Hi [[ session.user.profile.firstName ]]

A Strategic Approach to Establish & Maintain PCI DSS Compliance

Strategic Approach to Establish & Maintain PCI DSS Compliance

Reaching a state of compliance with the PCI DSS is often a major undertaking for an organization frequently spanning multiple business and support areas. Compliance projects are also typically one-off exercises that are both expensive and time consuming. This session focuses upon the specific activities that support the maintenance of compliance as BAU following such initial remediation projects and highlights a strategic approach that an organization can follow to help reduce the PCI DSS compliance overhead and simplify the annual process of validation of their compliance.

Ian White has over 15 years experience as a security consultant and has been an active QSA since 2005. He has performed a full range of PCI DSS related activities including formal PCI DSS audits, gap analysis reviews and assisting customers in their remediation and compliance activities across a range of industry sectors.
Recorded Mar 25 2010 49 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Ian White, Consultant, PCI Subject Matter Expert, Verizon Business
Presentation preview: A Strategic Approach to Establish & Maintain PCI DSS Compliance

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • DevOps, Security and PCI - Implementing SCM To Meet PCI Standards Sep 7 2016 7:00 pm UTC 45 mins
    Kevin Eberman, Director of Operations at MineralTree
    Security failures with millions of stolen credit cards have become an all too normal part of the news. The Payment Card Industry (PCI) has issued a standard for companies and service providers for handling credit cards to mitigate the risk of these breaches. Implementing a PCI certified environment requires a coordinated and sustained commitment to security by adopting policies, writing procedures, and an ability to successfully demonstrate compliance during audits.

    A number of PCI standards require the implementation of Server Configuration Management (SCM). SCM is an integral tool of DevOps. It is invaluable for meeting PCI requirements that are technical and need documentation. This discussion will review security challenges, which PCI requirements can be met with SCM and how to successfully implement SCM to meet PCI standards.
  • The PCI Dream Team – Bring Us Your Trickiest PCI Questions Sep 7 2016 4:00 pm UTC 60 mins
    Moderator: Ben Rothke; Panelists: David Mundhenk, Arthur Cooper, Jim Seaman
    With hundreds of different requirements, the various Payment Card Industry (PCI) standards can be overwhelming. While the PCI Security Standards Council has provided lots of answers, the devil is often in the details. Our panelists are some of the top PCI QSA’s in the country, with decades of combined PCI and card processing experiences. They’ve seen it all: the good, bad and ugly; and lived to tell the tale.

    Join Ben Rothke, David Mundhenk, Arthur Cooper, and Jim Seaman for an interactive session, and get answers to your most vexing PCI questions. No PCI question is out of bounds.

    Moderator:
    - Ben Rothke, Senior eGRC Consultant at Nettitude Ltd.

    Panelists:
    - David Mundhenk, CISSP, PCIP, QSA (P2PE), PA-QSA (P2PE)
    Sr Consultant at an unnamed GRC consulting firm
    - Arthur Cooper "Coop", Sr Security Consultant at NuArx Inc.
    - Jim Seaman MSc, CCP, CISM, CRISC, QSA, M.Inst.ISP
    Security Consultants Team Lead at Nettitude, Ltd.
  • Stop Reading the WSJ and Focus on Your Cyber Risks Sep 6 2016 6:00 pm UTC 45 mins
    Jay Schulman, Principal Security and Privacy at RSM US LLP
    Too many organizations are focused on what issues others are having and don't pay enough attention to what inherent cybersecurity risks they are facing.
    Today's speaker, Jay Schulman, Principal Security and Privacy at RSM US LLP will walk through a concept called "Organizational Threat Modeling." Learn to take a holistic approach to security and look at the overall threats to the organization and then determine a method to address, accept or hedge risks.
  • The GRC Evolution of Digital Enterprises with Convergence of ERM & Cybersecurity Recorded: Aug 25 2016 62 mins
    Colin Whittaker, Informed Risk Decisions; Yo Delmar, MetricStream; Chris McClean, Forrester; Sanjay Agrawal, CIMCON Software
    Cybersecurity has jumped to the top of companies’ risk agenda after a number of high profile data breaches, and other hacks. In an increasingly digitized world, where data resides in the cloud, on mobiles and Internet of Things enabling multitude of connected devices, the threat vectors are multiplying, threatening the firms’ operations and future financial stability.

    Organizations with the ability to view cybersecurity breaches as a risk, with associated probabilities and impacts, can strike the right balance between resilience and protection. By bringing together leadership and capabilities across fraud, IT, cybersecurity and operational risk, organizations can connect the dots and manage their GRC program more effectively. Organizations need to employ a proactive approach to review their existing risk management processes, roles and responsibilities with respect to cybersecurity to re-align them into an overall ERM strategy with boardroom backing.

    Attend this panel webinar, as we discuss these issues and address ways to develop an evolving GRC program to cope with the growing threat landscape.
  • Delivering Data Security with Hadoop and the IoT Recorded: Aug 9 2016 62 mins
    Robert D. Schneider, Partner at WiseClouds LLC, Reiner Kappenberger, HPE Security - Data Security
    The Internet of Things (IoT) is here to stay, and Gartner predicts there will be over 26 billion connected devices by 2020. This is driving an explosion of data which offers tremendous opportunity for organizations to gain business value, and Hadoop has emerged as the key component to make sense of the data and realize the maximum value. On the flip side the surge of new devices has increased potential for hackers to wreak havoc, and Hadoop has been described as the biggest cybercrime bait ever created.

    Data security is a fundamental enabler of the IoT, and if it is not prioritised the business opportunity will be undermined, so protecting company data is more urgent than ever before. The risks are huge and Hadoop comes with few safeguards, leaving it to organizations to add an enterprise security layer. Securing multiple points of vulnerability is a major challenge, although when armed with good information and a few best practices, enterprise security leaders can ensure attackers will glean nothing from their attempts to breach Hadoop.

    In this webinar we will discuss some steps to identify what needs protecting and apply the right techniques to protect it before you put Hadoop into production.
  • Cloud Object Storage 101 Recorded: Jul 14 2016 63 mins
    Nancy Bennis, Director of Alliances, Cleversafe an IBM Company, Alex McDonald, Chair, SNIA Cloud Storage Initiative, NetApp
    Object storage is a secure, simple, scalable, and cost-effective means of embracing the explosive growth of unstructured data enterprises generate every day.
    Many organizations, like large service providers, have already begun to leverage software-defined object storage to support new application development and DevOps projects. Meanwhile, legacy enterprise companies are in the early stages of exploring the benefits of object storage for their particular business and are searching for how they can use cloud object storage to modernize their IT strategies, store and protect data while dramatically reducing the costs associated with legacy storage sprawl.
    This Webcast will highlight the market trends towards the adoption of object storage , the definition and benefits of object storage, and the use cases that are best suited to leverage an underlying object storage infrastructure.
    In this webcast you will learn:
    •How to accelerate the transition from legacy storage to a cloud object architecture
    •Understand the benefits of object storage
    •Primary use cases
    •How an object storage can enable your private, public or hybrid cloud strategy without compromising security, privacy or data governance
  • Virtual Data and Data Masking: The New Approach to Data Security Recorded: Jul 12 2016 47 mins
    Matthew Yeh, Delphix, Product Marketing & Olivia Zhu, Delphix, Business Technology Consultant
    A new, data-centric approach to security is taking hold. Rather than establishing perimeter defenses in hopes of repelling breach attempts, security-minded organizations are investing in technologies that protect the interior--the data itself. In particular, the combination of virtual data and data masking is proving to be a powerful way for enterprises to safeguard sensitive data from both insider and outsider threats.

    View this webinar to learn:

    How data masking is superior to solutions based on encryption and firewalls
    What virtualized data is, and how it forms the foundation for an effective security strategy
    Why integrating data masking with virtual data reduces your surface area of risk by 90%
  • Are ransomware attacks holding the healthcare industry hostage? Recorded: Jun 29 2016 57 mins
    Barry Fisher, Sr. Product Manager at OpenDNS
    Healthcare has become criminals most lucrative target. Why? Because medical records are worth 10 times that of credit cards. The recent digitization of the healthcare industry has rapidly expanded the attack surface to include electronic healthcare records, patient portals, IoT-enabled medical devices and more.

    Imagine losing access to all of your patient data—only to find out you are being extorted by criminals who require payment to get it back. This type of attack can disrupt life & death technologies that medical practitioners rely on to perform their jobs. Ransomware adds up to a significant threat to the healthcare industry.

    But, there are steps you can take to actively reduce the number of ransomware infections across your organization. OpenDNS and Cisco are on the forefront of helping our healthcare customers against various versions of ransomware.

    Hear from Barry Fisher, Sr. Product Manager at OpenDNS, to learn the simplest way for healthcare security practitioners to stay ahead of Ransomware attacks. You’ll learn how to:

    -Reduce ransomware infections across your organization
    -Identify the infrastructure used by attackers to connect, control and transfer the encryption keys
    -Protect medical IoT endpoints, patients’ devices and even devices that don’t run agents, like heart monitors and infusion pumps

    Register now to learn how to start covering your healthcare security gaps.
  • Understanding Account Takeover Attacks Recorded: Jun 23 2016 52 mins
    Mike Milner, CTO and Co-founder of IMMUNIO
    Over the last few years, there are a known 620 million user accounts that have been compromised across hundreds of sites. Organized cybercrime have figured out that this is the fastest, most reliable method to infiltrate organizations, as well as achieve financial gain. Since users share passwords across multiple sites, it is easier to find logins that work on a target site than try to bypass firewalls, find software flaws, or even run spearphishing campaigns.

    These types of attacks are collectively coming to be known as “Account Takeover” (ATO). Some are simple, while others are sophisticated. Some can be stopped relatively easily, and others require much more effort.

    ATO attacks (via stolen credentials) were cited as the #1 method of confirmed data breaches in both 2014 and 2015, for web applications, which itself was the #1 vector for data breaches.

    Come learn what these ATO threats are, their impact to your business, how to detect them, and what you can do about it.
  • Malware Attack "Fan-out" Effect in the Cloud Recorded: Jun 21 2016 60 mins
    Krishna Narayanaswamy, Founder and Chief Scientist, Netskope
    The rapid rise in cloud adoption – of which corporate IT has underestimated the scope by as much as 10x - has created a new effect: a “cloud attack fan-out.” Between many connected devices, which increase the attack surface, and capabilities like sync and share, which increase data velocity in the cloud, both the propensity and the severity of a breach rise.

    Join Krishna Narayanaswamy, Founder and Chief Scientist of cloud security company Netskope, as he takes an in-depth look at data breaches involving cloud services and how they come about. Krishna will take a fun, CSI-like presentation approach and draw upon unique, anonymized data seen in the cloud to illustrate:

    - The multiplier effect that that the cloud can have on the probability of a data breach
    - Three real-world examples in which the cloud can play a role in data breaches, including a step-by-step review of a recent exploit found in a cloud storage app
    - How to identify data breaches in an enterprise cloud environment using advanced anomaly detection techniques
    - A forensic walk-through in the reconstruction of a complex audit following a data breach
    - Best practices for mitigating breaches as well as monitoring and protecting sensitive enterprise data in the cloud
  • Windows 10: Digital Transformation through Affordable Innovation Recorded: Jun 16 2016 17 mins
    Peter Gossin, Digital Transformation Manager, Microsoft
    Digital transformation is the process of using today’s technology to modernize outdated processes and meet the most pressing needs of your business.

    Thanks to recent advances in lower cost tablet technology and Microsoft’s suite of cloud and productivity services, complete digital transformation is more accessible now than ever before. A new class of affordable devices is revolutionizing the way businesses and their employees work and interact with customers.

    Sign up now to:
    •Engage your customers
    •Empower your employees
    •Optimize your operations
    •Transform your products
  • Top 5 Ways Next-Generation Masking is Changing How Businesses Prevent Breach Recorded: Jun 14 2016 50 mins
    Matthew Yeh, Delphix, Product Marketing & Olivia Zhu, Delphix, Business Technology Consultant
    Data Masking Is Changing How Businesses Prevent Data Breach
    With data breaches on the rise, businesses are heavily investing in solutions to safeguard sensitive data. However, businesses too often fail to secure confidential information in environments used for development, testing, training, and analytics. These so-called non-production environments can represent over 80% of the surface area of risk for breach. Data masking has emerged as the de facto standard for protecting these environments from insider and outsider threats alike. Masking replaces sensitive data with fictitious yet realistic data, preserving its value for non-production use while completely eliminating the risk of breach. Moreover, a new generation of solutions couples data masking with advanced virtualization technology to secure and deliver data -- without the slowdown caused by traditional methods.
    Register and discover:

    The key reasons why next-generation data masking reduces risk of breach
    How masking compares to other security approaches such as encryption
    Why next-generation masking is essential for businesses that must comply with HIPAA, PCI DSS, and SOX
  • Digital Content & The Legality of Web Scraping Recorded: May 25 2016 52 mins
    Jonathan Bailey, Rami Essaid, Katie Sunstrom, Orion Cassetto
    Web scraping - the process of using bots to systematically lift content from a website - is either loved or hated. Startups love it because it’s a cheap and powerful way to gather data without the need for partnerships. Large companies use web scraping to gain competitive intelligence, but try to block others from doing the same. However, new legislation and high profile court cases have called into question the legality of web scraping.

    In this lively conversation, diverse panelists will discuss the origin of web scraping, the changing legal landscape, and the legal and technical best practices for protecting your website content.
  • PCI DSS: Preventing Costly Cases of Non Compliance Recorded: May 24 2016 62 mins
    Mathieu Gorge, VigiTrust; Terence Spies, HPE Security – Data Security; Derek Brink, Aberdeen Group; Dan Fritsche, Coalfire
    There is a substantial cost associated with reaching and maintaining PCI DSS compliance requirements, but the cost of non-compliance is often much greater. While the initial cost of the technology, staff and other resources necessary to implement satisfactory controls has its price tag, it is vital that all organizations affected by the PCI standard consider both the short and long-term costs of non-compliance as well as the benefits to meeting the requirements.

    This is especially important as PCI DSS evolves and increase in complexity as the standard moves towards becoming a federal regulation. The costs of non-compliance can far exceed the cost of systems to bring a company into compliance, as demonstrated by so many high profile data breaches. Join this executive panel as we discuss ways to prevent costly cases of non compliance with PCI DSS.
  • Managing Vendor Resiliency Through Audits and Contract Management Recorded: May 19 2016 43 mins
    Melinda Rahe, Business Continuity Program Manager Dell, Inc.
    Outsourcing shifts the burden to mitigate risk to the vendor. But, it does not shift the impact of the risk. Your company’s reputation and its’ customers can be negatively impacted when your vendor experiences failure.
    This presentation discusses how to formulate a vendor resiliency strategy. And, will equip participants with practical solutions for effectively, as well as efficiently, assessing the business continuity risk exposures introduced by outsourcing business functions
  • The Eye of The Security Cyberstorm Recorded: May 11 2016 50 mins
    Chris Olive, Vormetric & Kevin Jackson, FireEye
    It doesn’t matter what industry vertical you are in or how big or small your business is, we are all plagued by the same concern, the security of your most valuable asset – your data. Moreover, the threat is sometimes the ones that you trust most, namely people that have access to your privileged information and data. This insider threat can be your customers, partners and even your employees that accidentally or purposefully release or acquire sensitive data and use it for something other than what it was meant for.

    Just imagine if you had a complete and panoramic scene sizeup along with the ability to proactively address potential threats of both the traditional threat vector of outsiders gaining information as well as the increasingly common and dangerous internal threat. Join us as we discuss this important topic as well as how you can ensure that your organization does not find itself in the eye of the security cyberstorm..
  • The Age of IoT is Here – Managing the Risks and Benefits Recorded: Apr 27 2016 40 mins
    Mike Reinhart is the Director of Product Marketing at Accelops
    Regulatory compliance and security breach protection, is complex in today’s organizations, and this job is not getting easier.

    One of the major challenges that many organizations and managed security services routinely face is that the sources, numbers and types of attacks being generated are increasing exponentially. When you add the growing unknowns associated with the Internet of Things (IoT) it becomes exceedingly difficult to separate the truly lethal threats from the merely mundane. This results in greater complexity and higher costs in terms of not only the number of security incidents that need to be investigated, it is driving organizations to hire the security expertise needed to maintain these services.

    Join us for this webcast to see where state-of-the-art SIEM tools are being used to create a modern managed security service that not only scales to meet the potential threats for organizations, but also allows Managed Service Providers to deliver higher quality managed security services.
  • Practical Guide to Hybrid Cloud Computing Recorded: Apr 21 2016 60 mins
    John Meegan, Candice Campbell, Gary Zein, Karolyn Schalk, Karl Scott, Mike Edwards from the CSCC
    The Cloud Standards Customer Council will define hybrid cloud computing, explain why this deployment model is essential for addressing business requirements, and outline the key considerations that customers must take into account as they start their transition. The presentation will include strategic and tactical activities for decision makers implementing hybrid cloud solutions. It will cover all the essential technical considerations for hybrid cloud deployment including integration, connectivity, governance, management, security and privacy.
trends, developments, and technology
Increasing expectations for good governance, effective risk management and complex demands for legislative and regulatory compliance are presenting a growing challenge for organizations of all sizes. Tune in to live and recorded presentations by respected luminaries in the fields of governance, risk and compliance. Their thought leadership will provide you with practical advice on how to implement successful GRC strategies and processes for your organization.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: A Strategic Approach to Establish & Maintain PCI DSS Compliance
  • Live at: Mar 25 2010 9:00 am
  • Presented by: Ian White, Consultant, PCI Subject Matter Expert, Verizon Business
  • From:
Your email has been sent.
or close