Implementing MA 201 CMR 17.00 in a cultural institution…

Tags:

Preview:

Click to see full reader

DESCRIPTION

Implementing MA 201 CMR 17.00 in a cultural institution…. Richard Snow Director of Information Technology Mount Auburn Cemetery rsnow@mountauburn.org. Mount Auburn Cemetery. National Historic Landmark Founded 1831 200,000 visitors annually 175 acres of green space - PowerPoint PPT Presentation

Citation preview

Implementing MA 201 CMR 17.00 in a cultural institution…

Richard SnowDirector of Information TechnologyMount Auburn Cemeteryrsnow@mountauburn.org

Mount Auburn Cemetery

National Historic LandmarkFounded 1831200,000 visitors annually175 acres of green spaceBotanical garden, over 5,000 trees650 Burials annuallyStill selling new burial space

Business Drivers

SalesFundraisingAdministrative

Personal Information on fileCredit card data on fileWhat other exposures would we find?

Mount Auburn Cemetery

People51 full-time, 11 part-time, and 29 seasonal employees, ~50 volunteers…WIDE range of computer skills

Computer Environment70 Win XP Workstations16 servers (12 are VMs)

Two big challenges

PCI DSS v1.2Credit card acquirers charge $20/mo for non complianceStarted impacting us in June, 2010

201 CMR 17.00Originally due for implementation Jan 1, 2009Went into effect March 1, 2010

Could not do it ourselvesGot funding approval in an off year to bring in consultant (unbudgeted)

RFP

RFP to three vendorsHad certification in PCI DSSWere more or less willing to take on a combined engagementBut who has expertise in a moving target?

Included SystemExperts after an SC online presentation.

Deliverables

Gap analysis of multiple requirementsPolicy workshopExternal scan

In addition to those provided by CC Acquirers

Internal scanPolicy review of initial policies

A big staff effort

Writing all those policiesProcedural Changes

Physical Security, Information Handling, PasswordsSystem configuration

Mandatory annual staff training

Compliance

201 CMR 17.00 – February, 2010PCI DSS v 1.2 – September, 2010

To Do List

Increased documentation and daily workNew deadlines to meet (patching, etc.)Unanticipated benefits

Policies still under revisionEnforcementPerpetual training

PowerPoint + WINK = Video on SharePoint

Lessons Learned

Anticipate and budget for complianceBoth your time and dollars

Don’t expect someone to write your policies for youOnline compliance sites for MA 201 CMR 17.00 at the low end

But does the customer understand what they are getting?

References•Mount Auburn Cemetery

–www.mountauburn.org•Rich Snow – rsnow@mountauburn.org

•See Wikipedia for references and overview•201 CMR 17.00•PCI DSS

•www.mass.gov•Compliance checklist•Statute

SystemExperts www.systemexperts.com

http://www.mountauburn.org/
mailto:rsnow@mountauburn.org
http://www.mass.gov/
http://www.mass.gov/Eoca/docs/idtheft/compliance_checklist.pdf
http://www.mass.gov/Eoca/docs/idtheft/201CMR1700reg.pdf
http://www.systemexperts.com/

Recommended

Debunking CMR
Documents
CMR Manual
Documents
225 CMR: DEPARTMENT OF ENERGY RESOURCES 225 CMR …
Documents
CMR - sva.nl
Documents
Cathy s Message The Lighter Side: Cybercriminals Now Have filethem. For example, Massachusetts has 201 CMR 17.00, which requires companies keeping any personal data from Massachusetts
Documents
331 CMR: BUREAU OF MILK MARKETING 331 CMR 7.00
Documents
CMR 60th Anniversary Art1. CMR - Uitgeverij Paris · 6‐10‐2016 1 CMR 60th Anniversary Art1. CMR Tom Turner Hill Dickinson LLP
Documents
Formul Cmr
Documents
Web view247 CMR: BOARD OF REGISTRATION IN PHARMACY. 247 CMR: BOARD OF REGISTRATION IN PHARMACY. 247 CMR 17.00 Proposed New Regulation (Nov
Documents
963 CMR 2 - Mass.Gov CMR: MASSACHUSETTS SCHOOL BUILDING AUTHORITY described in 963 CMR 2.18
Documents
780 CMR 23.00 WOOD 780 CMR 23.00 is Unique to Massachusetts · WOOD 780 CMR 23.00 is Unique to Massachusetts 780 CMR 2301.0 GENERAL 2301.1 Scope. The provisions of 780 CMR 23.00 shall
Documents
Queenie Tan – Courtesy of SCELT1000-16.45 Name Institution Title Room 17.00-17.45 Name Institution Title Room 18.00-18.45 Name Institution Title 19.15-2130 Váh YLs/P Viera Machálková
Documents
Presentation CMR
Documents
360 CMR: MASSACHUSETTS WATER RESOURCES AUTHORITY 360 CMR · PDF file360 cmr: massachusetts water resources authority 8/7/09 360 cmr - 5 360 cmr 1.00: adjudicatory proceedings section
Documents
MA 201 CMR 17.00 Personal Identity Security
Business
MANDATORY DISCLOSURE · 2020. 11. 20. · MANDATORY DISCLOSURE 1 Name of the Institution CMR Institute of Technology Address including Telephone Kandlakoya Village, Medchal district
Documents
CMR # 3947
Documents
Cmr Guidelines
Documents
CMR Enterprises
Documents
CONVENIO CMR
Documents