Preparing for a data breach, specifically a PCI forensics investigation

A great Security B-Sides presentation entitled “How really to prepare for a credit card compromise (PCI) forensics investigation: An ex-QIRA speaks out – David Barnett” was posted on and is a great primer for “what happens now” situation when an event (may) have occurred.  Since it has been posted I have referred many readers to the slides, and each returned with positive comments but asked what jumped out to me (it is 57 slides after all).  Two thumbs up to David Barnett for the presentation.

While I still believe readers should go through the entire presentation (and the other published materials by VISA, MasterCard, and your acquiring bank), here are my favorite slides: (Slide numbers first; what jumped out at me)

  • 10, Implicitly this slide screams – know all the parties that are participants and who must be seriously involved (preparation and planning in addition to an assessment of parties is key here)
  • 13, A great simple slide showing how far we have come over the past few years (yes… the PCI STANDARD has evolved, but the global regulatory, legal, and consumer landscape is vastly different)
  • 24, A beautiful timeline showing the flow of breaches; compliance; fraud; and discovery
  • 35, The final quote speaks volumes – careful that teams are not evaluating their own work (in the audit world this is an extreme requirement and for good that we in security should have a stronger validation structure)
  • 37, Key focus here – PCI is about reducing card fraud, and the forensic response by the Card Brands is focused on mitigating further damages.  For every organization additional forensic efforts must be undertaken to protect the business’ IP and other sensitive data that may have also been exposed)
  • 40, Everyone loves numbers… here are some articulated fines
  • 47, The transaction world is a partnership between all the participants, and as such in any deep relationship organizations should establish a great dialogue and a strong working partnership with all parties handling their customer’s sensitive data

While this presentation takes the position post breach, I would challenge the readers to embrace a principal strongly supported by accounting controls and global industry best practices – that is of monitoring.  Focusing on clean-up requires leadership within an organization and team members to fully understand their business.  In fact, I have seen many organizations mature rapidly into responsive and able to handle fluid business shifts as a result of having these mature detection; responding; and monitoring controls in place.

On a side note, the presentation does have a dedication slide to David Taylor and everyone who met him knows his passion was for bettering the world, and hopefully we all can continue his mission.

Kind regards,

James DeLuccia

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s