Payment Card Industry Data Security Standard (PCI DSS) webinar series
Despite the prospect of fines and penalties, many merchants are not PCI-compliant. There are many reasons for this, including a lack of awareness, inadequate scoping of the cardholder data environment (CDE) and underestimating the technical complexity of the Standard.
Protect profits by managing payment card risk
The penalties for failing to take adequate precautions are about to get worse for many organisations. Under new EU legislation, a breach of cardholder data that includes any information that could be used to identify the individual is likely to be liable under both the PCI DSS and the General Data Protection Regulation (GDPR).
To support organisations in their PCI DSS projects, IT Governance has launched a series of webinars to help them manage and reduce their payment card risk.
Requirement 12 of the PCI DSS requires organisations to actively manage their data protection responsibilities by establishing, updating and communicating security policies and procedures aligned with the results of regular risk assessments.
Read more >>
Security technologies can only go so far in protecting an organisation and helping maintain compliance. Policies are needed to address the weak link in security: people.
If people don’t know or understand what’s expected of them, they can put cardholder data at risk, regardless of the other security measures you have in place. Policies play an important role in securing data. They are the foundation for everything else as they provide direction and instruction, and assign responsibility.
Join our QSAs to understand how to develop PCI policies, including:
- The differences between a policy, a form and a procedure;
- How to identify which policies and clauses you need to address; and
- How to clearly state the tasks and responsibilities your company has when handling payment card data.
PCI DSS compliance, especially for RoCs and some SAQs, requires internal and external vulnerability scans, and frequent penetration tests.
Read more >>
Payment card data is a prized commodity for cyber criminals and is usually the main target of attacks against commercial environments. Indeed, the 2017 Trustwave Global Security Report found that more than half of the incidents investigated targeted payment card data.
Penetration testing has long been used to help prevent data breaches, understand security weaknesses and test security controls.
This webinar will cover:
- The Standard’s requirements for security testing;
- The differences between a penetration test and a vulnerability assessment;
- The PCI DSS v3.2 requirements for penetration testing and segmentation; and
- How to conduct a penetration testing programme.