PCI DSS v4.0 is the biggest change in over a decade, but with good planning it’s actually quite simple.:
About this event
Introducing D avid Froud
David has 25+ years of experience in areas of Information / Data / Cybersecurity, including Regulatory Compliance, Governance Frameworks, Data Protection / Privacy, and FinTech.As Project Lead for several Fortune / FTSE ‘Enterprise Class’ clients, and many startups.
David has performed hundreds of on-site security and compliance assessments for merchants and service providers globally. Currently focused on helping organisations unify their security and data protection programs with regulatory compliance regimes including PCI, GDPR & PSD2.
Security is not easy, but it CAN be simple.
PCI DSS v4.0 - ‘The Project Starts Now’
A genda
0 9.00 Welcome, tea, coffee, introductions
09.30 Session 1: ‘Does the New Standard Makes Sense? Background and Context’
- Subject: The PCI DSS, a Very Slow Evolution
Session Objective: To provide context for the workshop and a little glance into the future.
- Subject: Is This Where the Standard Should Be?
Session Objective: To understand that the PCI DSS is a bare minimum set of controls, and not always appropriate for your business.
- Subject: Is the ‘Customised Approach’ Really Such a Radical Change?
Session Objective: Understand when, and most especially IF to use the customised approach.
10.30 Break and Refreshments
10.45 Session 2: 'New Reporting and Other ‘Innovations’
- Subject: Reports on Compliance (RoC) are at a Whole New Level
Session Objective: QSA companies will inevitably raise their rates. Here’s why, and how to prevent it!
- Subject: Self-Assessment Questionnaires (SAQ)
Session Objective: To understand exactly which report you’ll be filling out.
- Subject: Overall Impressions and Things to Note
Session Objective: To understand that v4.0 is more than just the Customised Approach and new requirements.
12.15 Lunch and Networking
13.15 Session 3: New Requirements - Significant Impact
- Subject: Significant New Requirement – What is the True Impact?’
Reqs. 3.2.1 / 3.3.2 - Encryption of Pre-Authorisation Data
Req. 3.5.1.1 - PAN Hashing
Req. 3.5.1.2 - Disk-Level Encryption
- Subject: Web-Facing Infrastructure
Req. 6.4.2 - Removal of Manual Review of ‘Public-Facing Web Applications’
Req. 6.4.3 - Management of ‘Payment Page Scripts’
Req. 11.6.1 - Change-and-Tamper Detection to HTTP Headers
- Subject: Vulnerability Management / Incident Response
Req. 10.4.1.1 - Automated Log Reviews
Req. 10.7.2 / .3 - Failure of Critical Security Control Systems Detection and Response
Req. 11.3.1.2 - Credentialed Internal Vulnerability Scans
14.45 Break and Refreshments
15.00 Session 4: Other Notables
- Subject: Enhanced and Targeted Risk Assessments
Session Objective**:** To understand the push towards a far more robust risk management process.
- Subject: Other New Requirements
Session Objective**:** To understand the remaining new requirements.
- Subject: So What Now?
Session Objective: To understand what to do next.
- Subject - Discussion, Q&A
17.30 Event close and onto Networking Drinks and Canapes
#pcidssv4 is the biggest change in over a decade, but with good planning it’s actually quite simple.
While the new requirements in v4.0 of the PCI DSS don’t become mandatory until 31 March 2025, 2 years is not a long time without resources or budget. You need to start your transition project now to reduce the impact.
Join us for our interactive and highly informative training days with David Froud on 23 Feb, 23 March or 27 April 2023.
David Froud is 2|SEC’s Head of Consulting Services, and a QSA with over 16 years of experience delivering PCI solutions globally.
We can help you get #pcidssv4 compliant by March 2024.
#pci #pcidss #consulting #cyber #pcidssv4 #london #training #project #planning #help
[
PCI DSS v4.0 - The Project Starts Now
](PCI DSS v4.0 - The Project Starts Now Tickets, Multiple Dates | Eventbrite)