La versión 3.2 del PCI DSS (Payment Card Industry Data Security Standard) ha sido anunciada - las organizaciones que deben cumplir precisan entender los cambios y sus implicaciones. Participe de nuestro webinar para entender más sobre por qué fue lanzado tan rápido y cómo puedes parar mejor a tu organización.
• El alcance de la nueva versión PCI DSS 3.2
• ¿Qué significa para su negocio?
• ¿Por qué deberías implementar los cambios, aunque no sean mandatorios?
• ¿Qué puede venir en el futuro próximo?
Join Alexander Norell, Director of Global Risk and Compliance Services at Trustwave, as he shares his insider view of what you can expect at the upcoming 2016 Payment Card Industry Security Standards Council (PCI SSC) Europe Community Meeting in October.
Alexander’s findings will be based on what he learns from his attendance at the North America Community Meeting and his insight as a subject matter expert on PCI compliance.
During the webinar, Alexander will:
• Alert you to trending topics and their implications
• Share takeaways from participants as well as SSC leaders
• Analyse the impact to the European community
A versão 3.2 do PCI DSS (Payment Card Industry Data Security Standard) já foi anunciada – as organizações precisam entender as mudanças e suas implicações. Participe para aprender mais sobre o porquê foi lançado tão rápido e como você pode preparar a sua organização.
Participe deste webinário para aprender sobre:
• O escopo na nova versão PCI DSS 3.2
• Que significa para o seu negócio?
• Porque você deveria implementar essas mudanças, mesmo que não forem mandatórías?
• O que pode vir no futuro próximo?
With more and more organisations using the services of a cloud provider, what impact does this have on securing Cardholder Data. This presentation will give an general overview of the PCI SSC, and then focus specifically on the issues relating to storing data in the cloud. Especially it will look at the key issues of “Who is responsible?” and “What happens when there is a data breach”. In addition the presentation will look briefly at the impact of the recent GDPR on cloud storage and cloud providers.Read more >
Join John Hetherton (QSA) of Espion and Gordon Caulfield (SME) of Qualys as they discuss the key changes in PCI DSS Version 3.0, examine penetration testing methodology from the auditor’s point of view, and how you can maintain compliance.Read more >
In 2014, (ISC)2 and Bit9, along with the PCI Security Standards Council, hosted two webcasts looking at PCI and how to keep up with changes and threats to point of sale (POS) systems. With high profile data breaches leading the 24 hour news cycle, PCI compliance is still still front and center. Join (ISC)2, Bit9 as well as the PCI Security Standards Council for our first roundtable of the New Year on January 22, 2015 at 1:00pm Eastern to discuss what's new with PCI and the challenges of securing cardholder data across POS systems, kiosks, mobile applications and more.Read more >
Get the “must know” details about PCI DSS 3.0 from one of the original authors of PCI DSS 1.0. PCI expert, Didier Godart, explains:
Which changes are most significant
How the changes will impact you & what actions you need to take
How to incorporate the updates into your priorities
The latest changes to PCI DSS 3.0 involve clarifications, additional guidance, evolving requirements, better documentation and scoping, and importantly –necessary action from IT and security teams.
The perfect storm is forming. Windows XP has officially been retired. Point-of-Sale devices, as well as other fixed-function devices, are under constant attack. And the deadline to adopt and implement PCI DSS 3.0 is less than 9 months away. The challenges each of these realities pose are manageable in a vacuum but their pending collision puts you and your organization in the cross-hairs of your board of directors, audit committee, management team, acquirer, and worst of all, the cyber criminals chasing your customers PII.
Join Bit9 and (ISC)2 on June 5, 2014 at 1PM Eastern for a discussion involving PCI DSS 3.0 adoption, coordinating Windows XP compensating controls and locking down POS devices against malware.
How mobile and distributed POS systems are making PCI security harder than ever.
Reports of data breaches against merchants targeting Point of Sale (POS) systems at retail locations has become a regular occurrence for the past several years, and there seems to be no slowing down.
The growing popularity of alternative payment methods using various mobile applications and mobile POS solutions are also intended to reduce data theft, but does using these payment methods introduce other avenues of potential compromise?
What We're Going to Cover
- How do I maintain PCI security while adopting new payment systems
- How do you achieve this with minimal IT staff and on premise head count
- Why being PCI COMPLIANT is not enough anymore. You need to be PCI SECURE and we'll show you how
About Jeff Man:
Jeff Man is a respected Information Security expert, adviser, and evangelist. He has over 33 years of experience working in all aspects of computer, network, and information security, including risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing.
Earlier in his career, Jeff held security research, management and product development roles with NSA, the DoD and private-sector enterprises. Jeff served as a QSA for nearly 10 years, first with TrustWave, then with VeriSign and finally AT&T Consulting. In this role he has provided PCI consulting and advisory services to many of the nation's best known brands.
The official release of PCI DSS v3.0 is here, now what?
Voltage Security have invited a PCI DSS QSA to assist you with your PCI challenges by providing recommendations on how to execute a seamless upgrade from PCI DSS version 2.0 to 3.0. Find out why it's no longer acceptable to strive for compliance over real-time security. And learn how the new standard brings a whole new meaning to 'business as usual'.
Learn about these important changes and how they affect your business:
- PCI DSS 3.0 – Business as Usual
- PCI DSS 3.0 – Template Changes
- PCI DSS 3.0 – Scope
- PCI DSS 3.0 – Phase-in Requirements
- PCI DSS 3.0 – New Reporting Template
Find out why the new standard can help you make PCI DSS part of your business-as-usual activities by introducing more flexibility, and an increased focus on education, awareness and security as a shared responsibility.
Organizations outsourcing card data to the cloud face significant security risks. Storing, processing and transmitting cardholder data in the cloud brings the cloud environment into scope for the PCI Data Security Standard (PCI DSS). And as soon as an organization adds other players to the offsite card-management mix, ensuring compliance with the PCI DSS becomes increasingly challenging.
In this new environment cloud users and cloud service providers need to clearly understand what their roles and responsibilities are when it comes to protecting this data. Organizations need to know where their data is at all times yet they have limited or no control over cardholder data storage. These are all things that you have to take into consideration when you're thinking about outsourcing to a cloud provider. In this webcast our panel will address ways to navigate the main PCI security challenges in the cloud, and attendees will gain insights on:
- Emerging PCI security risks in the cloud
- Processes for assessing risk when card data could potentially be stored in multiple locations
- Recommendations for achieving PCI compliance across virtual environments
- How to use a data-centric approach to maintain PCI scope management
The number one question on peoples' minds is: Can I be PCI Compliant in the Cloud? Organizations are planning millions of dollars on migrating to a variety of public/private cloud combination's and the lingering question is how compliance will impact these plans.
The information in the public domain is rather sketchy on how PCI compliance will impact a migration to the cloud. This presentation will cover the various implementation of cloud computing including: Platform, Infrastructure, and Application as a service models. A key component of PCI DSS compliance is the relationship with third parties and as such we will also discuss the variance of compliance with public and private clouds.
With hundreds of different requirements, the various Payment Card Industry (PCI) standards can be overwhelming. While the PCI Security Standards Council has provided lots of answers, the devil is often in the details. Our panelists are some of the top PCI QSA’s in the country, with decades of combined PCI and card processing experiences. They’ve seen it all: the good, bad and ugly; and lived to tell the tale.
Join Ben Rothke, David Mundhenk, Arthur Cooper, and Jim Seaman for an interactive session, and get answers to your most vexing PCI questions. No PCI question is out of bounds.
- Ben Rothke, Senior eGRC Consultant at Nettitude Ltd.
- David Mundhenk, CISSP, PCIP, QSA (P2PE), PA-QSA (P2PE)
Sr Consultant at an unnamed GRC consulting firm
- Arthur Cooper "Coop", Sr Security Consultant at NuArx Inc.
- Jim Seaman MSc, CCP, CISM, CRISC, QSA, M.Inst.ISP
Security Consultants Team Lead at Nettitude, Ltd.
his session will provide an update on PCI Standards, guidance and new programs for 2013 and strategies for how organizations can take advantage of new technologies and advances in payments to secure cardholder data in the future.Read more >
Learn how to take control of your data by using advanced encryption, centralized key management and cutting edge access controls and policies. In this session, Imam Sheikh, Dir. Product Management at Vormetric, and Tricia Pattee, HOSTING Product Manager will discuss how to proactively address PCI Compliance in the cloud, protect intellectual property and comply with data privacy and system integrity regulations. Join this informative webinar to learn about HOSTING and Vormetric data encryption security solutions and best practices that have helped leading Fortune 500 businesses protect their sensitive data across their private, public and hybrid cloud environments!
What you'll learn:
• How data encryption helps prevent data breaches
• How to address PCI compliance requirements in the cloud
• How to safeguard cardholder information that is stored in a variety of different databases and versions
• The HOSTING and Vormetric approach to securing data in motion and at rest
Abstract: Demonstrating compliance with PCI DSS is far from a trivial exercise. With the deadline for complying with the new PCI DSS 3.0 requirements coming up soon, are you sure you can document your compliance? Join us for this demo-based customer training where we will show you how to get the most out of USM for your PCI DSS compliance efforts, and your overall security posture.
Core USM capabilities that map to specific PCI DSS requirements
NEW PCI DSS reports added in the latest product release
Specific use cases illustrating how to use USM to ensure compliance and improve security