|
MasterCard Worldwide is working with Barclaycard Business to bring you a series of webcasts on PCI and how it affects you, your business and your customers. Please be sure to click on any of the webinars below for information on the most important issues and toughest challenges we face today. An Introduction to the PCI Security Standards CouncilThis module will review the background, structure, and scope of responsibilities of the PCI Security Standards Council. Additional topics covered include an overview of the groups who participate (participating organisations, advisory board, etc.), frequently asked council questions and an overview of the PCI Standard Revisions/Updates. View Module 1 A Detailed Look at PCI DSS RequirementsThis module will cover several areas of PCI DSS in great detail. Beginning with a high-level review of merchant and service provider levels (timeframe and validation requirements), the module will provide a detailed review of the requirements of PCI DSS by section. A discussion on remediation and compensating controls will complete the session. View Module 2 Understanding Account Data CompromiseThe intent of this module is to discuss key factors of Data Compromise. The module will include topics such as defining what a data compromise is, how data compromises have evolved, what the top five causes are, how organisations can protect themselves, the impacts and the related costs of data compromises (legal, fines, brand damage). Also included in this module will be a case study of a data compromise. View Module 3 Preparing for a Successful PCI Assessment: Lessons from the FieldThis module will provide insight and tips from a certified Qualified Security Assessor (QSA) and is based on his/her in-the-field experiences. The content of the module will provide information on how to prepare for the PCI DSS assessment, scoping guidance, and communication throughout the assessment and remediation process. The module will also highlight who in an organisation contributes to achieving PCI DSS compliance and how to incorporate success factors across the organisational team. View Module 4 Reducing Your Risk: A Look Into PCI Vulnerability ScanningThis module will provide insight from an Approved Scanning Vendor (ASV). Topics covered include what vulnerability scanning is, interpreting a scan report, and what must be remediated to be PCI DSS compliant. In-depth discussion will also cover how to take a project management approach towards remediation of network vulnerabilities and maintaining scan compliance. View Module 5 Security and the Payment SystemsThis module will cover payment applications as well as POS terminals: what the industry is doing about securing payment applications and POS terminals, and how payment applications, point-of-sale terminal security and e-commerce sites address PCI DSS for their customers. View Module 6 A look into the new Self-Assessment QuestionnaireAs a crucial component of the standard, the updated SAQ Version 1.1 is now available and is intended to simplify and streamline the assessment process. The Self-Assessment Questionnaire (SAQ) is a validation tool intended to assist those merchants and service providers not required to have onsite assessments to self-evaluate their compliance with PCI DSS. There are multiple forms of the SAQ to meet various scenarios, depending on how an organisation stores, processes, or transmits cardholder data. This webinar addresses the different SAQ’s and how to choose the SAQ best suited for your organisation. View Module 7 Compliance Validation and BeyondThe intent of this module is to give insight into the overall PCI DSS picture as well as what happens after a merchant has submitted their PCI DSS compliance results. What happens during the PCI DSS compliance validation process and beyond? What are the benefits of PCI DSS compliance? Why comply with PCI DSS? Discussion will also include a look into the PCI DSS activities of the card brands and financial institutions. View Module 8 Data Encryption: Understanding Encryption and PCI DSSThis session will provide viewers with an initial overview of cryptography and background on the basic concepts of symmetric and asymmetric algorithms. The session will also cover alignment of the PCI DSS encryption requirements with insight and recommendations including those for network and email. Further discussion will cover protection of PAN and key management. View Module 9 Data StorageThis session will cover the complexities of both the temporary and long-term storage of sensitive cardholder data. Additionally, an overview will be provided, explaining what is allowed to be stored through authorisation, what can be stored post-authorisation and what can never be stored. Also covered will be the many places that merchants potentially store cardholder data, which may not be obvious, as well as the ways to identify and purge the prohibited data. Lastly, discussion will focus on how data storage must be a consideration in decisions involving POS applications, POS equipment and the corporate infrastructure. View Module 10 Network SegmentationThis session will focus on the importance of network segmentation to minimize the scope of PCI DSS assessment. The more a merchant/ service provider can isolate their card data environment from their non-card data environment, the more they can significantly reduce the amount of the PCI DSS effort as well as the cost of remediation. Additionally, the session will review the criteria a merchant/service provider should use in determining how to segment their environments, including complexity, cost, operational impact and risk. View Module 11 |
|