One key purpose of the Payment Card Industry (PCI) is to help protect Cardholder Data (CHD). The PCI Data Security Standard (PCI-DSS) outlines key controls that an organization must implement in order to help mitigate the risk of CHD exposure and fraud. The PCI compliancy is structured on the quantity of CHD that an entity processes in a given year. Entities that process larger quantities of CHD are at a higher risk attack by a malicious entity. When an entity is compromised and CHD has been stolen then the entity must be investigated by an authorized forensic company. Commonly referred to as a QIRA or QFI. This presentation will outline the process and implications of engaging a QIRA / QFI and undergoing a PCI forensic investigation.

Speaker Bio: Benjamin Stephan, Director of Incident Management, FishNet Security - Benjamin Stephan comes to FishNet Security with several years of experience in various technical roles. His experience as a security audit professional, senior forensic examiner, and administrator bolster his security expertise as Director of Incident Management. Most recently, Benjamin has maintained a focus on issues regarding digital forensics and breach analysis. He is capable of masterfully assessing both internal and external exposures, identification of critical evidence, and profiling an event based on digital forensics. Benjamin is also an expert at analysis of incident exposures to identify true cause or high risk vulnerabilities; and how to remediate threats in an environment to minimize the risk of continued exposure.

In his current role as Director of Incident Management, Benjamin is active is multiple PCI QIRA projects for Visa, MasterCard, American Express, and Discover. Benjamin also plays an active role as a PCI QSA and PA-QSA. In this role he provides a wide variety of compliance expertise from assessing corporate environments’ adherence to standards, creating gap analyses for current strategies as compared to standard requirements, and advising remediation strategies based on industry best practices.

A challenging economic climate is forcing all companies to examine ways to lower their operational expenses. Network and security teams responsible for protecting mission-critical IT assets and data will be especially hard hit. Unfortunately, there is no financial bail-out plan for the department that deals with evolving threats to enterprise networks. Nor will there be a congressional pass to minimize the burden of existing and emerging regulatory mandates.

Fundamental to any security program is total visibility into an organization’s security posture. But many companies lack the visibility required to effectively and easily protect their IT assets as well as manage risk and regulatory compliance requirements.

This session will examine these challenges and discuss the importance of an intelligent, integrated and automated solution to streamline security operations and reduce overall IT costs.

Speaker Bio: Chris Poulin, CSO, brings a balance of management experience and technical skills encompassing his 25 years in IT, information security, and software development to his role as chief security officer at Q1 Labs.

As a key member of the company's Security Council, Poulin is responsible for the continual evolution of the QRadar family of solutions to keep pace with emerging security threats, customer needs, and industry trends, as well as evangelizing QRadar to strategic partners and customers.

Prior to joining Q1 Labs in July 2009, Poulin spent eight years in the U.S. Air Force managing global intelligence networks and developing software. He left the Department of Defense to leverage his leadership and technical skills to found and build FireTower, Inc., a successful information security consulting practice, with clients that included Cisco Systems, National Geographic, Radio Shack, Symantec, Time-Warner, Vertex Pharmaceuticals, and the U.S. House of Representatives.

Jim Randall, Director of IT Risk Management Solutions, will summarize the recent headline-making hydraq attack. With this anecdote on the anatomy of a breach, we will look at the fundamental controls critical to shrinking the surfaces of attack. Next we will validate with the audience, a handful of approaches to security that the enterprise should consider for better information protection.

Last, we will re-invigorate the concept of the security risk assessment for privacy, threat activity, compliance and other surfaces of risk. The effective security program office uses assessments regularly to spot and measure exposures – this is a best practice for preventing the Active Persistent Threat. Jim will review a few flavors of assessments for the audience to share their thoughts on including that form of analysis regularly in their program.