Payment Card Industry Data Security Standard (PCI DSS) webinar series
Despite the prospect of fines and penalties, many merchants are not PCI-compliant. There are many reasons for this, including a lack of awareness, inadequate scoping of the cardholder data environment (CDE) and underestimating the technical complexity of the Standard.
Protect profits by managing payment card risk
The penalties for failing to take adequate precautions are about to get worse for many organizations. Under new EU legislation, a breach of cardholder data that includes any information that could be used to identify the individual is likely to be liable under both the PCI DSS and the General Data Protection Regulation (GDPR).
To support organizations in their PCI DSS projects, IT Governance has launched a series of webinars to help them manage and reduce their payment card risk.
September 26, 2018, 10:00 am to 11:00 am (EDT)
Requirement 12 of the PCI DSS requires organisations to actively manage their data protection responsibilities by establishing, updating and communicating security policies and procedures aligned with the results of regular risk assessments.
Read more >>
Security technologies can only go so far in protecting an organisation and helping maintain compliance. Policies are needed to address the weak link in security: people.
If people don’t know or understand what’s expected of them, they can put cardholder data at risk, regardless of the other security measures you have in place. Policies play an important role in securing data. They are the foundation for everything else as they provide direction and instruction, and assign responsibility.
Join our QSAs to understand how to develop PCI policies, including:
- The differences between a policy, a form and a procedure;
- How to identify which policies and clauses you need to address; and
- How to clearly state the tasks and responsibilities your company has when handling payment card data.
October 25, 2018, 10:00 am to 11:00 am (EDT)
PCI DSS compliance, especially for RoCs and some SAQs, requires internal and external vulnerability scans, and frequent penetration tests.
Read more >>
Payment card data is a prized commodity for cyber criminals and is usually the main target of attacks against commercial environments. Indeed, the 2017 Trustwave Global Security Report found that more than half of the incidents investigated targeted payment card data.
Penetration testing has long been used to help prevent data breaches, understand security weaknesses and test security controls.
This webinar will cover:
- The Standard’s requirements for security testing;
- The differences between a penetration test and a vulnerability assessment;
- The PCI DSS v3.2 requirements for penetration testing and segmentation; and
- How to conduct a penetration testing programme.
December 12, 2017, 10:00 am to 11:00 am (EDT)
This webinar outlines the 12 requirements of the PCI DSS relating to the storage, transmission and processing of cardholder data.
Read more >>
We outline the major PCI DSS challenges faced by merchants, and offer recommendations to help achieve and maintain PCI DSS compliance more effectively. Our consultants will also explain how complying with the PCI DSS can help you meet the requirements of the GDPR. We’ll introduce a set of controls for keeping cardholder data secure, and explain how technologies, processes and procedures can help protect personal data.
Join our Qualified Security Assessor (QSA) to get an overview of the PCI DSS and how it applies to your organization:
- The basics of the PCI DSS and the steps to becoming compliant.
- The biggest payment security challenges facing organizations.
- QSA insight to help you achieve and maintain compliance.
- How the PCI DSS can help you meet the requirements of the GDPR.
January 17, 2018, 10:00 am to 11:00 am (EDT)
This webinar has been developed to help organisations effectively prepare for a PCI audit and ensure a successful outcome. Although this webinar focuses on organisations that must undergo a PCI audit, many of the steps are relevant to any organisation that needs to meet the requirements of the PCI DSS.
Read more >>
Organisations preparing for a PCI audit can avoid common pitfalls and oversights that could mean failing it, which would result in excessive remediation and audit costs, and wasted resources.
Join our QSA to get practical insight into how to overcome common obstacles and comply with the Standard:
- Preparing for a successful Report on Compliance (RoC) audit.How to identify nonconformities before the audit takes place.
- How to choose the right QSA.
March 28, 2018, 10:00 am to 11:00 am (EDT)
Ideal for small merchants and service providers that are not required to submit a Report on Compliance (RoC), a self-assessment questionnaire (SAQ) is a self-validation tool to assess security for cardholder data.
Read more >>
This webinar will provide attendees with the practical knowledge required to identify the right SAQ to achieve full compliance with the PCI DSS.
Get to grips with your SAQ requirements by joining our QSAs to understand:
- The different types of SAQs; and
- The applicability of SAQ types to payment processing scenarios:
- Mail or telephone order
June 1, 2018, 10:00 a.m. – 11:00 a.m. (EDT)
This free webinar provides step-by-step guidance on scoping the CDE. This includes gathering information, defining a perimeter and analysing data flow. The webinar also provides methods for reducing the scope.
Read more >>
Scoping is the first step to gaining or maintaining PCI DSS compliance, and effective scope reduction can reduce the time and cost of becoming compliant.
Simplify the certification process by joining our QSAs to understand:
- The importance of determining the system components, people and processes to be included in the scope;
- How to create an accurate data flow diagram to map the movement of cardholder data;
- What to include when mapping the IT infrastructure and external connections; and
- Effective methods to reduce the scope.