PCI 4.0 So What? How to Centre your PCI Programme Around your Business Objective

SureCloud will explore the challenges that organisations face when achieving and maintaining compliance with PCI DSS, with a particular focus on how organisations can design and deploy a programme that aligns with wider business objectives and embeds compliance activities into business operations. With headlines focusing on the evolution of PCI DSS 4.0, our session will target all levels of stakeholder involvement in the management of PCI compliance. Using our experience of delivering compliance applications, as an Approved Scanning Vendor, a penetration testing provider and critically from the experience of our ex-QSAs, we will share some of the shortfall’s that organisations have experienced, particularly focusing on the people, process and technologies critical in protecting an organisations’ payment channels. Craig is responsible for SureCloud’s Risk Advisory Practice including engagement scoping, consultancy delivery and client relationships. Craig has experience in leading and delivering complex cyber security solutions aligned to strategic business objectives. Craig has broad cyber security experience including a strong technical, software development and project management background, with particular strengths in the areas of information risk management, PCI DSS, strategic planning and business auditing. (The session will be structured around our case study organisation, Bananas to help bring this use case to life.) Key session takeaways: •Understand some of the business challenges that organisations face when implementing and maintaining a PCI compliance programme. •Gain real-world insight into the compliance management shortfalls and lessons learned by other organisations. •Reflect on how the next release of the PCI DSS 4.0 provides an opportunity for organisations. •Learn how to gain visibility of compliance using metrics and automation.