio.docx
karlhennesey
 
PDF
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...
Nagios
 
PPT
CCNA Security - Chapter 1
Irsandi Hasan
 
PDF
What is expected from an organization under NCA ECC Compliance?
VISTA InfoSec
 
PDF
Cloud native patterns antipatterns
Martin Stemplinger
 
PPTX
Information security principles
Dan Morrill
 
PDF
NIST CHECKLIST by InfosecTrain.pdf InfosecTrain
infosec train
 
PDF
National Institute of Standards and Technology (NIST) checklist
priyanshamadhwal2
 
PDF
NIST Cybersecurity Framework building a checklist.pdf
infosecTrain
 
PPTX
Information Systems Policy
Ali Sadhik Shaik
 
PPT
RiskWatch for Credit Unions™
CPaschal
 
DOCX
Outline for an Enterprise IT Security PolicyNo NameJanuary 24, 201.docx
alfred4lewis58146
 
PPTX
DojoSec FISMA Presentation
danphilpott
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
Christopher Nanchengwa
 
Stay Ahead of Threats with Advanced Security Protection - Fortinet
MarcoTechnologies
 
Guidelines on Cyber Security in Power Sector 2021_R.pptx
srinivascooldude58
 
1. Written assignmentscommunication must demonstrate professional.docx
paynetawnya
 
Scrapping for Pennies: How to implement security without a budget
Ryan Wisniewski
 
Cisco Live Cancun PR Session
Felipe Lamus
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Shawn Tuma
 
Performance MNIST Special Publicatio.docx
karlhennesey
 
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...
Nagios
 
CCNA Security - Chapter 1
Irsandi Hasan
 
What is expected from an organization under NCA ECC Compliance?
VISTA InfoSec
 
Cloud native patterns antipatterns
Martin Stemplinger
 
Information security principles
Dan Morrill
 
NIST CHECKLIST by InfosecTrain.pdf InfosecTrain
infosec train
 
National Institute of Standards and Technology (NIST) checklist
priyanshamadhwal2
 
NIST Cybersecurity Framework building a checklist.pdf
infosecTrain
 
Information Systems Policy
Ali Sadhik Shaik
 
RiskWatch for Credit Unions™
CPaschal
 
Outline for an Enterprise IT Security PolicyNo NameJanuary 24, 201.docx
alfred4lewis58146
 
DojoSec FISMA Presentation
danphilpott
 

More from Tripwire (20)

PDF
Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Tripwire
 
PDF
Data Privacy Day 2022: Tips to Ensure Data Privacy
Tripwire
 
PDF
Key Challenges Facing IT/OT: Hear From The Experts
Tripwire
 
PPTX
Tripwire Energy Working Group: TIV Demo
Tripwire
 
PPTX
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire
 
PPTX
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire
 
PPTX
Tripwire Energy Working Group: Customer Session with Chase Cole
Tripwire
 
PPTX
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire
 
PDF
World Book Day: Cybersecurity’s Quietest Celebration
Tripwire
 
PDF
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire
 
PDF
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Tripwire
 
PDF
The Adventures of Captain Tripwire: Coloring Book!
Tripwire
 
PDF
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Tripwire
 
PDF
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
Tripwire
 
PDF
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire
 
PDF
A Look Back at 2018: The Most Memorable Cyber Moments
Tripwire
 
PPTX
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Tripwire
 
PDF
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire
 
PPTX
Defend Your Data Now with the MITRE ATT&CK Framework
Tripwire
 
PPTX
Defending Critical Infrastructure Against Cyber Attacks
Tripwire
 
Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Tripwire
 
Data Privacy Day 2022: Tips to Ensure Data Privacy
Tripwire
 
Key Challenges Facing IT/OT: Hear From The Experts
Tripwire
 
Tripwire Energy Working Group: TIV Demo
Tripwire
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire
 
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire
 
Tripwire Energy Working Group: Customer Session with Chase Cole
Tripwire
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire
 
World Book Day: Cybersecurity’s Quietest Celebration
Tripwire
 
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire
 
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Tripwire
 
The Adventures of Captain Tripwire: Coloring Book!
Tripwire
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Tripwire
 
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
Tripwire
 
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire
 
A Look Back at 2018: The Most Memorable Cyber Moments
Tripwire
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Tripwire
 
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire
 
Defend Your Data Now with the MITRE ATT&CK Framework
Tripwire
 
Defending Critical Infrastructure Against Cyber Attacks
Tripwire
 

Recently uploaded (20)

PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
A Presentation on Artificial Intelligence
memembruh336
 

PCI Change Detection: Thinking Beyond the Checkbox

  • 2. Glenn Rogers CIO Girl Scouts of Northern California Tim Erlin Dir. IT Risk and Security Strategist Tripwire
  • 9. 1: Build and Maintain a Secure Network 2: Protect Cardholder Data 3: Maintain a Vulnerability Management Program 4: Implement Strong Access Control Measures 5: Regularly Monitor and Test Networks 6: Maintain an Information Security Policy Requirement 1: Install and maintain a firewall configuration to Protect Cardholder Data Requirement 3: Protect stored cardholder data Requirement 5: Protect all systems against malware and regularly update anti- virus software or programs Requirement 7: Restrict access to cardholder data by business need to know Requirement 10: Track and monitor all access to network resources and cardholder data Requirement 12: Maintain a policy that addresses information security for all personnel Requirement 2: Do not use vendor- supplied defaults for system passwords and other security parameters Requirement 4: Encrypt transmission of cardholder data across open, public networks Requirement 6: Develop and maintain secure systems and applications Requirement 8: Identify and authenticate access to system components Requirement 11: Regularly test security systems and processes Requirement 9: Restrict physical access to cardholder data Validates Provides Supports
  • 11. Tripwire and PCI DSS 3.2
  • 12. Continuous Monitoring Risk Reduction Threat Detection and Response Operational Cost Reduction INTEGRATION AUTOM ATION CONTEXT