PCI Compliance: A Holistic View
BrightTALK is delighted to be powering this online event hosted by ISACA. Join us to hear the live presentations and submit real-time questions to the speakers. All presentations are being recorded so you can download the on-demand archive as well (check out the recorded events tab). This conference series will now be run using Flash. Please make sure you have the latest version of Flash installed. Make sure you click the 'confirm attendance' button once you have registered or logged in on the ISACA e-Symposium site.
Visit sponsor booth
For organizations attempting to secure their Web applications to meet compliance standards, PCI regulations present a choice of two options: Perform a code review or install a WAF. This, however, is a false choice. First, it’s a choice between two fundamentally distinct tools and second, the best course of action is obviously do both. Today's session will discuss section 6.6 of PCI, explain the choices and suggest a course of action.
Log management is now a requirement for PCI Compliance and many other regulatory standards. However, beyond meeting the regulatory “letter of the law”, log management provides powerful access to a rich set of data. This data provides visibility into and incident response support for issues that span security, audit, and operations. This session will explain how to meet PCI requirements for log management, while leveraging PCI log management investments to gain a holistic view of network activity and pro-actively address security and operations incidents across an enterprise.
If over a third of the PCI DSS requirements target IT configuration controls that can be monitored, and companies regularly pass audits, why do data breaches still occur? Just passing the audit isn’t enough. Too many companies continue to treat PCI DSS compliance as a project focused on passing the audit—a single-point-in-time event that relies on checklists to get them into that compliant state. In spite of passing PCI audits, breaches continue to occur with great regularity. Clearly this checklist approach to securing cardholder data is not working. So how can you ensure that when customers do business with you, their credit card data is secure? In this presentation we will discuss state of cardholder data breaches today, how mechanically following the PCI checklist and passing your audit can lull you into a false sense of security, and solutions that can help you truly—and continuously—secure customer credit card data.
Merchants and service providers have been challenged for years now with achieving PCI compliance. Participants will learn about recent changes that eliminate the option to self-assess for Level 1 and Level 2 merchants and how to respond to this change as well as best practices for reducing the effort of maintaining compliance year to year.
This e-Symposium qualifies for 3 CPE points. To obtain CPE credit, members must download and listen to all event presentations and successfully complete a CPE quiz. To access the quiz, click the CPE button at the top of this page or click the Play button below.
