PCI DSS v4.0 - The Project Starts Now

PCI DSS v4.0 is the biggest change in over a decade, but with good planning it’s actually quite simple.:

About this event

Introducing D avid Froud

David has 25+ years of experience in areas of Information / Data / Cybersecurity, including Regulatory Compliance, Governance Frameworks, Data Protection / Privacy, and FinTech.As Project Lead for several Fortune / FTSE ‘Enterprise Class’ clients, and many startups.

David has performed hundreds of on-site security and compliance assessments for merchants and service providers globally. Currently focused on helping organisations unify their security and data protection programs with regulatory compliance regimes including PCI, GDPR & PSD2.

Security is not easy, but it CAN be simple.

PCI DSS v4.0 - ‘The Project Starts Now’

A genda

0 9.00 Welcome, tea, coffee, introductions

09.30 Session 1: ‘Does the New Standard Makes Sense? Background and Context’

  • Subject: The PCI DSS, a Very Slow Evolution

Session Objective: To provide context for the workshop and a little glance into the future.

  • Subject: Is This Where the Standard Should Be?

Session Objective: To understand that the PCI DSS is a bare minimum set of controls, and not always appropriate for your business.

  • Subject: Is the ‘Customised Approach’ Really Such a Radical Change?

Session Objective: Understand when, and most especially IF to use the customised approach.

10.30 Break and Refreshments

10.45 Session 2: 'New Reporting and Other ‘Innovations’

  • Subject: Reports on Compliance (RoC) are at a Whole New Level

Session Objective: QSA companies will inevitably raise their rates. Here’s why, and how to prevent it!

  • Subject: Self-Assessment Questionnaires (SAQ)

Session Objective: To understand exactly which report you’ll be filling out.

  • Subject: Overall Impressions and Things to Note

Session Objective: To understand that v4.0 is more than just the Customised Approach and new requirements.

12.15 Lunch and Networking

13.15 Session 3: New Requirements - Significant Impact

  • Subject: Significant New Requirement – What is the True Impact?’

Reqs. 3.2.1 / 3.3.2 - Encryption of Pre-Authorisation Data

Req. - PAN Hashing

Req. - Disk-Level Encryption

  • Subject: Web-Facing Infrastructure

Req. 6.4.2 - Removal of Manual Review of ‘Public-Facing Web Applications’

Req. 6.4.3 - Management of ‘Payment Page Scripts’

Req. 11.6.1 - Change-and-Tamper Detection to HTTP Headers

  • Subject: Vulnerability Management / Incident Response

Req. - Automated Log Reviews

Req. 10.7.2 / .3 - Failure of Critical Security Control Systems Detection and Response

Req. - Credentialed Internal Vulnerability Scans

14.45 Break and Refreshments

15.00 Session 4: Other Notables

  • Subject: Enhanced and Targeted Risk Assessments

Session Objective**:** To understand the push towards a far more robust risk management process.

  • Subject: Other New Requirements

Session Objective**:** To understand the remaining new requirements.

  • Subject: So What Now?

Session Objective: To understand what to do next.

  • Subject - Discussion, Q&A

17.30 Event close and onto Networking Drinks and Canapes

#pcidssv4 is the biggest change in over a decade, but with good planning it’s actually quite simple.

While the new requirements in v4.0 of the PCI DSS don’t become mandatory until 31 March 2025, 2 years is not a long time without resources or budget. You need to start your transition project now to reduce the impact.

Join us for our interactive and highly informative training days with David Froud on 23 Feb, 23 March or 27 April 2023.

David Froud is 2|SEC’s Head of Consulting Services, and a QSA with over 16 years of experience delivering PCI solutions globally.

We can help you get #pcidssv4 compliant by March 2024.

#pci #pcidss #consulting #cyber #pcidssv4 #london #training #project #planning #help


PCI DSS v4.0 - The Project Starts Now

](PCI DSS v4.0 - The Project Starts Now Tickets, Multiple Dates | Eventbrite)