SlideShare una empresa de Scribd logo

Sc World Congress Econference March 2011

Neira Jones
Neira Jones

My latest presentation at the SC World Congress e-conference on 23rd March.

EmpresarialesEconomía y finanzas
1 de 22
Descargar para leer sin conexión
PCI Compliance – What’s the buzz?… Neira Jones Head of Payment Security, Barclaycard 23rd March 2011
Headlines… • 18th October 2010: the UK Government published their National Security Strategy. – This placed "Hostile attacks upon UK Cyberspace by other states and large scale cyber crime" at the same level as International Terrorism, and International Military threats. • The Olympics are a target: In 2008, Beijing suffered 12 million cyber attacks per day. – These games ran (!) for 16 days: total number of attacks = 192 million. – The number Internet users was estimated at 1.9 billion users in June 2010*, a 23% increase since 2008. – As the number of internet users increases, a far larger attack statistic in 2012 is likely. • A study by Cisco Systems (December 2010), projected that almost 12% of all enterprise workloads will run in the public cloud by the end of 2013. Source: Miniwatts Marketing Group, 2010
Cloud Computing • 2010: the Year Of The Cloud (Salesforce.com, IBM, Google, Microsoft , Oracle, Amazon, Rackspace, Dell and others) • The key opportunity for service providers is to differentiate themselves by becoming cloud service providers. • Perceived key benefits for organisation considering a move to the cloud: – reduce capital costs – become more agile by divesting infrastructure and application management to concentrate on core competencies. – opportunity to re-architect older applications and infrastructure to meet or exceed modern security requirements. • Key issues for organisations when determining migration decisions: – security and control – data-centre overcapacity and scale – availability of skilled IT people.
The digital era… • By 2015 there will be more interconnected devices on the planet than humans.* • What’s mobile? What do I need to do? • The most recent figures estimated that every year in the UK, identity fraud costs more than £2.7 billion and affects over 1.8 million people*. • Every year, we share more of ourselves online. • Each time we do this, we place our data and our faith in the security measures taken by those managing it on our behalf * UK National Security Strategy, October 2010 * * National Fraud Authority, October 2010
Fraud news (UK)… ☺ • Debit and credit card fraud fell by nearly • Crooks still got away with £1million/day. £75M in 2010 to the lowest level for a decade. • This represents a 17% drop to £365M • Compared to a 28% fall in 2009. • Phone, internet and mail-order fraud • Compared to a 19% drop in 2009. CNP (Card Not Present) fell 15%. fraud remains by far the biggest category. “While another drop in fraud is good news, the crooks haven’t shut up shop, which is why there can be no room for complacency from the industry, shops or consumers.” DCI Paul Barnard Head of the Dedicated Cheque and Plastic Crime Unit
The challenges… • Cloud computing • Mobile infrastructure • Third parties • Governance or compliance? • Risk management
Cloudy out there…
Moving to the Cloud?... • Use the Cloud Computing Reference Model provided by NIST. – ask cloud services providers to disclose their security controls – ask cloud services providers to disclose how these controls are implemented to the “consuming” organisation – “consuming” organisations will need to know which controls are needed to maintain the security of their information. • This is a vital step as it is critical that a cloud service is classified against the cloud architecture model, then against the security architecture, and then against the business, regulatory and other compliance requirements.
NIST Cloud Reference Model Presentation •Software as a Service (SaaS) – Sits on top of IaaS and PaaS stacks Software as a Service (SaaS) APIs – Self-contained operating environment to deliver the entire user experience Applications Information (Data, Metadata, •Platform as a Service (PaaS) Content) – Sits on top of IaaS – Additional integration layer with application development Integration & frameworks Middleware Platform as a Service (PaaS) – Middleware – Programming languages and tools supported by the APIs stack Infrastructure as a Service (IaaS) – Functions allowing developers to build applications on the Core Connectivity & Delivery platform •Infrastructure as a Service (IaaS) Abstraction – Lowest level infrastructure resource stack – Capability to abstract resources (or not) Hardware – Physical and logical connectivity to those resources – Provides a set of APIs which allows “consumers” to Facilities interact with the infrastructure.
Cloud Computing and security Cloud Computing isn’t necessarily more or less secure than your current environment. • Does the risk of moving sensitive data and applications to an emerging infrastructure exceed your tolerance levels? • The limitations on cloud computing growth will include issues: – Data custody – Control – Security – Privacy – Jurisdiction – Portability standards for data and code • Adopting cloud computing is a complex decision involving many factors: desktop applications, e-mail, collaboration, enterprise resource planning and potentially any application. • The key consideration for a security architecture is that the lower down the SPI stack the cloud service provider stops, the more organisations will be responsible themselves for managing the risk to their assets.
Control & risk management What degree of control and risk management will the organisation have for each of the cloud service models. • Whilst the risk assessment depends on the “where” and “how” of the assets, it also depends on the following: SaaS – The types of assets being managed PaaS – Who manages them and how IaaS – Which controls are selected and why – What compliance issues need to be considered • Consideration should be made for risk mitigation in each of the SPI tiers (SaaS, PaaS, IaaS) and compliance/ regulatory requirements should be considered (e.g. PCI DSS, FSA, SOX, etc.).
Find the gaps… Find the gaps! Cloud Reference Model Presentation APIs Security Control Model Software as a Service (SaaS) Applications Compliance Model Applications Information DDA Information (Data, Metadata, Content) Integration & Middleware FSA Platform as a Service (PaaS) Management APIs Infrastructure as a Service (IaaS) PCI DSS Core Connectivity & Delivery Network ISO 27002 Abstraction Trusted computing DPA Hardware Compute & Storage Facilities Physical SOX
Who does what? The lower down the stack the cloud service provider stops, the more security capabilities and management “consuming” organisations are responsible for implementing & managing themselves. SaaS PaaS IaaS Provider bears the Provider responsible for the security responsibility for security. Provider responsible for of the platform. securing the underlying “Consuming” organisations Security controls and their infrastructure and abstraction responsible for scope are negotiated in the layers. service contracts (SLAs, –securing applications developed privacy, compliance, “Consuming” organisation will be against the platform liability etc.). responsible for the security of –developing applications securely the remainder for the stack. (e.g. OWASP Top 10).
Evaluate cloud service providers • Evaluating the risk for potential cloud service providers is a challenge: – ask cloud services providers to disclose their security controls – ask cloud services providers to disclose how these controls are implemented to the “consuming” organisation – “consuming” organisations will need to know which controls are needed to maintain the security of their information. • This is a vital step as it is critical that a cloud service is classified against the cloud architecture model, then against the security architecture, and then against the business, regulatory and other compliance requirements. For further reading, see http://www.cloudsecurityalliance.org/Research.html
On the move with mobile…
What’s mobile? What does a a mobile security policy look like? What does mobile security policy look like? What do I need to do? How do I enforce it? How do I enforce it? • Full-featured mobile phones with functionality similar to personal computers, or “smartphones” • Laptops, netbooks, tablet computers & Portable Digital Assistants (PDAs) • Portable USB devices for storage (such as “thumb drives” and MP3 devices) and for connectivity (such as Wi-Fi, Bluetooth and HSDPA/UMTS/EDGE/GPRS modem cards) • Digital cameras • Radio frequency identification (RFID) and mobile RFID (M-RFID) devices for data storage, identification and asset management • Infrared-enabled (IrDA) devices (printers, smart cards, etc.)
It’s all about risk…
What’s the buzz? • Visa TIP program promotes a risk based approach. • The banks want merchants to take a risk based approach. • The merchants want to take a risk based approach. • The PCI SSC has ‘blessed’ the adoption of a risk based approach. At the end of the day, what we all want is to stop sensitive information being exploited by fraudsters. The era of compliance for compliance’s sake is drawing to an end.
Barclaycard’s top ten tips Prepare for change Reduce Risk 1. Don’t treat PCI DSS as an IT project: it is a Change 6. Remove sensitive authentication data storage as a Programme and needs organisational commitment. top most priority. 2. Train staff at all levels (there will be various degrees of 7. Prioritise Risk: once SAD storage is addressed, look at training, and don’t forget Board and Exco) and embed an vulnerabilities in the Card Not Present environment (e- Information Security culture within your organisation early. commerce and Mail Order/ Telephone Order). (This tip 3. Scope: Understand how card payments are currently is for markets that have implemented EMV in their F2F processed (people, process and technology). Reduce the channel). scope of the cardholder environment (the smaller, the 8. Outsource to compliant third parties where possible: easier) in the e-comm space, Level 1 PCI DSS compliant end- 4. There will be quick wins derived by reviewing and to-end e-comm Software as a Service (SaaS) is changing business processes and historical practices increasingly seen as a means of achieving compliance that require little investment. If you don’t need cardholder quicker & maximising RoI. And if not possible, tie down information, don’t have it… third parties (contractually). 5. Develop a gap analysis between current practices and 9. Assess suitability of and implement risk mitigation what is necessary to become PCI DSS compliant. The gap technologies (e.g. Verified by Visa, Secure Code, analysis and cardholder data flow mapping is the most tokenisation, point-to-point encryption, etc.), whilst these important step (and this should be refreshed periodically - are not PCI DSS requirements, they will improve once a year is advised). security and reduce risk. 10.If Compensating Controls are required ensure that all parties are engaged to agree the controls before implementation (merchant, QSA, acquirers)
Third parties: do I have a choice? How organisations can select service providers For those who outsource… • 324 (UK) and 900 (US) Level 1 PCI DSS compliant service providers listed on Visa websites http://www.visaeurope.com/en/businesses__retailers/payment_security/downloads__resources.aspx http://usa.visa.com/download/merchants/cisp-list-of-pcidss-compliant-service-providers.pdf • 867 Level 1 PCI DSS compliant service providers listed on MasterCard website http://www.mastercard.com/us/sdp/assets/pdf/Compliant%20Service%20Providers%20- %20November%2029%202010.pdf For those who want to retain control in-house… • 724 PA DSS validated payment applications on PCI SSC website https://www.pcisecuritystandards.org/approved_companies_providers/validated_payment_applications.php?agree=true Barclaycard’s position… • We always recommend that our customers use Level 1 Service providers as self-assessment does not provide you with an independent assessment of your supplier. • Contractual provisions are crucial. • Merchants should seek help from their acquiring bank when facing problems with third party providers as a merchant cannot reach compliance without their third parties being compliant.
neira.jones@barclaycard.co.uk http://uk.linkedin.com/pub/neira-jones/0/7a5/140 Twitter: neirajones

Recomendados

Mach Technology
Mach Technology Mach Technology
Mach Technology Open Stack
 
Building and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureBuilding and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureDarren Cunningham
 
How Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & SecurityHow Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & SecurityNovell
 
Cloud Computing Webinar
Cloud Computing WebinarCloud Computing Webinar
Cloud Computing WebinarSaif Ahmad
 
Carrier Grade Requirements for Cloud Computing: A SCOPE Alliance Perspective ...
Carrier Grade Requirements for Cloud Computing: A SCOPE Alliance Perspective ...Carrier Grade Requirements for Cloud Computing: A SCOPE Alliance Perspective ...
Carrier Grade Requirements for Cloud Computing: A SCOPE Alliance Perspective ...OpenSAF Foundation
 
Ssc cloud computing vision afac dec17 12 final english
Ssc cloud computing vision afac dec17 12 final englishSsc cloud computing vision afac dec17 12 final english
Ssc cloud computing vision afac dec17 12 final englishKBIZEAU
 
2012 ukdc shared services value prop growth day newbury
2012 ukdc shared services value prop growth day newbury2012 ukdc shared services value prop growth day newbury
2012 ukdc shared services value prop growth day newburybara2cls
 
HIX Reusability
HIX ReusabilityHIX Reusability
HIX Reusabilitycommed
 

Recomendados

Mach Technology
Mach Technology Mach Technology
Mach Technology Open Stack
 
Building and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureBuilding and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureDarren Cunningham
 
How Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & SecurityHow Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & SecurityNovell
 
Cloud Computing Webinar
Cloud Computing WebinarCloud Computing Webinar
Cloud Computing WebinarSaif Ahmad
 
Carrier Grade Requirements for Cloud Computing: A SCOPE Alliance Perspective ...
Carrier Grade Requirements for Cloud Computing: A SCOPE Alliance Perspective ...Carrier Grade Requirements for Cloud Computing: A SCOPE Alliance Perspective ...
Carrier Grade Requirements for Cloud Computing: A SCOPE Alliance Perspective ...OpenSAF Foundation
 
Ssc cloud computing vision afac dec17 12 final english
Ssc cloud computing vision afac dec17 12 final englishSsc cloud computing vision afac dec17 12 final english
Ssc cloud computing vision afac dec17 12 final englishKBIZEAU
 
2012 ukdc shared services value prop growth day newbury
2012 ukdc shared services value prop growth day newbury2012 ukdc shared services value prop growth day newbury
2012 ukdc shared services value prop growth day newburybara2cls
 
HIX Reusability
HIX ReusabilityHIX Reusability
HIX Reusabilitycommed
 
Application Grid: Platform for Virtualization and Consolidation of your Java ...
Application Grid: Platform for Virtualization and Consolidation of your Java ...Application Grid: Platform for Virtualization and Consolidation of your Java ...
Application Grid: Platform for Virtualization and Consolidation of your Java ...Bob Rhubart
 
Innovations in Data Grid Technology with Oracle Coherence
Innovations in Data Grid Technology with Oracle CoherenceInnovations in Data Grid Technology with Oracle Coherence
Innovations in Data Grid Technology with Oracle CoherenceBob Rhubart
 
GlassFish Mobility Platform - Hans Hrasna
GlassFish Mobility Platform - Hans HrasnaGlassFish Mobility Platform - Hans Hrasna
GlassFish Mobility Platform - Hans HrasnaEduardo Pelegri-Llopart
 
Cloud Computing For Enterprises
Cloud Computing For EnterprisesCloud Computing For Enterprises
Cloud Computing For EnterprisesOne App Cloud
 
Rationalizing an Enterprise IT Architecture
Rationalizing an Enterprise IT ArchitectureRationalizing an Enterprise IT Architecture
Rationalizing an Enterprise IT ArchitectureBob Rhubart
 
Business Integration for the 21st Century
Business Integration for the 21st Century Business Integration for the 21st Century
Business Integration for the 21st Century Bob Rhubart
 
Rackforce the cloud
Rackforce the cloudRackforce the cloud
Rackforce the cloudsdeconf
 
Lenovo: The Cloud Over BYOD
Lenovo: The Cloud Over BYODLenovo: The Cloud Over BYOD
Lenovo: The Cloud Over BYODLenovo Education
 
MPLS 2010: Network Enabled Cloud and Service Models
MPLS 2010: Network Enabled Cloud and Service ModelsMPLS 2010: Network Enabled Cloud and Service Models
MPLS 2010: Network Enabled Cloud and Service ModelsCisco Service Provider
 
Cloud Computing - A Pragmatic Approach to Cloud Adoption
Cloud Computing - A Pragmatic Approach to Cloud AdoptionCloud Computing - A Pragmatic Approach to Cloud Adoption
Cloud Computing - A Pragmatic Approach to Cloud AdoptionBob Rhubart
 
Innovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle CoherenceInnovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle CoherenceBob Rhubart
 
Compuware APM Solution
Compuware APM SolutionCompuware APM Solution
Compuware APM Solutionbackfire_88
 
Vision - The Agile Data Center
Vision - The Agile Data CenterVision - The Agile Data Center
Vision - The Agile Data Centerincommoninc
 
Transaction-based Capacity Planning for greater IT Reliability™ webinar
Transaction-based Capacity Planning for greater IT Reliability™ webinar Transaction-based Capacity Planning for greater IT Reliability™ webinar
Transaction-based Capacity Planning for greater IT Reliability™ webinar Metron
 
Vincent Desveronnieres, Oracle
Vincent Desveronnieres, OracleVincent Desveronnieres, Oracle
Vincent Desveronnieres, OracleEwa Stepien
 
SOA an architecture on the Desktop
SOA an architecture on the DesktopSOA an architecture on the Desktop
SOA an architecture on the DesktopVincent Perrin
 
Cloud Architectures for Alpha Dogs!
Cloud Architectures for Alpha Dogs!Cloud Architectures for Alpha Dogs!
Cloud Architectures for Alpha Dogs!Vikas Gupta
 
Inter connect2015 ame-3495
Inter connect2015 ame-3495Inter connect2015 ame-3495
Inter connect2015 ame-3495Phil Coxhead
 
Open Group Conference Csi V5.1
Open Group Conference Csi V5.1Open Group Conference Csi V5.1
Open Group Conference Csi V5.1Enrico Boverino
 
2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 Predictions2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 PredictionsFlexera
 
The Real Sherlock Holmes - John Raffensperger
The Real Sherlock Holmes - John RaffenspergerThe Real Sherlock Holmes - John Raffensperger
The Real Sherlock Holmes - John RaffenspergerMX Publishing
 
Van Gogh Project
Van Gogh ProjectVan Gogh Project
Van Gogh ProjectRosana Fernández Chaparro
 

Más contenido relacionado

La actualidad más candente

Application Grid: Platform for Virtualization and Consolidation of your Java ...
Application Grid: Platform for Virtualization and Consolidation of your Java ...Application Grid: Platform for Virtualization and Consolidation of your Java ...
Application Grid: Platform for Virtualization and Consolidation of your Java ...Bob Rhubart
 
Innovations in Data Grid Technology with Oracle Coherence
Innovations in Data Grid Technology with Oracle CoherenceInnovations in Data Grid Technology with Oracle Coherence
Innovations in Data Grid Technology with Oracle CoherenceBob Rhubart
 
GlassFish Mobility Platform - Hans Hrasna
GlassFish Mobility Platform - Hans HrasnaGlassFish Mobility Platform - Hans Hrasna
GlassFish Mobility Platform - Hans HrasnaEduardo Pelegri-Llopart
 
Cloud Computing For Enterprises
Cloud Computing For EnterprisesCloud Computing For Enterprises
Cloud Computing For EnterprisesOne App Cloud
 
Rationalizing an Enterprise IT Architecture
Rationalizing an Enterprise IT ArchitectureRationalizing an Enterprise IT Architecture
Rationalizing an Enterprise IT ArchitectureBob Rhubart
 
Business Integration for the 21st Century
Business Integration for the 21st Century Business Integration for the 21st Century
Business Integration for the 21st Century Bob Rhubart
 
Rackforce the cloud
Rackforce the cloudRackforce the cloud
Rackforce the cloudsdeconf
 
Lenovo: The Cloud Over BYOD
Lenovo: The Cloud Over BYODLenovo: The Cloud Over BYOD
Lenovo: The Cloud Over BYODLenovo Education
 
MPLS 2010: Network Enabled Cloud and Service Models
MPLS 2010: Network Enabled Cloud and Service ModelsMPLS 2010: Network Enabled Cloud and Service Models
MPLS 2010: Network Enabled Cloud and Service ModelsCisco Service Provider
 
Cloud Computing - A Pragmatic Approach to Cloud Adoption
Cloud Computing - A Pragmatic Approach to Cloud AdoptionCloud Computing - A Pragmatic Approach to Cloud Adoption
Cloud Computing - A Pragmatic Approach to Cloud AdoptionBob Rhubart
 
Innovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle CoherenceInnovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle CoherenceBob Rhubart
 
Compuware APM Solution
Compuware APM SolutionCompuware APM Solution
Compuware APM Solutionbackfire_88
 
Vision - The Agile Data Center
Vision - The Agile Data CenterVision - The Agile Data Center
Vision - The Agile Data Centerincommoninc
 
Transaction-based Capacity Planning for greater IT Reliability™ webinar
Transaction-based Capacity Planning for greater IT Reliability™ webinar Transaction-based Capacity Planning for greater IT Reliability™ webinar
Transaction-based Capacity Planning for greater IT Reliability™ webinar Metron
 
Vincent Desveronnieres, Oracle
Vincent Desveronnieres, OracleVincent Desveronnieres, Oracle
Vincent Desveronnieres, OracleEwa Stepien
 
SOA an architecture on the Desktop
SOA an architecture on the DesktopSOA an architecture on the Desktop
SOA an architecture on the DesktopVincent Perrin
 
Cloud Architectures for Alpha Dogs!
Cloud Architectures for Alpha Dogs!Cloud Architectures for Alpha Dogs!
Cloud Architectures for Alpha Dogs!Vikas Gupta
 
Inter connect2015 ame-3495
Inter connect2015 ame-3495Inter connect2015 ame-3495
Inter connect2015 ame-3495Phil Coxhead
 
Open Group Conference Csi V5.1
Open Group Conference Csi V5.1Open Group Conference Csi V5.1
Open Group Conference Csi V5.1Enrico Boverino
 
2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 Predictions2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 PredictionsFlexera
 

La actualidad más candente (20)

Application Grid: Platform for Virtualization and Consolidation of your Java ...
Application Grid: Platform for Virtualization and Consolidation of your Java ...Application Grid: Platform for Virtualization and Consolidation of your Java ...
Application Grid: Platform for Virtualization and Consolidation of your Java ...
 
Innovations in Data Grid Technology with Oracle Coherence
Innovations in Data Grid Technology with Oracle CoherenceInnovations in Data Grid Technology with Oracle Coherence
Innovations in Data Grid Technology with Oracle Coherence
 
GlassFish Mobility Platform - Hans Hrasna
GlassFish Mobility Platform - Hans HrasnaGlassFish Mobility Platform - Hans Hrasna
GlassFish Mobility Platform - Hans Hrasna
 
Cloud Computing For Enterprises
Cloud Computing For EnterprisesCloud Computing For Enterprises
Cloud Computing For Enterprises
 
Rationalizing an Enterprise IT Architecture
Rationalizing an Enterprise IT ArchitectureRationalizing an Enterprise IT Architecture
Rationalizing an Enterprise IT Architecture
 
Business Integration for the 21st Century
Business Integration for the 21st Century Business Integration for the 21st Century
Business Integration for the 21st Century
 
Rackforce the cloud
Rackforce the cloudRackforce the cloud
Rackforce the cloud
 
Lenovo: The Cloud Over BYOD
Lenovo: The Cloud Over BYODLenovo: The Cloud Over BYOD
Lenovo: The Cloud Over BYOD
 
MPLS 2010: Network Enabled Cloud and Service Models
MPLS 2010: Network Enabled Cloud and Service ModelsMPLS 2010: Network Enabled Cloud and Service Models
MPLS 2010: Network Enabled Cloud and Service Models
 
Cloud Computing - A Pragmatic Approach to Cloud Adoption
Cloud Computing - A Pragmatic Approach to Cloud AdoptionCloud Computing - A Pragmatic Approach to Cloud Adoption
Cloud Computing - A Pragmatic Approach to Cloud Adoption
 
Innovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle CoherenceInnovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle Coherence
 
Compuware APM Solution
Compuware APM SolutionCompuware APM Solution
Compuware APM Solution
 
Vision - The Agile Data Center
Vision - The Agile Data CenterVision - The Agile Data Center
Vision - The Agile Data Center
 
Transaction-based Capacity Planning for greater IT Reliability™ webinar
Transaction-based Capacity Planning for greater IT Reliability™ webinar Transaction-based Capacity Planning for greater IT Reliability™ webinar
Transaction-based Capacity Planning for greater IT Reliability™ webinar
 
Vincent Desveronnieres, Oracle
Vincent Desveronnieres, OracleVincent Desveronnieres, Oracle
Vincent Desveronnieres, Oracle
 
SOA an architecture on the Desktop
SOA an architecture on the DesktopSOA an architecture on the Desktop
SOA an architecture on the Desktop
 
Cloud Architectures for Alpha Dogs!
Cloud Architectures for Alpha Dogs!Cloud Architectures for Alpha Dogs!
Cloud Architectures for Alpha Dogs!
 
Inter connect2015 ame-3495
Inter connect2015 ame-3495Inter connect2015 ame-3495
Inter connect2015 ame-3495
 
Open Group Conference Csi V5.1
Open Group Conference Csi V5.1Open Group Conference Csi V5.1
Open Group Conference Csi V5.1
 
2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 Predictions2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 Predictions
 

Destacado

The Real Sherlock Holmes - John Raffensperger
The Real Sherlock Holmes - John RaffenspergerThe Real Sherlock Holmes - John Raffensperger
The Real Sherlock Holmes - John RaffenspergerMX Publishing
 
Mobile Money For The Bottom of The Pyramid... Serving the unbanked...
Mobile Money For The Bottom of The Pyramid... Serving the unbanked...Mobile Money For The Bottom of The Pyramid... Serving the unbanked...
Mobile Money For The Bottom of The Pyramid... Serving the unbanked...Neira Jones
 
EPA White Paper - Protecting us from the storm v1-0
EPA White Paper - Protecting us from the storm v1-0EPA White Paper - Protecting us from the storm v1-0
EPA White Paper - Protecting us from the storm v1-0Neira Jones
 
Film review project template
Film review project templateFilm review project template
Film review project templateanamarycarrillo
 
The Five Orange Pips - Re-Imagined
The Five Orange Pips - Re-ImaginedThe Five Orange Pips - Re-Imagined
The Five Orange Pips - Re-ImaginedMX Publishing
 
The adventure of dancing men sherlock holmes
The adventure of dancing men sherlock holmesThe adventure of dancing men sherlock holmes
The adventure of dancing men sherlock holmesAakarshan97
 
Sherlock Holmes Society of London Talk at The Hound Of The Baskervilles Launch
Sherlock Holmes Society of London Talk at The Hound Of The Baskervilles LaunchSherlock Holmes Society of London Talk at The Hound Of The Baskervilles Launch
Sherlock Holmes Society of London Talk at The Hound Of The Baskervilles LaunchMX Publishing
 
Réunion parents du 15 mars 2011
Réunion parents du 15 mars 2011Réunion parents du 15 mars 2011
Réunion parents du 15 mars 2011nBesnard
 
EMV US whitepaper Bell ID
EMV US whitepaper Bell IDEMV US whitepaper Bell ID
EMV US whitepaper Bell IDNeira Jones
 
Sherlock deck upload to slideshare
Sherlock deck upload to slideshareSherlock deck upload to slideshare
Sherlock deck upload to slideshareBelong
 
Paris - London - New York
Paris - London - New YorkParis - London - New York
Paris - London - New YorkRAISSA RO
 

Destacado (20)

The Real Sherlock Holmes - John Raffensperger
The Real Sherlock Holmes - John RaffenspergerThe Real Sherlock Holmes - John Raffensperger
The Real Sherlock Holmes - John Raffensperger
 
Van Gogh Project
Van Gogh ProjectVan Gogh Project
Van Gogh Project
 
Mobile Money For The Bottom of The Pyramid... Serving the unbanked...
Mobile Money For The Bottom of The Pyramid... Serving the unbanked...Mobile Money For The Bottom of The Pyramid... Serving the unbanked...
Mobile Money For The Bottom of The Pyramid... Serving the unbanked...
 
EPA White Paper - Protecting us from the storm v1-0
EPA White Paper - Protecting us from the storm v1-0EPA White Paper - Protecting us from the storm v1-0
EPA White Paper - Protecting us from the storm v1-0
 
I love to scan
I love to scanI love to scan
I love to scan
 
New york
New yorkNew york
New york
 
Film review project template
Film review project templateFilm review project template
Film review project template
 
The Five Orange Pips - Re-Imagined
The Five Orange Pips - Re-ImaginedThe Five Orange Pips - Re-Imagined
The Five Orange Pips - Re-Imagined
 
The adventure of dancing men sherlock holmes
The adventure of dancing men sherlock holmesThe adventure of dancing men sherlock holmes
The adventure of dancing men sherlock holmes
 
Sherlock Holmes Society of London Talk at The Hound Of The Baskervilles Launch
Sherlock Holmes Society of London Talk at The Hound Of The Baskervilles LaunchSherlock Holmes Society of London Talk at The Hound Of The Baskervilles Launch
Sherlock Holmes Society of London Talk at The Hound Of The Baskervilles Launch
 
Réunion parents du 15 mars 2011
Réunion parents du 15 mars 2011Réunion parents du 15 mars 2011
Réunion parents du 15 mars 2011
 
EMV US whitepaper Bell ID
EMV US whitepaper Bell IDEMV US whitepaper Bell ID
EMV US whitepaper Bell ID
 
Sherlock deck upload to slideshare
Sherlock deck upload to slideshareSherlock deck upload to slideshare
Sherlock deck upload to slideshare
 
London by Diego Garcia 5ºA
London by Diego Garcia 5ºALondon by Diego Garcia 5ºA
London by Diego Garcia 5ºA
 
London By Rocio Pecino 5ºB
London By Rocio Pecino 5ºBLondon By Rocio Pecino 5ºB
London By Rocio Pecino 5ºB
 
London Presentation
London PresentationLondon Presentation
London Presentation
 
Rome by Adrian Moreno
Rome by Adrian MorenoRome by Adrian Moreno
Rome by Adrian Moreno
 
LONDON By Triana and Inma 5ºA
LONDON By Triana and Inma 5ºALONDON By Triana and Inma 5ºA
LONDON By Triana and Inma 5ºA
 
Paris - London - New York
Paris - London - New YorkParis - London - New York
Paris - London - New York
 
1ºeso unit 3 project
1ºeso unit 3 project1ºeso unit 3 project
1ºeso unit 3 project
 

Similar a Sc World Congress Econference March 2011

20090921 Risacher To Ncoic Cloud Storefront
20090921 Risacher To Ncoic Cloud Storefront20090921 Risacher To Ncoic Cloud Storefront
20090921 Risacher To Ncoic Cloud StorefrontGovCloud Network
 
Cloud computing 101
Cloud computing 101Cloud computing 101
Cloud computing 101kriggins
 
Redefining cloud computing again linthicum with bonus
Redefining cloud computing again linthicum with bonusRedefining cloud computing again linthicum with bonus
Redefining cloud computing again linthicum with bonusDavid Linthicum
 
Vendor Landscape: Cloud IaaS
Vendor Landscape: Cloud IaaSVendor Landscape: Cloud IaaS
Vendor Landscape: Cloud IaaSOpSource
 
Capacity Management in a Cloud Computing World
Capacity Management in a Cloud Computing WorldCapacity Management in a Cloud Computing World
Capacity Management in a Cloud Computing WorldDavid Linthicum
 
Managing Your Cloud with Confidence - Mark Rivington, n•fluence 2012
Managing Your Cloud with Confidence - Mark Rivington, n•fluence 2012Managing Your Cloud with Confidence - Mark Rivington, n•fluence 2012
Managing Your Cloud with Confidence - Mark Rivington, n•fluence 2012CA Nimsoft
 
Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computingJithin Parakka
 
Cloud Computing - Jan 2011 - Chandna
Cloud Computing - Jan 2011 - ChandnaCloud Computing - Jan 2011 - Chandna
Cloud Computing - Jan 2011 - ChandnaAsheem Chandna
 
Future of cloud computing linthicum 2
Future of cloud computing linthicum 2Future of cloud computing linthicum 2
Future of cloud computing linthicum 2David Linthicum
 
describing-the-significant-use-of-cloud-computing-service-models-cuneiform
describing-the-significant-use-of-cloud-computing-service-models-cuneiformdescribing-the-significant-use-of-cloud-computing-service-models-cuneiform
describing-the-significant-use-of-cloud-computing-service-models-cuneiformCuneiform Consulting Pvt Ltd.
 
CLOUD ARCHITECTURE AND SERVICES.pptx
CLOUD ARCHITECTURE AND SERVICES.pptxCLOUD ARCHITECTURE AND SERVICES.pptx
CLOUD ARCHITECTURE AND SERVICES.pptxDr Geetha Mohan
 
NJVC-Virtual Global PaaS white paper
NJVC-Virtual Global PaaS white paperNJVC-Virtual Global PaaS white paper
NJVC-Virtual Global PaaS white paperGovCloud Network
 
The Enterprise Cloud: Immediate. Urgent. Inevitable.
The Enterprise Cloud: Immediate. Urgent. Inevitable.The Enterprise Cloud: Immediate. Urgent. Inevitable.
The Enterprise Cloud: Immediate. Urgent. Inevitable.Peter Coffee
 
USAREUR Cloud Computing Training Class Presentation Heidelberg 1
USAREUR Cloud Computing Training Class Presentation Heidelberg 1USAREUR Cloud Computing Training Class Presentation Heidelberg 1
USAREUR Cloud Computing Training Class Presentation Heidelberg 1GovCloud Network
 
Data Protection Jurisdiction and International Transfers in Cloud Computing
Data Protection Jurisdiction and International Transfers in Cloud ComputingData Protection Jurisdiction and International Transfers in Cloud Computing
Data Protection Jurisdiction and International Transfers in Cloud ComputingCloud Legal Project
 
Taiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloudTaiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloudnooralmousa
 
It integration strategy : Example - Approach
It integration strategy : Example - ApproachIt integration strategy : Example - Approach
It integration strategy : Example - ApproachAkshyadeep Raghav
 

Similar a Sc World Congress Econference March 2011 (20)

20090921 Risacher To Ncoic Cloud Storefront
20090921 Risacher To Ncoic Cloud Storefront20090921 Risacher To Ncoic Cloud Storefront
20090921 Risacher To Ncoic Cloud Storefront
 
Cloud computing 101
Cloud computing 101Cloud computing 101
Cloud computing 101
 
Redefining cloud computing again linthicum with bonus
Redefining cloud computing again linthicum with bonusRedefining cloud computing again linthicum with bonus
Redefining cloud computing again linthicum with bonus
 
Vendor Landscape: Cloud IaaS
Vendor Landscape: Cloud IaaSVendor Landscape: Cloud IaaS
Vendor Landscape: Cloud IaaS
 
Capacity Management in a Cloud Computing World
Capacity Management in a Cloud Computing WorldCapacity Management in a Cloud Computing World
Capacity Management in a Cloud Computing World
 
Managing Your Cloud with Confidence - Mark Rivington, n•fluence 2012
Managing Your Cloud with Confidence - Mark Rivington, n•fluence 2012Managing Your Cloud with Confidence - Mark Rivington, n•fluence 2012
Managing Your Cloud with Confidence - Mark Rivington, n•fluence 2012
 
Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computing
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud Computing - Jan 2011 - Chandna
Cloud Computing - Jan 2011 - ChandnaCloud Computing - Jan 2011 - Chandna
Cloud Computing - Jan 2011 - Chandna
 
Future of cloud computing linthicum 2
Future of cloud computing linthicum 2Future of cloud computing linthicum 2
Future of cloud computing linthicum 2
 
describing-the-significant-use-of-cloud-computing-service-models-cuneiform
describing-the-significant-use-of-cloud-computing-service-models-cuneiformdescribing-the-significant-use-of-cloud-computing-service-models-cuneiform
describing-the-significant-use-of-cloud-computing-service-models-cuneiform
 
CLOUD ARCHITECTURE AND SERVICES.pptx
CLOUD ARCHITECTURE AND SERVICES.pptxCLOUD ARCHITECTURE AND SERVICES.pptx
CLOUD ARCHITECTURE AND SERVICES.pptx
 
NJVC-Virtual Global PaaS white paper
NJVC-Virtual Global PaaS white paperNJVC-Virtual Global PaaS white paper
NJVC-Virtual Global PaaS white paper
 
The Enterprise Cloud: Immediate. Urgent. Inevitable.
The Enterprise Cloud: Immediate. Urgent. Inevitable.The Enterprise Cloud: Immediate. Urgent. Inevitable.
The Enterprise Cloud: Immediate. Urgent. Inevitable.
 
Middleware Technologies ppt
Middleware Technologies pptMiddleware Technologies ppt
Middleware Technologies ppt
 
USAREUR Cloud Computing Training Class Presentation Heidelberg 1
USAREUR Cloud Computing Training Class Presentation Heidelberg 1USAREUR Cloud Computing Training Class Presentation Heidelberg 1
USAREUR Cloud Computing Training Class Presentation Heidelberg 1
 
Data Protection Jurisdiction and International Transfers in Cloud Computing
Data Protection Jurisdiction and International Transfers in Cloud ComputingData Protection Jurisdiction and International Transfers in Cloud Computing
Data Protection Jurisdiction and International Transfers in Cloud Computing
 
Taiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloudTaiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloud
 
It integration strategy : Example - Approach
It integration strategy : Example - ApproachIt integration strategy : Example - Approach
It integration strategy : Example - Approach
 
Guard Era Corp Brochure 2008
Guard Era Corp Brochure 2008Guard Era Corp Brochure 2008
Guard Era Corp Brochure 2008
 

Más de Neira Jones

Accourt press release neira jones joins accourt
Accourt press release neira jones joins accourtAccourt press release neira jones joins accourt
Accourt press release neira jones joins accourtNeira Jones
 
Neira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira Jones
 
Visa Security Logging Factsheet June 2012
Visa Security Logging Factsheet June 2012Visa Security Logging Factsheet June 2012
Visa Security Logging Factsheet June 2012Neira Jones
 
The Big Picture: Beyond Compliance To Risk Management
The Big Picture: Beyond Compliance To Risk ManagementThe Big Picture: Beyond Compliance To Risk Management
The Big Picture: Beyond Compliance To Risk ManagementNeira Jones
 
Mobile Practices European Release Final 27 04 11
Mobile Practices European Release Final 27 04 11Mobile Practices European Release Final 27 04 11
Mobile Practices European Release Final 27 04 11Neira Jones
 
Barclaycard Payment Security Newsletter Jan11
Barclaycard Payment Security Newsletter Jan11Barclaycard Payment Security Newsletter Jan11
Barclaycard Payment Security Newsletter Jan11Neira Jones
 

Más de Neira Jones (6)

Accourt press release neira jones joins accourt
Accourt press release neira jones joins accourtAccourt press release neira jones joins accourt
Accourt press release neira jones joins accourt
 
Neira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf ready
 
Visa Security Logging Factsheet June 2012
Visa Security Logging Factsheet June 2012Visa Security Logging Factsheet June 2012
Visa Security Logging Factsheet June 2012
 
The Big Picture: Beyond Compliance To Risk Management
The Big Picture: Beyond Compliance To Risk ManagementThe Big Picture: Beyond Compliance To Risk Management
The Big Picture: Beyond Compliance To Risk Management
 
Mobile Practices European Release Final 27 04 11
Mobile Practices European Release Final 27 04 11Mobile Practices European Release Final 27 04 11
Mobile Practices European Release Final 27 04 11
 
Barclaycard Payment Security Newsletter Jan11
Barclaycard Payment Security Newsletter Jan11Barclaycard Payment Security Newsletter Jan11
Barclaycard Payment Security Newsletter Jan11
 

Último

Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒anilsa9823
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insightsseri bangash
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessAggregage
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...Any kyc Account
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdftbatkhuu1
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Roland Driesen
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 

Último (20)

Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insights
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for Success
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdf
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 

Sc World Congress Econference March 2011

  • 1. PCI Compliance – What’s the buzz?… Neira Jones Head of Payment Security, Barclaycard 23rd March 2011
  • 2. Headlines… • 18th October 2010: the UK Government published their National Security Strategy. – This placed "Hostile attacks upon UK Cyberspace by other states and large scale cyber crime" at the same level as International Terrorism, and International Military threats. • The Olympics are a target: In 2008, Beijing suffered 12 million cyber attacks per day. – These games ran (!) for 16 days: total number of attacks = 192 million. – The number Internet users was estimated at 1.9 billion users in June 2010*, a 23% increase since 2008. – As the number of internet users increases, a far larger attack statistic in 2012 is likely. • A study by Cisco Systems (December 2010), projected that almost 12% of all enterprise workloads will run in the public cloud by the end of 2013. Source: Miniwatts Marketing Group, 2010
  • 3. Cloud Computing • 2010: the Year Of The Cloud (Salesforce.com, IBM, Google, Microsoft , Oracle, Amazon, Rackspace, Dell and others) • The key opportunity for service providers is to differentiate themselves by becoming cloud service providers. • Perceived key benefits for organisation considering a move to the cloud: – reduce capital costs – become more agile by divesting infrastructure and application management to concentrate on core competencies. – opportunity to re-architect older applications and infrastructure to meet or exceed modern security requirements. • Key issues for organisations when determining migration decisions: – security and control – data-centre overcapacity and scale – availability of skilled IT people.
  • 4. The digital era… • By 2015 there will be more interconnected devices on the planet than humans.* • What’s mobile? What do I need to do? • The most recent figures estimated that every year in the UK, identity fraud costs more than £2.7 billion and affects over 1.8 million people*. • Every year, we share more of ourselves online. • Each time we do this, we place our data and our faith in the security measures taken by those managing it on our behalf * UK National Security Strategy, October 2010 * * National Fraud Authority, October 2010
  • 5.
  • 6. Fraud news (UK)… ☺ • Debit and credit card fraud fell by nearly • Crooks still got away with £1million/day. £75M in 2010 to the lowest level for a decade. • This represents a 17% drop to £365M • Compared to a 28% fall in 2009. • Phone, internet and mail-order fraud • Compared to a 19% drop in 2009. CNP (Card Not Present) fell 15%. fraud remains by far the biggest category. “While another drop in fraud is good news, the crooks haven’t shut up shop, which is why there can be no room for complacency from the industry, shops or consumers.” DCI Paul Barnard Head of the Dedicated Cheque and Plastic Crime Unit
  • 7. The challenges… • Cloud computing • Mobile infrastructure • Third parties • Governance or compliance? • Risk management
  • 9. Moving to the Cloud?... • Use the Cloud Computing Reference Model provided by NIST. – ask cloud services providers to disclose their security controls – ask cloud services providers to disclose how these controls are implemented to the “consuming” organisation – “consuming” organisations will need to know which controls are needed to maintain the security of their information. • This is a vital step as it is critical that a cloud service is classified against the cloud architecture model, then against the security architecture, and then against the business, regulatory and other compliance requirements.
  • 10. NIST Cloud Reference Model Presentation •Software as a Service (SaaS) – Sits on top of IaaS and PaaS stacks Software as a Service (SaaS) APIs – Self-contained operating environment to deliver the entire user experience Applications Information (Data, Metadata, •Platform as a Service (PaaS) Content) – Sits on top of IaaS – Additional integration layer with application development Integration & frameworks Middleware Platform as a Service (PaaS) – Middleware – Programming languages and tools supported by the APIs stack Infrastructure as a Service (IaaS) – Functions allowing developers to build applications on the Core Connectivity & Delivery platform •Infrastructure as a Service (IaaS) Abstraction – Lowest level infrastructure resource stack – Capability to abstract resources (or not) Hardware – Physical and logical connectivity to those resources – Provides a set of APIs which allows “consumers” to Facilities interact with the infrastructure.
  • 11. Cloud Computing and security Cloud Computing isn’t necessarily more or less secure than your current environment. • Does the risk of moving sensitive data and applications to an emerging infrastructure exceed your tolerance levels? • The limitations on cloud computing growth will include issues: – Data custody – Control – Security – Privacy – Jurisdiction – Portability standards for data and code • Adopting cloud computing is a complex decision involving many factors: desktop applications, e-mail, collaboration, enterprise resource planning and potentially any application. • The key consideration for a security architecture is that the lower down the SPI stack the cloud service provider stops, the more organisations will be responsible themselves for managing the risk to their assets.
  • 12. Control & risk management What degree of control and risk management will the organisation have for each of the cloud service models. • Whilst the risk assessment depends on the “where” and “how” of the assets, it also depends on the following: SaaS – The types of assets being managed PaaS – Who manages them and how IaaS – Which controls are selected and why – What compliance issues need to be considered • Consideration should be made for risk mitigation in each of the SPI tiers (SaaS, PaaS, IaaS) and compliance/ regulatory requirements should be considered (e.g. PCI DSS, FSA, SOX, etc.).
  • 13. Find the gaps… Find the gaps! Cloud Reference Model Presentation APIs Security Control Model Software as a Service (SaaS) Applications Compliance Model Applications Information DDA Information (Data, Metadata, Content) Integration & Middleware FSA Platform as a Service (PaaS) Management APIs Infrastructure as a Service (IaaS) PCI DSS Core Connectivity & Delivery Network ISO 27002 Abstraction Trusted computing DPA Hardware Compute & Storage Facilities Physical SOX
  • 14. Who does what? The lower down the stack the cloud service provider stops, the more security capabilities and management “consuming” organisations are responsible for implementing & managing themselves. SaaS PaaS IaaS Provider bears the Provider responsible for the security responsibility for security. Provider responsible for of the platform. securing the underlying “Consuming” organisations Security controls and their infrastructure and abstraction responsible for scope are negotiated in the layers. service contracts (SLAs, –securing applications developed privacy, compliance, “Consuming” organisation will be against the platform liability etc.). responsible for the security of –developing applications securely the remainder for the stack. (e.g. OWASP Top 10).
  • 15. Evaluate cloud service providers • Evaluating the risk for potential cloud service providers is a challenge: – ask cloud services providers to disclose their security controls – ask cloud services providers to disclose how these controls are implemented to the “consuming” organisation – “consuming” organisations will need to know which controls are needed to maintain the security of their information. • This is a vital step as it is critical that a cloud service is classified against the cloud architecture model, then against the security architecture, and then against the business, regulatory and other compliance requirements. For further reading, see http://www.cloudsecurityalliance.org/Research.html
  • 16. On the move with mobile…
  • 17. What’s mobile? What does a a mobile security policy look like? What does mobile security policy look like? What do I need to do? How do I enforce it? How do I enforce it? • Full-featured mobile phones with functionality similar to personal computers, or “smartphones” • Laptops, netbooks, tablet computers & Portable Digital Assistants (PDAs) • Portable USB devices for storage (such as “thumb drives” and MP3 devices) and for connectivity (such as Wi-Fi, Bluetooth and HSDPA/UMTS/EDGE/GPRS modem cards) • Digital cameras • Radio frequency identification (RFID) and mobile RFID (M-RFID) devices for data storage, identification and asset management • Infrared-enabled (IrDA) devices (printers, smart cards, etc.)
  • 18. It’s all about risk…
  • 19. What’s the buzz? • Visa TIP program promotes a risk based approach. • The banks want merchants to take a risk based approach. • The merchants want to take a risk based approach. • The PCI SSC has ‘blessed’ the adoption of a risk based approach. At the end of the day, what we all want is to stop sensitive information being exploited by fraudsters. The era of compliance for compliance’s sake is drawing to an end.
  • 20. Barclaycard’s top ten tips Prepare for change Reduce Risk 1. Don’t treat PCI DSS as an IT project: it is a Change 6. Remove sensitive authentication data storage as a Programme and needs organisational commitment. top most priority. 2. Train staff at all levels (there will be various degrees of 7. Prioritise Risk: once SAD storage is addressed, look at training, and don’t forget Board and Exco) and embed an vulnerabilities in the Card Not Present environment (e- Information Security culture within your organisation early. commerce and Mail Order/ Telephone Order). (This tip 3. Scope: Understand how card payments are currently is for markets that have implemented EMV in their F2F processed (people, process and technology). Reduce the channel). scope of the cardholder environment (the smaller, the 8. Outsource to compliant third parties where possible: easier) in the e-comm space, Level 1 PCI DSS compliant end- 4. There will be quick wins derived by reviewing and to-end e-comm Software as a Service (SaaS) is changing business processes and historical practices increasingly seen as a means of achieving compliance that require little investment. If you don’t need cardholder quicker & maximising RoI. And if not possible, tie down information, don’t have it… third parties (contractually). 5. Develop a gap analysis between current practices and 9. Assess suitability of and implement risk mitigation what is necessary to become PCI DSS compliant. The gap technologies (e.g. Verified by Visa, Secure Code, analysis and cardholder data flow mapping is the most tokenisation, point-to-point encryption, etc.), whilst these important step (and this should be refreshed periodically - are not PCI DSS requirements, they will improve once a year is advised). security and reduce risk. 10.If Compensating Controls are required ensure that all parties are engaged to agree the controls before implementation (merchant, QSA, acquirers)
  • 21. Third parties: do I have a choice? How organisations can select service providers For those who outsource… • 324 (UK) and 900 (US) Level 1 PCI DSS compliant service providers listed on Visa websites http://www.visaeurope.com/en/businesses__retailers/payment_security/downloads__resources.aspx http://usa.visa.com/download/merchants/cisp-list-of-pcidss-compliant-service-providers.pdf • 867 Level 1 PCI DSS compliant service providers listed on MasterCard website http://www.mastercard.com/us/sdp/assets/pdf/Compliant%20Service%20Providers%20- %20November%2029%202010.pdf For those who want to retain control in-house… • 724 PA DSS validated payment applications on PCI SSC website https://www.pcisecuritystandards.org/approved_companies_providers/validated_payment_applications.php?agree=true Barclaycard’s position… • We always recommend that our customers use Level 1 Service providers as self-assessment does not provide you with an independent assessment of your supplier. • Contractual provisions are crucial. • Merchants should seek help from their acquiring bank when facing problems with third party providers as a merchant cannot reach compliance without their third parties being compliant.