Getting PCI Compliance Right: Going Beyond the Audit Checklist

Dave Taylor of PCI Knowledge Base joins Tripwire’s Ed Rarick
If over a third of the PCI DSS requirements target IT configuration controls that can be monitored, and retailers regularly pass audits, why do data breaches still occur? They still occur because just passing the audit isn’t enough.

Too many retailers continue to treat PCI DSS compliance as a project focused on passing the audit—a single-point-in-time event that relies on checklists to get them into that compliant state. Despite the fact that retailers pass PCI audits, breaches continue to occur with great regularity. Clearly this checklist approach to securing cardholder data is not working. So how can you ensure that when customers do business with you, their credit card data is secure?

In this webcast Dave Taylor of PCI Knowledge Base joins Tripwire’s Ed Rarick to discuss how mechanically following the PCI checklist and passing your audit can lull you into a false sense of security. They’ll present a solution that can help you truly — and continuously — secure customer credit card data.

Join us to hear:

* The state of cardholder data breaches today.
* Why compromised configuration controls can go undetected for months, even when retailers passed their PCI audit and they were using monitoring solutions.
* How retailers can automatically monitor over a third of the configuration controls required by the PCI DSS to attain and sustain PCI compliance.
* Case studies describing how three retailers have effectively secured their corporate datacenters and in-store infrastructures.

Register today to learn how you can achieve and sustain PCI compliance, pass your audit and give your customers the confidence they need to do business with you.
Aug 13 2009
60 mins
Getting PCI Compliance Right: Going Beyond the Audit Checklist
Join us for this summit:
More from this community:

IT Governance, Risk and Compliance

Webinars and videos

  • Live and recorded (2836)
  • Upcoming (85)
  • Date
  • Rating
  • Views
  • As most IT Pros are aware, as of April 8th, 2014, Microsoft will stop releasing security patches for Windows XP. Unfortunately, most folks will not be able to migrate all Windows XP machines by that deadline. How will you limit the security risks posed by these now vulnerable assets? Join us for this webinar outlining practical strategies to help you cover your assets.
    In this session we'll cover:
    The primary attack vectors you need to consider
    Immediate actions you can take to limit the exposure of your XP assets
    Warning signs to watch out for that could signal an attack
    How to closely monitor your vulnerable assets with AlienVault USM
  • MDM implementations begin by solving the most pressing business problem in a single hub, mostly on-premise. They then expand to another use case, domain, or region, and might evolve to another MDM hub on cloud or in a different country. Whatever the journey might be, how do you tie the different hubs together in a hybrid or federated hub-of-hubs MDM architecture? Come to this session to learn how certain leading companies are solving this conundrum!

    In this webinar, you will learn:
    -What are the initial use cases that dictate MDM
    -How to determine if you should use the same MDM instance or a different one when expanding your use case
    -When to use on-premise versus cloud MDM

    In addition, we will explore examples of companies using hybrid MDM to manage multiple MDM hubs as well as evolving to the holy-grail of MDM architecture: Hub-of-hubs or federated MDM.
  • Cyberspace is typically the prime mechanism for conducting business. It also plays a key role in the socio-cultural lives of staff, customers and suppliers. By the end of 2013, revelations about how governments had been surrendering commercial and personal privacy in the name of national security left trust very badly shaken. And the timing couldn’t be much worse: many CEOs are ramping up their demands to take even greater advantage of cyberspace. So if this is where things are now, how will all of this look by 2016? How will new threats hurtling over the horizon complicate matters even further? Just what will organisations be able to rely on? And most importantly, are they powerless or can they do something now? This webcast spotlights the threats we'll be dealing with over the coming 24 months along with advice on the best ways of handling them.
  • As more and more companies look to take advantage of all of the benefits afforded with cloud-based infrastructures, the discussion often quickly turns to “How do we get there?” For some companies, this single migration question can create an insurmountable roadblock that either keeps them from moving to the cloud or severely delays their migration. Join Michael McCracken, HOSTING’s Director of Professional Services, as he explores different cloud migration strategies along with the benefits and risks associated with each of those strategies.
  • Anti-virus is not enough. McAfee Complete Endpoint Protection add defense in depth against the full threat spectrum from zero-day exploits to hacker attacks, as well as mobile devices such and tablets.
  • Protiviti has conducted the second-annual Executive Perspectives on Top Risks Survey. We obtained the views of more than 370 board members and C-suite executives about risks that are likely to affect their organisation in 2014.

    Join Managing Director, Mike Purvis and Director, Dirk Verwohlt for a discussion of the report findings.
  • With the release of PCI-DSS version 3.0 many organizations that are already PCI compliant or are working towards becoming PCI compliant are wondering what these changes will mean to their organization. In this webinar we will take a look at what has changed (and what hasn’t) and the impact this will have on how organizations approach PCI compliance.
  • As we continue to explore the ERP implementation process, we’re going to dive deeper into one technology solution you might consider for a successful ERP implementation. Join us as we discuss Oracle eBusiness Suite Release 12. You’ll want to join us if you’re:
    • Thinking about upgrading to release 12
    • On R12.1 and considering moving to R12.2
    • Just looking for a little ‘positive sell’ to add to that budget request so you can fund your upgrade

    Oracle eBusiness Suite Release 12 was defined as “The Global Business Release”. This doesn’t encompass just its geographic reach…the Suite is a comprehensive tool whose breadth and depth across industries and business functions is compelling for customers around the world.

    During this session, participants will learn about:
    • The changes to R12.2 including the foundational architecture improvements and financial enhancements
    • How the strength of Financials Release 12 allows businesses to work globally - across applications, divisions and regions and the tools necessary to achieve that.
    • Integration, data management and reporting

    Oracle eBusiness Suite Release 12 makes it easier and less expensive for customers to implement, manage and scale global applications - ultimately improving the overall ownership experience.
  • Big data has gone beyond a buzzword for businesses and is rapidly becoming embedded in the way organisations operate and make decisions. Highlighted as one of the key areas for attention in the latest ISF Threat Horizon 2016 report, Big data analytics can also mislead when decisions are based on faulty, skewed, incomplete or poorly analysed data sets, resulting in missed opportunities as organisations enter the wrong markets, or enter the right markets with the wrong products. It’s also possible that the same data sets can lead to different conclusions in different parts of the world as a result of cultural bias. Further complicating matters, attackers will target data analytics tools to ensure decisions are skewed.

    This webcast will look at the implied threats to Big Data and offer ways of communicating the challenge of effective Big Data analysis and decision making to senior management.
  • Big data has gone beyond a buzzword for businesses and is rapidly becoming embedded in the way organisations operate and make decisions. Highlighted as one of the key areas for attention in the latest ISF Threat Horizon 2016 report, Big data analytics can also mislead when decisions are based on faulty, skewed, incomplete or poorly analysed data sets, resulting in missed opportunities as organisations enter the wrong markets, or enter the right markets with the wrong products. It’s also possible that the same data sets can lead to different conclusions in different parts of the world as a result of cultural bias. Further complicating matters, attackers will target data analytics tools to ensure decisions are skewed.

    This webcast will look at the implied threats to Big Data and offer ways of communicating the challenge of effective Big Data analysis and decision making to senior management.
  • Channel
  • Channel profile
Up Down
  • Insider Threat Kill Chain: Detecting Human Indicators of Compromise May 8 2014 6:00 pm UTC 60 mins
    In this webinar we will:

    • Discuss how human resources, legal and IT can work together to help prevent insider threats before they become a problem.
    • Identify risk indicators with employee attitudes and behavior and how it correlates to their patterns of activity on your network.
    • Show how you can use log intelligence and security analytics to automate actions and alerts and rapid reporting and forensics.
  • Heartbleed Outpatient Care: Steps for Secure Business Recovery Apr 17 2014 6:00 pm UTC 60 mins
    In this webcast we will show:
    1. The Heartbleed vulnerability in detail, how it occurred with examples of how it can be used against your organization
    2. How you can identify your business exposure and what systems are vulnerable
    3. How Tripwire’s solutions work together to help you close the detection, remediation and prevention gaps around Heartbleed
  • AAA: Getting Roadside Assistance from Tripwire Recorded: Apr 2 2014 56 mins
    Tim Masey, Director of Enterprise Information Security at AAA, will share his company’s PCI journey.
    In this Q&A-style webcast you will learn:
    •How to move your PCI efforts from a small tactical implementation to a key critical component of your security posture.
    •How to align your compliance efforts with the needs of the business, which will allow you to gain more resources—financial, human and technical.
    •How to utilize security and policy driven dashboards to get your management’s support.
  • How to Restore Trust After a Breach – Middle East Recorded: Mar 13 2014 39 mins
    Jason Clark, CISSP, Tripwire Technical Manager (Middle East), will be sharing how to achieve trust after a data breach in this UK focused webcast, which will cover crucial questions such as:
    •Which systems can be trusted?
    •What is the extent of the compromise?
    •How quickly can you attain situational awareness?
    Jason will also provide participants with a practical, five-step approach to restore trust in your critical systems after a data breach. Register today to join us for this informative webcast.
  • How to Restore Trust After a Breach – DACH Recorded: Mar 5 2014 52 mins
    Tripwire’s Senior Pre-Sales Consultant, Michael Rohse (DACH), will be sharing how to achieve trust after a data breach in this UK focused webcast, which will cover crucial questions such as:
    •Which systems can be trusted?
    •What is the extent of the compromise?
    •How quickly can you attain situational awareness?
    Michael will also provide participants with a practical, five-step approach to restore trust in your critical systems after a data breach. Register today to join us for this informative webcast.
  • How to Restore Trust After a Breach - UK Recorded: Mar 4 2014 57 mins
    In this webcast, Joel Barnes, UK Senior Systems Engineer, will share how best to achieve trust after a data breach. He’ll cover crucial questions, such as: Which systems can be trusted? What is the extent of the compromise? How quickly can you attain situational awareness? He will also provide participants with an approach to restore trust in your critical systems after a data breach, following five steps:
    1.Know what you have and prioritize by risk levels
    2.Define what “good” looks like
    3.Harvest system state information from your production systems
    4.Perform a reference node variance analysis to identify compromised systems
    5.Remove suspect systems from the environment and return to a trustworthy state
    Join us for this informative webcast!
  • How to Restore Trust After a Breach Recorded: Feb 12 2014 56 mins
    In this webcast, Dwayne Melancon, Tripwire’s Chief Technology Officer, will share how best to achieve trust after a data breach. He’ll cover crucial questions, such as: Which systems can be trusted? What is the extent of the compromise? How quickly can you attain situational awareness? He will also provide participants with an approach to restore trust in your critical systems after a data breach, following five steps:
    1.Know what you have and prioritize by risk levels
    2.Define what “good” looks like
    3.Harvest system state information from your production systems
    4.Perform a reference node variance analysis to identify compromised systems
    5.Remove suspect systems from the environment and return to a trustworthy state
    Join us for this informative webcast!
  • Preparing for PCI DSS v3.0: Advice from the QSA Recorded: Jan 22 2014 57 mins
    As a former QSA and currently a security analyst at The 451 Research, Adrian Sanabria will share a frank viewpoint of how the new version of Payment Card Industry standard will affect your organization.

    Join us for this webcast and you will:

    •Obtain the point of view from the QSA
    •Learn how PCI DSS 3.0 may affect your Report on Compliance
    •Understand the job of a QSA and the qualities of a good QSA
    •Learn how Tripwire solutions can make the job of the QSA and the PCI audit process easier
  • Vulnerability Voodoo: The Convergence of Foundational Security Controls Recorded: Dec 17 2013 60 mins
    Charles Kolodgy, Research Vice President for IDC's Security Products service, and Edward Smith, Product Marketing Manager at Tripwire, will discuss:

    •Integrating Vulnerability Management with other security controls to improve compliance and security posture
    •Leveraging Vulnerability Management beyond the server room to reduce risk across the entire enterprise
    •Combining business intelligence from Vulnerability Management with other security controls to make better business decisions
  • PCI DSS 3.0: Don't Shortchange Your PCI Readiness Recorded: Dec 16 2013 60 mins
    Join Jeff Hall, CISSP, CISM, CGEIT, PCI-QSA, PCIP and Senior Security Consultant at FishNet Security and Steve Hall, Director of PCI Solutions at Tripwire, to learn how PCI DSS 3.0 will impact your organization and what you need to do:
    • Understanding key themes for PCI DSS 3.0
    • Making sense of the new requirements, guidance, and clarifications
    • What’s changed, what hasn’t, and what will affect merchants and services providers the most
    • Key considerations to ensure you don’t shortchange your audit preparations
  • Reducing Risk Through Effective Vulnerability Management Recorded: Dec 16 2013 33 mins
    Gavin Millard, Tripwire's EMEA Technical Director, will discuss why effective vulnerability management is critical to measuring, managing and reducing your attack surface and how to gain insight from the information Tripwire can provide.
    Topics covered will include
    • Why asset discovery is fundamental to understanding the size and scope of your extended infrastructure
    • How to gain full visibility into where the most vulnerable areas of the infrastructure reside through Tripwire’s market leading scoring approach
    • How to prioritise the hosts within the infrastructure to quickly reduce the risk and gain control of your attack surface
    • What reporting works with management to connect the value of vulnerability management to the business goals of the organisation
  • 2014 IT Security Budget Mistakes to Avoid Recorded: Nov 6 2013 56 mins
    Often during budget cycles, we’re handed a number – no choice or negotiation – this is just all you get. This year however, there are some positive trends in security budget research from Gartner, IDC, Ponemon, and CEB.

    This webcast will show you how to maximize your leverage of increased security spending, list the top three security budget mistakes and offer ideas that may help connect security to your organization’s bottom line.

    Tune in to hear:
    • Positive security budget trends and how to use them to increase your 2014 budget
    • Technology trends and their impact on your security budget
    • Budget presentation ideas for the C-Suite
  • Avoiding Vulnerability Info Overload: How to Prioritize and Respond to Risk Recorded: Oct 16 2013 32 mins
    Lamar Bailey, Tripwire's Director of the Vulnerability & Exposure Research team will provide you with a better understanding of:
    - Why is the Tripwire Vulnerability scoring so granular?
    - How do we arrive at those scores and why not just use CVSS?
    - What do you mean by business context of measuring risk?
    - How will it help us be more efficient managing risk?
  • Using the SANS Top 4 Controls to Measure and Reduce your Attack Surface Recorded: Oct 4 2013 36 mins
    Please accept our apologies for the technical difficulties encountered with this webinar on Monday. This is now due to take place on Friday 4th October.

    This hour-long webinar, hosted by Gavin Millard, Tripwire's EMEA Technical Director, will discuss:
    • Using the SANS critical controls to understand and reduce your infrastructures attack surface
    • Profiles of the current ‘threat actors’ and how the 20 CSC can help thwart the most common threats
    • How to measure the effectiveness of controls through metrics to ensure success and investment from the business
  • Strategic Vulnerability Management: Go Beyond Scanning Recorded: Sep 23 2013 55 mins
    Join Rick Holland, Forrester Senior Analyst, and Edward Smith, Product Marketing Manager at Tripwire, to learn how to go beyond scanning to a strategic vulnerability management program.
    In this webcast you’ll learn how a strategic VM program can help you:
    • Go from counting vulnerabilities to accurately measuring, managing, and communicating risk.
    • Understand and classify the assets and vulnerabilities in your environment
    • Triage remediation efforts for more efficient operations

    We hope you will join us.
  • CyberSecurity Awareness and the SANS 20 CSCs Recorded: Sep 12 2013 62 mins
    Join us for this conversational webinar featuring Jane Holl Lute, the new CEO of the Council on Cybersecurity, as she shares her thoughts on the rapidly evolving world of cybersecurity.

    In this webinar, you will learn:
    * How the Council on CyberSecurity will be influencing cybersecurity, the SANS 20 CSC, and how it may affect your organization
    *Suggestions from Jane's experience on threat actors
    *Value your organization may gain from upcoming activities and events involving Council on CyberSecurity
  • TLC 7.0: Creating Confidence through Improved Log Intelligence Recorded: Aug 26 2013 40 mins
    As Security Management solutions evolve to address today’s environment of complex security threats, the need for a log intelligence layer has emerged to provide high speed analysis and filtering of log and event data.

    In this webcast, Steve Hall, Director, Product & Solution Marketing at Tripwire, discusses what’s new with Tripwire Log Center: including the new Advanced Log Collector VIA Agent and the integration of iP360, which intelligently protects critical infrastructure with the correlation of SANS top four security controls.
  • How to Communicate Security Imperatives to the Business Recorded: Aug 7 2013 59 mins
    Global IT executive Jitender Arora and Dwayne Melancon, Tripwire’s CTO, will demonstrate the pitfalls and offer tips and tricks for communicating security initiatives with executives and non-financial stakeholders.
    In this webcast, you will learn how to:
    o Effectively communicate with non-technical executives
    o Align security initiatives with the goals of the business
    o Prioritize security controls according to protect what's most important in your organizations
    o Continuously measure progress and tie results back to the business objectives
    Join us for this informative—and entertaining—webcast!
  • I Didn't Know Tripwire Owned That! Recorded: Jun 25 2013 45 mins
    Join Bryce Schroeder,Systems Engineer Director of Tripwire, to get an overview of the technology Tripwire recently acquired through the purchase of nCircle.

    Hear why hardware and software discovery is the foundational control to understanding your attack surface and how nCircle's market leading Vulnerability management solutions can help reduce the risk of breach within your infrastructure.

    This 30 minute presentation will include an overview of the extended product portfolio, key advantages to the technology and why the nCircle acquisition complements Tripwire’s portfolio.
  • I Didn't Know Tripwire Owned That! Recorded: Jun 18 2013 38 mins
    Join Gavin Millard, EMEA Technical Systems Director of Tripwire, to get an overview of the technology Tripwire recently acquired through the purchase of nCircle.

    Hear why hardware and software discovery is the foundational control to understanding your attack surface and how nCircle's market leading Vulnerability management solutions can help reduce the risk of breach within your infrastructure.

    This 30 minute presentation will include an overview of the extended product portfolio, key advantages to the technology and why the nCircle acquisition complements Tripwire’s portfolio.
Leading Provider of IT Security and Compliance Automation Solutions
Tripwire’s powerful IT security and compliance automation solutions help businesses and government agencies take control of their IT infrastructure.
Try a powerful marketing platform for your videos and webinars. Learn more  >

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Getting PCI Compliance Right: Going Beyond the Audit Checklist
  • Live at: Aug 13 2009 4:00 pm
  • Presented by: Dave Taylor of PCI Knowledge Base joins Tripwire’s Ed Rarick
  • From:
Your email has been sent.
or close
You must be logged in to email this