Security First: PCI Compliance Second
Security is something you DO continuously and diligently; not something you check off a "to do" list and then sit back and relax. The PCI-DSS standard has all the component parts to allow companies to adapt this state of due diligence. But it is too commonly presented as a point-in-time AUDIT.
We can do much better.
In this session, attendees will learn how PCI compliance COULD equate to security if the standards were actually applied and followed across the enterprise, and not limited to the "cardholder data environment." Jeff Man, a former QSA and information security consultant, will speak to the six best practices for implementing PCI DSS into "Business as Usual" processes (as introduced in PCI DSS V3.0) for more effective use of the standard, including:
- Monitoring of all security controls
- Ensuring all failures in security controls are detected and there is a response
- Performing Risk assessment/impact analysis
- Formally reviewing security program after changes to organizational structure
- Periodic reviewing processes and frequent education/awareness communications
- Reviewing technologies regularly
- Performing continuous network monitoring
Webinar attendees should recognize that while this approach does not eliminate the possibility of a successful attack or breach, it can significantly increase the likelihood of successfully detecting and thwarting more attempted attacks, and minimizing the damage.