o Why The 'Customised Approach' future-proofs both the standard and
About this Event
Introducing D avid Froud
David has 25+ years of experience in areas of Information / Data / Cybersecurity, including Regulatory Compliance, Governance Frameworks, Data Protection / Privacy, and FinTech.As Project Lead for several Fortune / FTSE ‘Enterprise Class’ clients, and many startups.
David has performed hundreds of on-site security and compliance assessments for merchants and service providers globally. Currently focused on helping organisations unify their security and data protection programs with regulatory compliance regimes including PCI, GDPR & PSD2.
Security is not easy, but it CAN be simple.
PCI DSS v4.0 - 'Are You Ready?'
A genda
0 9.00 Welcome, tea, coffee, introductions
09.30 Session 1: 'Does the New Standard Makes Sense? Background and Context'
- Subject: The PCI DSS, a Very Slow Evolution
Session Objective: To provide context for the workshop and a little glance into the future.
- Subject: Is This Where the Standard Should Be?
Session Objective: To understand that the PCI DSS is a bare minimum set of controls, and not always appropriate for your business.
- Subject: Is the ‘Customised Approach’ Really Such a Radical Change?
Session Objective: Understand when, and most especially IF to use the customised approach.
10.30 Break and Refreshments
10.45 Session 2: 'New Reporting and Other ‘Innovations’
- Subject: Reports on Compliance (RoC) are at a Whole New Level
Session Objective: QSA companies will inevitably raise their rates. Here’s why, and how to prevent it!
- Subject: Self-Assessment Questionnaires (SAQ)
Session Objective: To understand exactly which report you’ll be filling out.
- Subject: Overall Impressions and Things to Note
Session Objective: To understand that v4.0 is more than just the Customised Approach and new requirements.
12.15 Lunch
13.15 Session 3: New Requirements - Significant Impact
- Subject: Significant New Requirement – What is the True Impact?'
Reqs. 3.2.1 / 3.3.2 - Encryption of Pre-Authorisation Data
Req. 3.5.1.1 - PAN Hashing
Req. 3.5.1.2 - Disk-Level Encryption
- Subject: Web-Facing Infrastructure
Req. 6.4.2 - Removal of Manual Review of ‘Public-Facing Web Applications'
Req. 6.4.3 - Management of ‘Payment Page Scripts’
Req. 11.6.1 - Change-and-Tamper Detection to HTTP Headers
- Subject: Vulnerability Management / Incident Response
Req. 10.4.1.1 - Automated Log Reviews
Req. 10.7.2 / .3 - Failure of Critical Security Control Systems Detection and Response
Req. 11.3.1.2 - Credentialed Internal Vulnerability Scans
14.45 Break and Refreshments
15.00 Session 4: Other Notables
- Subject: Enhanced and Targeted Risk Assessments
Session Objective: To understand the push towards a far more robust risk management process.
- Subject: Other New Requirements
Session Objective: To understand the remaining new requirements.
- Subject: So What Now?
Session Objective: To understand what to do next.
- Subject - Discussion, Q&A
17.30 Event close and onto Networking Drinks and Canapes
Event Venue & Nearby Stays
Tower 42, 25 Old Broad Street, London, United Kingdom
GBP 541.32
