Hi [[ session.user.profile.firstName ]]

Can PCI Compliance be Harmful to Your Security Initiative?

Can PCI Compliance be Harmful to Your Security Initiative? Understand and Navigate Compliance in the Real World:

PCI Compliance is necessary, but can it be harmful to your security? Does the prescriptive nature of the PCI regulations make enterprises spend money on controls that might be handled in a different way? Could this also cost the enterprise in capital and operational dollars that might be spent elsewhere? PCI Council General Manager Bob Russo's has defined PCI Compliance as a structured "blend...[of] specificity and high-level concepts" that allows "stakeholders the opportunity and flexibility to work with Qualified Security Assessors (QSAs) to determine appropriate security controls within their environment that meet the intent of the PCI standards." The question is how do you define and create the right structured blend for your organization?

This webinar will help you to understand the difference between meeting a regulation and executing on a well-defined and successful Software Security Assurance program. Attendees will gain an understanding of common pitfalls in navigating the compliance focused enterprise and walk away with directives on how to create a secure environment while maintaining compliance.
Recorded Dec 1 2011 46 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Ken Swain – Engagement Manager and Senior Security Engineer, HP
Presentation preview: Can PCI Compliance be Harmful to Your Security Initiative?

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Effective Application Security Testing at DevOps Speed: Get Started Recorded: Mar 30 2017 56 mins
    James Rabon, Fortify Product Mgr/Security Specialist, HPE and Poonam Yadav, Fortify Product Mgr/Security Specialist, HPE
    Is your business challenged with competing priorities and resources when it comes to application security testing and the need for more rapid application development? Are you impacted by costly and cumbersome remediation of security issues? In a world of competing requirements, how can your application security keep up with the rapid pace of development, and still remain effective?

    Learn how some of the most advanced and innovative application security customers tackle this problem by:

    • Using automation - where modern security tools are being included in the “treat infrastructure as code” mantra

    • Making static and dynamic analysis of applications more efficient and effective

    • Integrating application security throughout the software development lifecycle (using a DevOps toolchain)

    • Gaining visibility and insights into production application behavior and exploits via low-impact Continuous Monitoring

    • Protecting security flaws in production to buy time for true remediation
  • Five Steps to start and build an AppSec Program Recorded: Mar 1 2017 25 mins
    David Harper, Fortify on Demand Practice Principal, EMEA, HPE
    Whether a mandate to secure all web and mobile apps comes from a newly enlightened CIO or in response to a major security breach, beginning even a small application security program can be a daunting task. How will you know how many digital assets you have, let alone their risk profile?

    In this webinar we will explore how, using a cloud solution like Fortify on Demand, even the largest organizations can begin to scan apps immediately and rapidly scale an application security program. Identify and risk rank assets, fix critical vulnerabilities, and put in place a process to secure all new and existing applications - without hiring a separate security team.
  • The True State of Security in DevOps and Expert Advice on How to Bridge the Gap Recorded: Jan 26 2017 56 mins
    Stan Wisseman, Security Strategist, Security & Information Governance, HPE and Jeff Payne, CEO and Founder, Coveros
    Rapid application delivery is dramatically transforming how software is created and delivered, pushing the limits on the speed and innovation required of development teams. If you are wondering how this change in culture, process and operations affects Application Security, you are not alone.

    HPE research reveals that while fully mature DevOps programs are rare, well over half of organizations surveyed are implementing key DevOps methodologies such as Automated Testing and Frequent Delivery. And while most agree that this presents an opportunity to integrate Application Security methodologies – that is not the reality. In fact, only 20% of organizations cite Static Testing during the coding process.

    Join HPE and Coveros to discuss practical advice that DevOps and Application Security Teams, of any maturity level, can take away from these findings and begin to build a roadmap for building security into every step of the SDLC, from coding through production.
  • Protection inside out - how HPE Application Defender changes the AppSec game Recorded: Nov 16 2016 35 mins
    Emil Kiner, Product Manager, Fortify
    Runtime Application Self-Protection (RASP) is growing in popularity as a scalable solution to protect apps from software vulnerabilities in real-time while providing pan-enterprise visibility. As application security and software development organizations use RASP to accurately and safely mitigate the risk of apps in production, security monitoring groups leverage the technology to gain centralized, real-time visibility into use and abuse. Learn about Application Defender’s signature-less detection strategy and how it integrates with your SIEM.
  • Two Breakthrough innovations that Power HPE Security Fortify Webinspect Recorded: Nov 9 2016 45 mins
    Nidhi Shah, Lead Researcher, Software Security Research & Sasi Siddharth Muthurajan, Sr Researcher, Applied Security Research
    Recent innovations in HPE Security Fortify WebInspect have enabled the automated detection of complex vulnerabilities. Hear about two recently patented technologies—multi-credential audit and login macro analysis—that enable the detection of privilege escalation, weak passwords and inconsistent authentication feedback. See critical issues such as unsafe Java deserialization, reflected file download and XML entity expansion. Learn about these vulnerabilities and ways to use WebInspect to detect them.
  • HPE Security Fortify SCA and SSC, new features to power a DevOps SDLC Recorded: Oct 26 2016 27 mins
    Michael Right, Sr Product Manager, Fortify and Emil Kiner, Product Manager, Fortify
    As threats evolve, so must application security. HPE Security Fortify continues to create and pioneer new features and functionality to further automate and streamline your app security testing program. Learn about new static scanning advances that align with DevOps requirements. Hear how scan analytics can further enhance and refine advanced auditing processes to increase the relevancy of security scan results.
  • The Fortify Ecosystem: Seamless integration into the development toolchain Recorded: Oct 18 2016 38 mins
    Scott Johnson, Director of Product Management, Fortify
    Application security tools are best used when they are naturally integrated into the SDLC workflow. With integrations spanning all stages of development, deployment and production, the HPE Security Fortify suite uses open APIs to embed application security testing into the development tool chain.
  • Get to know your apps by implementing Continuous Application Monitoring Recorded: Sep 28 2016 32 mins
    Dylan Thomas, Senior Product Manager, HPE Security Fortify
    As application security moves into the realm of monitoring and protecting applications in production, it’s becoming even more critical to adopt solutions that are automated, continuous and natural. New technology innovations from HPE Security Fortify enable practitioners to continuously discover, profile and assess application portfolios of all sizes.
  • Application Security Monitoring Via The SOC Recorded: Apr 28 2016 22 mins
    Emil Kiner, HPE Product Manager
    Application Defender can provide consistent and centralized logging of application use and abuse to SOCs or others tasked with Security Monitoring. Learn about the Application Logging categories and use cases that will enable you to gain visibility into application activity across the whole enterprise without changing source or parsing logs.
  • SAP ensures applications are secure against data breaches using HPE Fortify Recorded: Apr 6 2016 57 mins
    Barbara Kohde, HPE
    While the value of your information is growing, security threats such as attacks or information theft are making headline news every day and becoming more serious. With SAP and HPE customers investing significantly in mobile solutions, web applications, and customization, it is critical now more than ever to invest in application security solutions.

    Did you know?

    43% of companies had a data breach in the past 2 years
    84% of breaches occur at the application layer
    75% of mobile applications fail basic security tests
    It is 30x more expensive to fix issues in production than while in project phase

    Please join this webinar where our presenter will share the current application security vulnerability situation, common challenges and the approach SAP has taken to ensure application security of its software using HPE Fortify solution.
  • Lacking in appsec resources? You’re not alone. Recorded: Mar 30 2016 46 mins
    Coffee Talk with Michael Farnum, Practice Principle at Fortify on Demand
    The number of applications has increased considerably and organizations are finding they do not have the time, let alone the expertise and resources, to manage an appsec program. In this Coffee Talk, we will make you aware of options available so you can ensure the applications your business depends on, are secure. HPE Security Fortify on Demand is a managed service that allows your organization to stay on top of security vulnerabilities and the latest threats, without the stressors of doing it all yourself.
  • DAST Concepts and Practices Recorded: Feb 1 2016 22 mins
    Jonathan Griggs, Product Manager for HPE Security WebInspect
    The world of web development has evolved and the tactics for securing it have advanced as well. Join Jonathan Griggs, the product manager for HPE Security WebInspect and WebInspect Enterprise, as he covers the concepts and practices around using a dynamic application security testing tool in a modern software security assurance program.
  • 6th Annual Ponemon Cost of Cyber Crime Global Study Results Recorded: Dec 10 2015 45 mins
    Dr. Larry Ponemon, chairman and founder of the Ponemon Institute
    On average, the 58 United States companies participating in the 2015 Cost of Cyber Crime study lost $15 million due to cyber crime, an increase of 19 percent from $12.7 million in last year's study. And other countries are close behind. These are results from the recently completed Ponemon Institute 2015 Cost of Cyber Crime study. You know the risks, but you need the data to plan your defenses and demonstrate the cost of inaction.

    For a fuller look at these and other findings from the institute’s study, join Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, to learn:

    -What cyber crimes are most common and most costly
    -The hidden internal and external costs you incur
    -What security defenses are most effective in reducing losses
    -How businesses with a strong security posture drive down costs
  • Static Application Security Testing (SAST) Recorded: Nov 2 2015 26 mins
    Andy Earle, Security Solution Architect
    With cyber crime becoming more frequent and sophisticated, Static Application Security Testing (SAST) is an increasingly vital activity for an organization. Web applications and software are prime targets for hackers. SAST can help organizations find and fix vulnerabilities in their applications not only at testing, but early in the development lifecycle. In this brief, I will discuss how an effective SAST program can not only reduce risk, but also scale and augment other security efforts, saving time and money in the long run.
Proactively Securing Software for the Enterprise.
Listen to experts from HPE Security, partners and customers discuss pressuring issues across application security.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Can PCI Compliance be Harmful to Your Security Initiative?
  • Live at: Dec 1 2011 6:00 pm
  • Presented by: Ken Swain – Engagement Manager and Senior Security Engineer, HP
  • From:
Your email has been sent.
or close