| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
Many organizations have achieved PCI DSS compliance but as past breaches have shown, some companies are not really compliant. This presentation is a case study covering many years of assessing companies that thought they were compliant, but did not meet the requirements as they believed. We will review failures in scoping, segmentation, storage of cardholder data, security testing, logging and development. We will also discuss problems organizations will face with implementing the new PCI DSS v3. Each case study will include what should have been done to meet compliance.
outline
What Attendees Will Learn in This Session 1. Identify common failure points in PCI DSS compliance 2. How to correctly segment and scope a PCI environment 3. How to achieve PCI DSS compliance 4. What is new in the PCI DSS v3 standard
Jeff Foresman is a founding partner of Pondurance. Jeff manages our compliance practice that specializes in PCI, HIPAA, ISO 27000 and NIST 800-53 advisory services. He also assists clients with developing and implementing information security programs to meet regulatory compliance. Prior to starting Pondurance, Jeff worked for the PCI Security Council, Fishnet, Verizon Business and Sarcom. In addition to his consulting and management duties, Jeff is also the president of the Central Indiana ISSA Chapter, as well as, being certified as a PCI-QSA, CISSP, CHSP and CEH. Back to Louisville InfoSec 2013 video list
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast