Attend our free one-day virtual seminar and get all your PCI-related questions answered!

We’re now in year four of the PCI compliance wave. Some companies have achieved compliance; however they are still struggling to keep pace with the on-going changes in the industry. The continuous changes to the standard itself mean new questions and new challenges to address during a time when many companies have fewer resources and reduced budgets.   

The initial regulation for PCI DSS compliance was somewhat lax and disjointed in the beginning, however the days of getting "slapped on the wrist" for non-compliance are gone. The major payment brands are starting to push PCI DSS compliance much deeper and in a more transparent way then ever before.

This virtual seminar provides tactical advice on how to meet the requirements of PCI and offers practical guidance on how to integrate PCI into your overall compliance program. Discover the changes between 1.1 and 1.2, how to address compensating controls, application security requirements and the steps you need to take now to keep your organization compliant throughout 2009.

Attend our virtual seminar and receive the latest information on PCI DSS, advice on how to meet today's PCI challenges and how to prepare for on-going compliance - all from the convenience of your own desktop!

Session 1: PCI: Setting the Stage for Success

Compliance is a necessity for all organizations in the payment process, but how far do merchants need to go in addressing PCI requirements? Diana Kelley and Ed Moyle explore the payment lifecycle; the role of issues, acquirers, merchants and service providers; and the who, what and why of the PCI assessment process. Learn how to scope the cardholder data environment appropriately to reduce the audit surface and reduce costs, and get an explanation of compensating controls and when to use them. You'll receive straight answers to the following questions:

• Who has to comply with PCI DSS?
• Which companies have to validate the requirements?
• What does the process entail?
• What does it mean to scope the audit environment for improved efficiency?
• When, where, and how to use compensating controls?

Session 2: PCI Compliance in the Cloud: Delivering More, Costing Less

Technology deployed for PCI Compliance has an often accurate reputation for being messy and expensive. This can be disheartening news for an organization whose compliance is not optional. Given today’s climate of economic uncertainty, organizations are left wondering how they can achieve compliance with a tightening budget. Software-as-a-Service (SaaS) might be the answer. SaaS-delivered solutions are helping organizations meet the demands of both shrinking budgets and expanding regulations. Attend and discover how you can reduce your operational costs by 50% through deploying a SaaS-based PCI compliance solution for requirements 10 and 11.

Session 3: The PCI Audit: Requirements 1-6

In this session, Ed Moyle and Diana Kelley review the first six requirements for PCI while addressing changes between 1.1 and 1.2. Learn strategies for defining physical and technical boundaries that help reduce the scope of PCI assessment, saving time, energy and resources.

Explore how to institute a preliminary gap analysis to show where you might be deficient in your audit and how to use the results of the gap analysis to locate potential compensating controls. Save your company money by understanding when implementing compensating controls is sufficient for achieving compliance and when purchasing new solutions is necessary. Review the documentation, procedural and technical implementations for each of the first six requirements:

• Requirement 1: Firewalls
• Requirement 2: Vendor-supplied defaults
• Requirement 3: Protect stored data
• Requirement 4: Network encryption
• Requirement 5: Anti-virus software
• Requirement 6: Develop and Maintain Secure Systems and Applications

Session 4: The PCI Audit: Requirements 7-12

Ed Moyle and Diana Kelley continue their deep-dive of PCI audit and the PCI requirements by reviewing requirements 7-12. They explore the documentation, procedural and technical implementations for these requirements and conclude with a list of top recommendations for successfully meeting PCI.

• Requirement 7: Restrict Access to Cardholder Data
• Requirement 8: Authorization and Authentication
• Requirement 9: Restrict Physical Access
• Requirement 10: Track Access
• Requirement 11: Test Security Systems and Processes
• Requirement 12: Policy
• Recommendations for success

Session 5: Software Security for Compliance, PCI, and Beyond

PCI 6.6 has been the subject of some confusion for merchants trying to interpret the requirements and how to secure Web-facing applications. In this session, Diana Kelley explains web-application security, PCI requirement 6 and 6.6, and the PA-DSS and why creating secure code is essential to protecting assets. She provides an explanation of how security can be woven throughout the software development lifecycle and explains some of the most common web application security vulnerabilities.

Session 6: Live Q&A with Ed Moyle

Ed Moyle is currently a manager with CTG's Information Security Solutions practice, providing strategy, consulting, and solutions to clients worldwide as well as a founding partner of SecurityCurve. He is standing by, ready to answer any questions you have relating to PCI DSS, the information security industry and upcoming regulations around compliance. Take advantage of this opportunity to ask our expert questions to ensure your organization remains compliant throughout 2009.