La versión 3.2 del PCI DSS (Payment Card Industry Data Security Standard) ha sido anunciada - las organizaciones que deben cumplir precisan entender los cambios y sus implicaciones. Participe de nuestro webinar para entender más sobre por qué fue lanzado tan rápido y cómo puedes parar mejor a tu organización.
• El alcance de la nueva versión PCI DSS 3.2
• ¿Qué significa para su negocio?
• ¿Por qué deberías implementar los cambios, aunque no sean mandatorios?
• ¿Qué puede venir en el futuro próximo?
You’ve fulfilled the minimum requirements to comply with PCI DSS. But guess what? You still might be vulnerable to a credit card data breach. As we’ve witnessed with recent high-profile cases, companies that are PCI compliant are not necessarily immune to attacks.
So if compliance isn’t enough to guarantee security, how do companies minimize the risk of a data breach?
Join us for a one-hour webinar led by Paul Calatayud, chief information security officer at SureScripts and information security instructor for the SANS Institute. This free session will explain why compliance doesn’t necessarily mean your organization’s PCI data is secure.
The session will also cover the following areas:
Determining who’s responsible for PCI security
Third-party security practices
How a risk-based security approach augments compliance
In today’s cyber environment, IT infrastructures are constantly threatened by cybercriminals and malicious actors. According to a 2017 report by the U.S. Chamber of Commerce, “Conservative estimates put the global economic toll of cybercrime at $375 billion dollars.” Organizations like the Payment Card Industry Security Standards Council exist to develop standards to help protect sensitive and valuable data from such threats. Navigating the landscape of the PCI Data Security Standard recommendations and requirements can be difficult, especially when applying these standards to new and emerging technologies like containers and micro-services.
In this session, Coalfire, a respected PCI qualified security assessor company, and Red Hat will discuss PCI DSS, containers, and how a container platform helps support PCI DSS compliance.
The deadline to comply with Payment Card Industry Data Security Standard (PCI DSS) 3.2 is quickly approaching, leaving many businesses scrambling to understand and meet compliance requirements. Join us for an hour and learn more about the mandate and how you can prepare and be ready by February 2018.
This webinar will discuss and provide helpful information on the upcoming mandate including:
•Overview of PCI DSS 3.2
•What is new in PCI DSS 3.2 and what that means for your business
•Comprehensive solutions that will help you ensure compliance
•Mapping solutions to the needs of your department
Please visit our BrightTalk channel to register for the webinar.
Join Alexander Norell, Director of Global Risk and Compliance Services at Trustwave, as he shares his insider view of what you can expect at the upcoming 2016 Payment Card Industry Security Standards Council (PCI SSC) Europe Community Meeting in October.
Alexander’s findings will be based on what he learns from his attendance at the North America Community Meeting and his insight as a subject matter expert on PCI compliance.
During the webinar, Alexander will:
• Alert you to trending topics and their implications
• Share takeaways from participants as well as SSC leaders
• Analyse the impact to the European community
A versão 3.2 do PCI DSS (Payment Card Industry Data Security Standard) já foi anunciada – as organizações precisam entender as mudanças e suas implicações. Participe para aprender mais sobre o porquê foi lançado tão rápido e como você pode preparar a sua organização.
Participe deste webinário para aprender sobre:
• O escopo na nova versão PCI DSS 3.2
• Que significa para o seu negócio?
• Porque você deveria implementar essas mudanças, mesmo que não forem mandatórías?
• O que pode vir no futuro próximo?
With more and more organisations using the services of a cloud provider, what impact does this have on securing Cardholder Data. This presentation will give an general overview of the PCI SSC, and then focus specifically on the issues relating to storing data in the cloud. Especially it will look at the key issues of “Who is responsible?” and “What happens when there is a data breach”. In addition the presentation will look briefly at the impact of the recent GDPR on cloud storage and cloud providers.Read more >
Join John Hetherton (QSA) of Espion and Gordon Caulfield (SME) of Qualys as they discuss the key changes in PCI DSS Version 3.0, examine penetration testing methodology from the auditor’s point of view, and how you can maintain compliance.Read more >
In 2014, (ISC)2 and Bit9, along with the PCI Security Standards Council, hosted two webcasts looking at PCI and how to keep up with changes and threats to point of sale (POS) systems. With high profile data breaches leading the 24 hour news cycle, PCI compliance is still still front and center. Join (ISC)2, Bit9 as well as the PCI Security Standards Council for our first roundtable of the New Year on January 22, 2015 at 1:00pm Eastern to discuss what's new with PCI and the challenges of securing cardholder data across POS systems, kiosks, mobile applications and more.Read more >
PCI just made changes to the MFA requirements.
With rapid cloud adoption, how do companies protect data, secure access & keep employees productive all while meeting compliance requirements?
- Learn the scope of the new and future Payment Card Industry MFA & SSL (PCI) requirements
- Understand common ways to comply & why companies fall out of compliance
- Review best practices to secure access to your data
Get the “must know” details about PCI DSS 3.0 from one of the original authors of PCI DSS 1.0. PCI expert, Didier Godart, explains:
Which changes are most significant
How the changes will impact you & what actions you need to take
How to incorporate the updates into your priorities
The latest changes to PCI DSS 3.0 involve clarifications, additional guidance, evolving requirements, better documentation and scoping, and importantly –necessary action from IT and security teams.
Out of nearly 300 payment card data breaches investigated by Verizon between 2010 and 2016, not one of the organizations was fully PCI DSS compliant at the time of their breach. When organizations start with a robust security program, the PCI DSS compliance they achieve is supported by a program that allows them to maintain that compliance and be in the best position to secure their customers’ information. Without the proper security tools and expertise in place, businesses expose themselves to the risks of damage to their reputation, brand, and financial health. So how do you stay on top of PCI compliance?
We sit down with Mike Santimaw, Vice President of Information Security, Innovation Labs & Corporate Solutions at Rent-A-Center, as he discusses the PCI challenges faced when making the business transition to a cloud-first approach. You’ll gain first-hand experience on the steps taken to maintain compliance for their digital presence and in over 3,000 stores across North America, while enabling customer experience innovation.
Claim your spot and learn about:
• The business consequences and impact when not PCI DSS compliant
• The key steps for maintaining an effective security program and PCI compliance in a hybrid environment
• The benefits to leveraging managed security for compliance mandates
The perfect storm is forming. Windows XP has officially been retired. Point-of-Sale devices, as well as other fixed-function devices, are under constant attack. And the deadline to adopt and implement PCI DSS 3.0 is less than 9 months away. The challenges each of these realities pose are manageable in a vacuum but their pending collision puts you and your organization in the cross-hairs of your board of directors, audit committee, management team, acquirer, and worst of all, the cyber criminals chasing your customers PII.
Join Bit9 and (ISC)2 on June 5, 2014 at 1PM Eastern for a discussion involving PCI DSS 3.0 adoption, coordinating Windows XP compensating controls and locking down POS devices against malware.
How mobile and distributed POS systems are making PCI security harder than ever.
Reports of data breaches against merchants targeting Point of Sale (POS) systems at retail locations has become a regular occurrence for the past several years, and there seems to be no slowing down.
The growing popularity of alternative payment methods using various mobile applications and mobile POS solutions are also intended to reduce data theft, but does using these payment methods introduce other avenues of potential compromise?
What We're Going to Cover
- How do I maintain PCI security while adopting new payment systems
- How do you achieve this with minimal IT staff and on premise head count
- Why being PCI COMPLIANT is not enough anymore. You need to be PCI SECURE and we'll show you how
About Jeff Man:
Jeff Man is a respected Information Security expert, adviser, and evangelist. He has over 33 years of experience working in all aspects of computer, network, and information security, including risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing.
Earlier in his career, Jeff held security research, management and product development roles with NSA, the DoD and private-sector enterprises. Jeff served as a QSA for nearly 10 years, first with TrustWave, then with VeriSign and finally AT&T Consulting. In this role he has provided PCI consulting and advisory services to many of the nation's best known brands.
The official release of PCI DSS v3.0 is here, now what?
Voltage Security have invited a PCI DSS QSA to assist you with your PCI challenges by providing recommendations on how to execute a seamless upgrade from PCI DSS version 2.0 to 3.0. Find out why it's no longer acceptable to strive for compliance over real-time security. And learn how the new standard brings a whole new meaning to 'business as usual'.
Learn about these important changes and how they affect your business:
- PCI DSS 3.0 – Business as Usual
- PCI DSS 3.0 – Template Changes
- PCI DSS 3.0 – Scope
- PCI DSS 3.0 – Phase-in Requirements
- PCI DSS 3.0 – New Reporting Template
Find out why the new standard can help you make PCI DSS part of your business-as-usual activities by introducing more flexibility, and an increased focus on education, awareness and security as a shared responsibility.
Organizations outsourcing card data to the cloud face significant security risks. Storing, processing and transmitting cardholder data in the cloud brings the cloud environment into scope for the PCI Data Security Standard (PCI DSS). And as soon as an organization adds other players to the offsite card-management mix, ensuring compliance with the PCI DSS becomes increasingly challenging.
In this new environment cloud users and cloud service providers need to clearly understand what their roles and responsibilities are when it comes to protecting this data. Organizations need to know where their data is at all times yet they have limited or no control over cardholder data storage. These are all things that you have to take into consideration when you're thinking about outsourcing to a cloud provider. In this webcast our panel will address ways to navigate the main PCI security challenges in the cloud, and attendees will gain insights on:
- Emerging PCI security risks in the cloud
- Processes for assessing risk when card data could potentially be stored in multiple locations
- Recommendations for achieving PCI compliance across virtual environments
- How to use a data-centric approach to maintain PCI scope management
The number one question on peoples' minds is: Can I be PCI Compliant in the Cloud? Organizations are planning millions of dollars on migrating to a variety of public/private cloud combination's and the lingering question is how compliance will impact these plans.
The information in the public domain is rather sketchy on how PCI compliance will impact a migration to the cloud. This presentation will cover the various implementation of cloud computing including: Platform, Infrastructure, and Application as a service models. A key component of PCI DSS compliance is the relationship with third parties and as such we will also discuss the variance of compliance with public and private clouds.
With hundreds of different requirements, the various Payment Card Industry (PCI) standards can be overwhelming. While the PCI Security Standards Council has provided lots of answers, the devil is often in the details. Our panelists are some of the top PCI QSA’s in the country, with decades of combined PCI and card processing experiences. They’ve seen it all: the good, bad and ugly; and lived to tell the tale.
Join Ben Rothke, David Mundhenk, Arthur Cooper, and Jim Seaman for an interactive session, and get answers to your most vexing PCI questions. No PCI question is out of bounds.
- Ben Rothke, Senior eGRC Consultant at Nettitude Ltd.
- David Mundhenk, CISSP, PCIP, QSA (P2PE), PA-QSA (P2PE)
Sr Consultant at an unnamed GRC consulting firm
- Arthur Cooper "Coop", Sr Security Consultant at NuArx Inc.
- Jim Seaman MSc, CCP, CISM, CRISC, QSA, M.Inst.ISP
Security Consultants Team Lead at Nettitude, Ltd.