Download this case study to see how IT Governance helped this firm find a cost-effective route to achieve and maintain PCI compliance.
This green paper will help organisations to effectively prepare for a PCI audit and ensure a successful audit outcome.
This green paper explains the changes to the Standard and the effect they may have on merchants and service providers.
This green paper will help organisations that are required to comply with the PCI DSS to reduce their CDE in order to minimise compliance costs and resources.
Discover IT Governance’s approach of using the PCI DSS as a set of information security controls that can be effectively integrated within a broader cyber security framework to further reduce risk.
PCI DSS compliance, especially for RoCs and some SAQs, requires internal and external vulnerability scans, and frequent penetration tests.
Payment card data is a prized commodity for cyber criminals and is usually the main target of attacks against commercial environments. Indeed, the 2017 Trustwave Global Security Report found that more than half of the incidents investigated targeted payment card data.
Penetration testing has long been used to help prevent data breaches, understand security weaknesses and test security controls.
This webinar will cover:
This webinar will outline the major PCI DSS challenges faced by merchants, and offer recommendations to help achieve and maintain PCI DSS compliance more effectively.
Our consultants will also explain how complying with the PCI DSS can help you meet the requirements of the GDPR. We’ll introduce a set of controls for keeping cardholder data secure, and explain how technologies, processes and procedures can help protect personal data.
Join our Qualified Security Assessor (QSA) to get an overview of the PCI DSS and how it applies to your organisation:
This webinar has been developed to help organisations effectively prepare for a PCI audit and ensure a successful outcome.
Although this webinar focuses on organisations that must undergo a PCI audit, many of the steps are relevant to any organisation that needs to meet the requirements of the PCI DSS.
Organisations preparing for a PCI audit can avoid common pitfalls and oversights that could mean failing it, which would result in excessive remediation and audit costs, and wasted resources.
Join our QSA to get practical insight into how to overcome common obstacles and comply with the Standard:
Ideal for small merchants and service providers that are not required to submit a Report on Compliance (RoC), a self-assessment questionnaire (SAQ) is a self-validation tool to assess security for cardholder data.
This webinar will provide attendees with the practical knowledge required to identify the right SAQ to achieve full compliance with the PCI DSS.
Get to grips with your SAQ requirements by joining our QSAs to understand:
This free webinar provides step-by-step guidance on scoping the CDE. This includes gathering information, defining a perimeter and analysing data flow. The webinar also provides methods for reducing the scope.
Scoping is the first step to gaining or maintaining PCI DSS compliance, and effective scope reduction can reduce the time and cost of becoming compliant.
Simplify the certification process by joining our QSAs to understand:
Requirement 12 of the PCI DSS requires organisations to actively manage their data protection responsibilities by establishing, updating and communicating security policies and procedures aligned with the results of regular risk assessments.
Security technologies can only go so far in protecting an organisation and helping maintain compliance. Policies are needed to address the weak link in security: people.
If people don’t know or understand what’s expected of them, they can put cardholder data at risk, regardless of the other security measures you have in place. Policies play an important role in securing data. They are the foundation for everything else as they provide direction and instruction, and assign responsibility.
Join our QSAs to understand how to develop PCI policies, including: