PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan

3

2

1

“Total Global Impact of CyberCrime US $3 Trillion, making it more profitable

than the global trade in marijuana, cocaine and heroin combined.”-Europol Serious & Organised Threat Assessment 2013

IT security is no longer a trivial issue and is now becoming

part of a company’s boardroom discussion

PCI DSS 3.0

How Secure Is Your Cardholder Data?

How To Protect

Identify & Value Key Assets

Recommendation: Have meetings with Application Developers, Networking and Security

teams to understand and document current state and communicate expectations. Use

some type of discovery tool to aid your inventory work.

Recommendation: Vulnerability scanning, and security configuration assessments can validate mitigations. Tripwire’s solutions produce audit-ready reporting, including a special PCI 3.0 Reporting Pak we have available to our Log Center customers.

Recommendation: Centrally manage (discover, monitor, report,

log) on your wireless infrastructure to get visibility early

for PCI (ASV)

Monitor & Respond

Recommendation: Work across development and IT operations to clearly define

access rights based on consistent roles and business purpose. Divide the work

into business units for clearer ownership as well as executive support.

Ponemenon Risk-Based

Security - Only 34% of the

retail sector measure the

reduction in access and

authentication violations to

assess risk management efforts

Verizon’s 2014 PCI

Compliance Report shows that

64.4% of accounts with access

to cardholder data failed to

restrict access to just one user

— limiting traceability and

increasing security risk.

Security Awareness Training

95% of Breaches Were Due to “Human Error”- IBM

90% of Malware Requires Human Interaction- Symantec

100% of Successful Attacks Compromised The Human- Mandiant

64% of Orgs See Security Awareness As a Challenge- E&Y 2010

3 times as many breaches are caused by accidental insider activity than malicious intent

- Open Security Foundation

The Human Element

How Secure Is Your Provider?

Business Context – connect your

security efforts to what matters

to your business

Security Automation – apply

intelligence and drive automation

for more effective operations

Enterprise Integration – across

our portfolio and also with other

security ecosystem partner solutions

http://www.tripwire.com/securescan/

3

2

1

tripwire.com | @TripwireInc

@BrianHonan