Auditor

Solo disponible en BuenasTareas
  • Páginas : 32 (7922 palabras )
  • Descarga(s) : 0
  • Publicado : 27 de febrero de 2012
Leer documento completo
Vista previa del texto
Interested in learning more about security?

SANS Institute InfoSec Reading Room
This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission.

PCI DSS and Incident Handling: What is required before, during and after an incident
There is no perfect security; PCI DSS certified companies should be prepared to handle security incidents.Copyright SANS Institute Author Retains Full Rights

AD

PCI DSS and Incident Handling

PCI DSS and Incident Handling What is required before, during and Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 after GCIH Gold Certification

09 ,

Au

tho

rr

eta

ins
an Incident

SA

NS

©

Ins titu

Christian_moldes@hotmail.com

Adviser: Dominicus Adriyanto

te

Author: Christian J.Moldes

Accepted: February 27, 2009

© SANS Institute 2009,

As part of the Information Security Reading Room

20

ful l
Author retains full rights.

rig

hts

.

PCI DSS and Incident Handling

Outline

1. 2. 2.1. 3. 4. 4.1. 4.2 5. 5.1. 6.

Introduction ................................................... 4 PCI Security Standards Council and PCI DSS ............... 5

Incident HandlingPhases..................................... 7 Preparation Phase ............................................. 7

Processes that Should Be in Place ......................... 16 Identification and Containment Phases .................... 18

Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46

Eradication and Recovery phases ........................... 21

6.1. 6.2. 6.3. 7. 7.1. 8. 9.

ForensicInvestigations and Audits........................ 21 Failing to Report an Incident.............................. 23

NS

10.

©

SA

Appendix A: Requirements Matrix ..................................... 29 Appendix B: Payment Card References ................................ 31 Acknowledgments ........................................................ 32
1

Christian J. Moldes, CISM, CISSP, CISA, PCIQSA, PA QSA, GIAC GCIH

Ins titu

Lessons Learned Phase ....................................... 23 General Recommendations ..................................... 24 The Cost of a Security Breach.............................. 25 Additional Payment Card Brands Consequences ............. 26

How the Payment Card Companies Determine Liability .... 27

te

© SANS Institute 2009,

As part of theInformation Security Reading Room

20

Reporting the Incident ...................................... 21

09 ,

Common Attack Vectors ....................................... 20

Au

tho

Required Documentation ....................................... 8

rr

eta

Is PCI DSS enough to avoid being breached? ............... 5

ins

ful l

Abstract .................................................................3

rig
Author retains full rights.

hts

.

PCI DSS and Incident Handling

Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46

©

SA

NS

Ins titu

te

20

09 ,

Au

tho

rr

eta

ins

ful l
Christian J. Moldes, CISM, CISSP, CISA, PCI QSA, PA QSA, GIAC GCIH 2

© SANS Institute 2009,

As part of the Information Security Reading Room

rig

References.............................................................. 33

hts

Author retains full rights.

.

PCI DSS and Incident Handling

PCI DSS requires companies to comply with a set of specific requirements whenever they process, transmit or store payment card transactions. Every year companies have to demonstrate compliance, and renew their certification; breaches. however, many

ins
of for

ful l
them status,

rigAbstract

suffering

security

Regardless

their

companies should be prepared to deal with a cardholder data breach. PCI DSS does not provide specific guidelines on how to handle a security breach. Each payment card brand has its own policies and

compromised organization that does not follow the payment brands’

itself to hefty fines and the risk of losing the authorization to
Key fingerprint = AF19...
tracking img