Join John Hetherton (QSA) of Espion and Gordon Caulfield (SME) of Qualys as they discuss the key changes in PCI DSS Version 3.0, examine penetration testing methodology from the auditor’s point of view, and how you can maintain compliance.Read more >
In 2014, (ISC)2 and Bit9, along with the PCI Security Standards Council, hosted two webcasts looking at PCI and how to keep up with changes and threats to point of sale (POS) systems. With high profile data breaches leading the 24 hour news cycle, PCI compliance is still still front and center. Join (ISC)2, Bit9 as well as the PCI Security Standards Council for our first roundtable of the New Year on January 22, 2015 at 1:00pm Eastern to discuss what's new with PCI and the challenges of securing cardholder data across POS systems, kiosks, mobile applications and more.Read more >
Get the “must know” details about PCI DSS 3.0 from one of the original authors of PCI DSS 1.0. PCI expert, Didier Godart, explains:
Which changes are most significant
How the changes will impact you & what actions you need to take
How to incorporate the updates into your priorities
The latest changes to PCI DSS 3.0 involve clarifications, additional guidance, evolving requirements, better documentation and scoping, and importantly –necessary action from IT and security teams.
The perfect storm is forming. Windows XP has officially been retired. Point-of-Sale devices, as well as other fixed-function devices, are under constant attack. And the deadline to adopt and implement PCI DSS 3.0 is less than 9 months away. The challenges each of these realities pose are manageable in a vacuum but their pending collision puts you and your organization in the cross-hairs of your board of directors, audit committee, management team, acquirer, and worst of all, the cyber criminals chasing your customers PII.
Join Bit9 and (ISC)2 on June 5, 2014 at 1PM Eastern for a discussion involving PCI DSS 3.0 adoption, coordinating Windows XP compensating controls and locking down POS devices against malware.
The official release of PCI DSS v3.0 is here, now what?
Voltage Security have invited a PCI DSS QSA to assist you with your PCI challenges by providing recommendations on how to execute a seamless upgrade from PCI DSS version 2.0 to 3.0. Find out why it's no longer acceptable to strive for compliance over real-time security. And learn how the new standard brings a whole new meaning to 'business as usual'.
Learn about these important changes and how they affect your business:
- PCI DSS 3.0 – Business as Usual
- PCI DSS 3.0 – Template Changes
- PCI DSS 3.0 – Scope
- PCI DSS 3.0 – Phase-in Requirements
- PCI DSS 3.0 – New Reporting Template
Find out why the new standard can help you make PCI DSS part of your business-as-usual activities by introducing more flexibility, and an increased focus on education, awareness and security as a shared responsibility.
The number one question on peoples' minds is: Can I be PCI Compliant in the Cloud? Organizations are planning millions of dollars on migrating to a variety of public/private cloud combination's and the lingering question is how compliance will impact these plans.
The information in the public domain is rather sketchy on how PCI compliance will impact a migration to the cloud. This presentation will cover the various implementation of cloud computing including: Platform, Infrastructure, and Application as a service models. A key component of PCI DSS compliance is the relationship with third parties and as such we will also discuss the variance of compliance with public and private clouds.
Organizations outsourcing card data to the cloud face significant security risks. Storing, processing and transmitting cardholder data in the cloud brings the cloud environment into scope for the PCI Data Security Standard (PCI DSS). And as soon as an organization adds other players to the offsite card-management mix, ensuring compliance with the PCI DSS becomes increasingly challenging.
In this new environment cloud users and cloud service providers need to clearly understand what their roles and responsibilities are when it comes to protecting this data. Organizations need to know where their data is at all times yet they have limited or no control over cardholder data storage. These are all things that you have to take into consideration when you're thinking about outsourcing to a cloud provider. In this webcast our panel will address ways to navigate the main PCI security challenges in the cloud, and attendees will gain insights on:
- Emerging PCI security risks in the cloud
- Processes for assessing risk when card data could potentially be stored in multiple locations
- Recommendations for achieving PCI compliance across virtual environments
- How to use a data-centric approach to maintain PCI scope management
his session will provide an update on PCI Standards, guidance and new programs for 2013 and strategies for how organizations can take advantage of new technologies and advances in payments to secure cardholder data in the future.Read more >
Learn how to take control of your data by using advanced encryption, centralized key management and cutting edge access controls and policies. In this session, Imam Sheikh, Dir. Product Management at Vormetric, and Tricia Pattee, HOSTING Product Manager will discuss how to proactively address PCI Compliance in the cloud, protect intellectual property and comply with data privacy and system integrity regulations. Join this informative webinar to learn about HOSTING and Vormetric data encryption security solutions and best practices that have helped leading Fortune 500 businesses protect their sensitive data across their private, public and hybrid cloud environments!
What you'll learn:
• How data encryption helps prevent data breaches
• How to address PCI compliance requirements in the cloud
• How to safeguard cardholder information that is stored in a variety of different databases and versions
• The HOSTING and Vormetric approach to securing data in motion and at rest
Abstract: Demonstrating compliance with PCI DSS is far from a trivial exercise. With the deadline for complying with the new PCI DSS 3.0 requirements coming up soon, are you sure you can document your compliance? Join us for this demo-based customer training where we will show you how to get the most out of USM for your PCI DSS compliance efforts, and your overall security posture.
Core USM capabilities that map to specific PCI DSS requirements
NEW PCI DSS reports added in the latest product release
Specific use cases illustrating how to use USM to ensure compliance and improve security
Just about every company is conducting commerce over the internet. Because of this, compliance with the Payment Card Industry Data Security Standard 2.0 (PCI DSS) has become a concern all the way to the boardroom. Yet, as we know from on-going headlines, data breaches are still happening. And on top of that, new threats and technologies are being introduced every day. What can your organization do to streamline the process, mitigate the problem and protect your company and your customers from data breach? Join (ISC)2 and Voltage Security along with FishNet Security on January 24, 2013 for our first ThinkTank Roundtable of the New Year as we discuss PCI and solutions to this important multi-faceted issue of payment security in a changing world.Read more >
Under the rules of PCI DSS v3.1, SSL and early versions of the Transport Layer Security (TLS) protocol are no longer considered acceptable for payment data protection due to "inherent weaknesses" within the protocol. Organizations who process payments must migrate to TLS 1.1 encryption or higher by June 2018. Prior to this date, existing implementations using SSL and/or early TLS must have a formal risk mitigation and migration plan in place. Moreover, details have just been released on the upcoming PCI DSS 3.2.
In a landscape filled with new threats and new regulations, risk management has never been more critical. On this webinar we will look at ways to address the SSL and TLS vulnerabilities by implementing a pragmatic risk migration plan. Join us to learn about innovative data-centric protection technologies that mitigate risk, enable compliance, and are all the more important – especially if potentially insecure transfer methods will continue to be used through mid-2018.
Too many organizations have their administrators running on the Patching Wheel of Death. PCI DSS says all vendor critical patches must be installed within 30 days, right? Wrong. Looking more closely at the PCI standard shows that it actually mandates a risk-based approach to patching.
In this presentation, an experienced PCI QSA discusses how organizations that patch frequently and rely solely on vulnerability scanner or vendor recommendations are actually less PCI compliant. The wasted time spent on unnecessary patching could be better spent on more important ongoing compliance activities and long term fixes. An alternative approach is presented, showing how even applying simple contextual criteria when evaluating patches (in accordance with PCI DSS recommendations) can eliminate over 50% of monthly patch installations.