Hi [[ session.user.profile.firstName ]]

Internal Tokenization: A Strategy to Reduce Risks & Lock-in

This session will focus on the value of internal tokenization in reducing scope and potential audit costs at the datacenter, with a specific focus on post-payment applications, databases, loyalty tracking systems, data warehousing, and business applications. Internal tokenization contrasts with exte
This session will focus on the value of internal tokenization in reducing scope and potential audit costs at the datacenter, with a specific focus on post-payment applications, databases, loyalty tracking systems, data warehousing, and business applications. Internal tokenization contrasts with external tokenization, which involves third-parties, brands and additional vendors. Instead, internal tokenization allows enterprises to own and control their own tokens, avoiding migration issues and increasing choice. The presentation will focus on general concepts around internal tokenization, including specific examples of internal tokenization seen in different datacenter applications.

· Learn the difference between external and internal tokenization.
· Learn how to address more than 200 PCI DSS compliance requirements with a single solution.
· Maintain control over your own tokens and avoid payment processor lock-in.
· Tokenize customers’ credit card data to reduce PCI scope and risk
· Understand the controls and protection around the secure vault
· Maintain auditable security policies in a single, hardened form-factor, allowing for future review and change control.
Recorded May 12 2011
54 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Brandon Dunlap, John Kindervag (Forrester), Blake Dournaee (Intel), and Ulf Mattsson (Protegrity).
Presentation preview: Internal Tokenization: A Strategy to Reduce Risks & Lock-in
Recommended for you:
  • Date
  • Rating
  • Views
  • Dynamic Analysis of Android Apps - Attacking Android Apps from the Inside Dynamic Analysis of Android Apps - Attacking Android Apps from the Inside Erez Metula, Founder, AppSec Labs Recorded: May 25 2016 49 mins
    Dynamic analysis of android apps is all about analyzing apps in real time, for the purpose of detecting application level vulnerabilities and for the sake of manipulating applications while they execute. It is often used as a last resort due to its complexity, when other pentesting techniques mainly focused on static analysis are not enough. Common usages of dynamic analysis are extraction of sensitive data from application memory variables, stealing encryption keys, manipulating signature mechanisms and so on.

    During this talk we will focus on memory dumps, remote debugging, small debugging, native debugging, usage of ReFrameworker platform and other interesting things.

    This talk is based on a similar chapter as part of the Android application hacking course given by the speaker at recent BlackHat USA 2015
  • PCI DSS: Preventing Costly Cases of Non Compliance PCI DSS: Preventing Costly Cases of Non Compliance Mathieu Gorge, VigiTrust; Terence Spies, HPE Security – Data Security; Derek Brink, Aberdeen Group; Dan Fritsche, Coalfire Recorded: May 24 2016 62 mins
    There is a substantial cost associated with reaching and maintaining PCI DSS compliance requirements, but the cost of non-compliance is often much greater. While the initial cost of the technology, staff and other resources necessary to implement satisfactory controls has its price tag, it is vital that all organizations affected by the PCI standard consider both the short and long-term costs of non-compliance as well as the benefits to meeting the requirements.

    This is especially important as PCI DSS evolves and increase in complexity as the standard moves towards becoming a federal regulation. The costs of non-compliance can far exceed the cost of systems to bring a company into compliance, as demonstrated by so many high profile data breaches. Join this executive panel as we discuss ways to prevent costly cases of non compliance with PCI DSS.
  • PCI DSS: Preventing Costly Cases of Non Compliance PCI DSS: Preventing Costly Cases of Non Compliance Mathieu Gorge, VigiTrust; Terence Spies, HPE Security – Data Security; Derek Brink, Aberdeen Group; Dan Fritsche, Coalfire Recorded: May 24 2016 62 mins
    There is a substantial cost associated with reaching and maintaining PCI DSS compliance requirements, but the cost of non-compliance is often much greater. While the initial cost of the technology, staff and other resources necessary to implement satisfactory controls has its price tag, it is vital that all organizations affected by the PCI standard consider both the short and long-term costs of non-compliance as well as the benefits to meeting the requirements.

    This is especially important as PCI DSS evolves and increase in complexity as the standard moves towards becoming a federal regulation. The costs of non-compliance can far exceed the cost of systems to bring a company into compliance, as demonstrated by so many high profile data breaches. Join this executive panel as we discuss ways to prevent costly cases of non compliance with PCI DSS.
  • How secure is your Office 365 deployment? How secure is your Office 365 deployment? Teresa Law, Sr. Product Marketing Manager, Symantec & Sunil Choudrie, Solutions Marketing Manager, Symantec Recorded: May 24 2016 60 mins
    Are you concerned about securing your users and data in cloud based collaboration applications like Office 365? You’re not alone. Over 35% of Microsoft Exchange installed base is now on Office 365. Many of these enterprises are actively seeking to extend the same level of security and consistent policies they have in place for existing on-premise and cloud applications, to Office 365.

    Join us for this webcast where we tackle the challenge of securing Office 365 head on and show you how your organization can take Office 365 security to a new level.

    Agenda:

    • Shield Email From Phishing, Sophisticated Malware and Spam
    • Neutralize Advanced Threats and Targeted Attacks
    • Safeguard Your Sensitive Data
    •Control Access with Strong Authentication
  • How secure is your Office 365 deployment? How secure is your Office 365 deployment? Teresa Law, Sr. Product Marketing Manager, Symantec & Sunil Choudrie, Solutions Marketing Manager, Symantec Recorded: May 24 2016 60 mins
    Are you concerned about securing your users and data in cloud based collaboration applications like Office 365? You’re not alone. Over 35% of Microsoft Exchange installed base is now on Office 365. Many of these enterprises are actively seeking to extend the same level of security and consistent policies they have in place for existing on-premise and cloud applications, to Office 365.

    Consider these statistics from IDC:

    • Over 50% enterprises have users that access their Office 365 applications using unmanaged mobile devices
    • Over 90% of threats to enterprises emanate from email
    • 65% of threats go undetected for weeks/months

    IT administrators lose traditional visibility and control when enterprises move email, content creation, file sharing, and collaboration to the cloud; making it harder to detect inappropriate behavior. This makes it critical for organizations to extend the basic security capabilities of Office 365 and ensure consistency in the level of security across all their cloud services.

    Securing cloud applications like Office 365 is a shared responsibility between the cloud service provider and the tenant. Analysts like Gartner and IDC recommend assessing third party security products as a best practice in a comprehensive Office 365 security framework.

    Join us for this webcast where we tackle the challenge of securing Office 365 head on and show you how your organization can take Office 365 security to a new level.

    Learn how to enhance your Office 365 security to:

    • Shield Email From Phishing, Sophisticated Malware and Spam
    • Neutralize Advanced Threats and Targeted Attacks
    • Safeguard Your Sensitive Data
    •Control Access with Strong Authentication

    Symantec can help your organization enhance your security for Office 365 while enabling employee collaboration and productivity. Let us show you how!
  • Dell SonicWALL’s ‘Secure Mobile Access’ Raises the Bar! Dell SonicWALL’s ‘Secure Mobile Access’ Raises the Bar! Steven Sanderson – WW SMA Product Marketing Manager Mark Hewett – WW SMA Product Manager Recorded: May 24 2016 30 mins
    See how it’s possible to give end-users fast, simple access to enterprise applications, data and resources – without compromising your security.

    In this live webinar, you’ll hear from two Dell Security solution experts on how you can manage the proliferation of devices in your workplace.

    During the interactive session, you’ll see how to:
    • Ensure only authorized users and approved devices are granted access to your business network
    • Quickly and easily provision secure mobile access and role-based privileges
    • Keep company data secure in-flight and at rest on devices
  • Secure Mobility: How to Best Protect Your Data Secure Mobility: How to Best Protect Your Data Florian Malecki, Dell SonicWALL & Amar Singh, Founder and CEO, Cyber Management Alliance Recorded: May 24 2016 57 mins
    Today's workforce is mobile, with employees demanding access to more resources from more remote devices and platforms than ever before. Global networks connect employees, partners and customers over multiple Internet, intranets and VoIP channels. Even the smallest organization is now competing globally. IT organizations are struggling to keep up with mobile worker demand for access to more resources from more device types without compromising security and data.

    Join this panel discussion where info security leaders Florian Malecki and Amar Singh will be covering how you can get ahead of the next wave of mobile access and security challenges.
  • GDPR Summary:  Why encryption and other measures are now a must? GDPR Summary: Why encryption and other measures are now a must? Adrian Davis, MD (ISC)² EMEA; Jason Hart, CTO Gemalto; Tom De Cordier, Lawyer and Partner, CMS DeBacker Recorded: May 24 2016 62 mins
    Until recently, EU data protection laws mainly focused on data subject consent, proportionality, purpose limitation, transparency, etc. Information security, however, was very often deemed to be an area for the techies, not an area of legal compliance.
    This will change as a result of two recent and major pieces of EU legislation: the General Data Protection Regulation (GDPR) and the Network and Information Security Directive (NIS Directive).
    Under the GDPR and the NIS Directive, businesses and operators of essential services (eg. hospitals; airports; etc.) will have to implement robust information and system security measures. In addition, the new rules contain a new name-and-shame mechanism: businesses and operators will have to inform the relevant authorities of security incidents. And they will have to inform the affected data subjects, unless the affected data were rendered unintelligible (for example by means of encryption).
    Finally, the EU wants the new data protection rules to become a board-level issue and it has therefore decided to make the rules subject to hefty fines:
    •If a business fails to comply with its data security obligations under the GDPR, it may get a fine of up to 10,000,000 EUR or 2 % of its total worldwide annual turnover, whichever is higher.
    •Worse even, if a business is found to be in breach of certain other obligations under the GDPR, the fine may go up to a dazzling 4 % of its total worldwide annual turnover.
    During this webinar, you will learn from Jason Hart, CTO at Gemalto and Tom De Cordier, an expert in data protection and information security law at CMS in Brussels, what the new rules mean in practice and what businesses should do to bring themselves in line with the upcoming requirements.
  • GDPR Summary:  Why encryption and other measures are now a must? GDPR Summary: Why encryption and other measures are now a must? Adrian Davis, MD (ISC)² EMEA; Jason Hart, CTO Gemalto; Tom De Cordier, Lawyer and Partner, CMS DeBacker Recorded: May 24 2016 62 mins
    Until recently, EU data protection laws mainly focused on data subject consent, proportionality, purpose limitation, transparency, etc. Information security, however, was very often deemed to be an area for the techies, not an area of legal compliance.
    This will change as a result of two recent and major pieces of EU legislation: the General Data Protection Regulation (GDPR) and the Network and Information Security Directive (NIS Directive).
    Under the GDPR and the NIS Directive, businesses and operators of essential services (eg. hospitals; airports; etc.) will have to implement robust information and system security measures. In addition, the new rules contain a new name-and-shame mechanism: businesses and operators will have to inform the relevant authorities of security incidents. And they will have to inform the affected data subjects, unless the affected data were rendered unintelligible (for example by means of encryption).
    Finally, the EU wants the new data protection rules to become a board-level issue and it has therefore decided to make the rules subject to hefty fines:
    •If a business fails to comply with its data security obligations under the GDPR, it may get a fine of up to 10,000,000 EUR or 2 % of its total worldwide annual turnover, whichever is higher.
    •Worse even, if a business is found to be in breach of certain other obligations under the GDPR, the fine may go up to a dazzling 4 % of its total worldwide annual turnover.
    During this webinar, you will learn from Jason Hart, CTO at Gemalto and Tom De Cordier, an expert in data protection and information security law at CMS in Brussels, what the new rules mean in practice and what businesses should do to bring themselves in line with the upcoming requirements.
  • Social Engineering: Is that a Pwn Plug in Your Pocket? Social Engineering: Is that a Pwn Plug in Your Pocket? Peter Wood Recorded: May 24 2016 44 mins
    Most organisations are surprised by the ease with which social engineering defeats their security. The human factor provides a simple and effective route to bypass even the best hardware and software security controls, yet is commonly overlooked or considered too difficult to solve. Peter will share a number of real examples to reinforce his opinion: as more and more data breaches are published, perhaps it’s time to become creative and strengthen the human firewall.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Internal Tokenization: A Strategy to Reduce Risks & Lock-in
  • Live at: May 12 2011 3:00 pm
  • Presented by: Brandon Dunlap, John Kindervag (Forrester), Blake Dournaee (Intel), and Ulf Mattsson (Protegrity).
  • From:
Your email has been sent.
or close
You must be logged in to email this