PCI DSS Version 3.0: Are You Compliant?
On January 1, 2014, the majorly updated Version 3.0 of the PCI Security Standards Council (released November 2013) was put to effect. However, the previous version would remain effective in parallel until December 31, 2014 so that affected organizations get enough time to come into compliance. The PCI DSS standard applies to all entities that store, process, or transmit cardholder data – whether electronically or manually.
Introducing more flexibility into the compliance process is a major change that this revision has brought. Also, increased focus on technical and non-technical factors like security awareness and security as a shared responsibility has been brought to effect. It is based on market feedback received by the Council which highlighted key issues faced by organizations in complying with previous versions – particularly with respect to security education, passwords and authentication, third-party security, self-detection and response to malware and other threats, and consistency in performing risk assessments.
In this live webinar, expert speaker Tom Wills will explain:
- What has changed in the new version?
- Who is affected, and how?
- The difference between strict compliance and effective risk management
- Strategies to bring, and keep, your own organization into compliance with Version 3.0
Attendees will gain an enhanced understanding of how to manage their organizations’ PCI DSS compliance programs in light of the new revision to the standard, as well as the continually evolving security and fraud threat landscape.
- Changes in the real-world threat landscape that are driving the new requirements
- Moving past passwords: the danger in using out-of-date user authentication methods
- The value of tokenization for keeping sensitive data out of criminal hands
- Using data analytics to improve your threat detection and response capabilities
- The human touch: how technical security controls alone are no longer adequate
- How compliance and security are never the same thing
- How to avoid being another “Target”
Who Should Attend
This session will be of most interest to staff and consultants at payment service providers, financial institutions, and retailers with responsibility for product/service delivery, fraud mitigation, or information systems (security, audit, or overall management). Vendors, regulators, and industry analysts may also find the session to be of interest.
Attendee titles may include (but are not limited to): Analyst, Manager, Director, or VP of: Product Management, Operations, Information Systems, Risk Management, Audit, Fraud, or Security.