Download this case study to see how IT Governance helped this firm find a cost-effective route to achieve and maintain PCI compliance.
This paper, updated for PCI DSS v4.0, will help organisations understand and prepare for the PCI DSS audit process.
This paper will help organisations understand how to minimise the PCI DSS v4.0 compliance burden by reducing their scope, and how to choose the right SAQ.
This paper explains some of the key changes organisations need to be aware of to successfully plan their transition project to PCI DSS v4.0.
Discover IT Governance’s approach of using the PCI DSS as a set of information security controls that can be effectively integrated within a broader cyber security framework to further reduce risk.
Delivered by: John Tracey, GRC Consultant, IT Governance USA
Earlier this year, PCI DSS (Payment Card Industry Data Security Standard) version 4.0 was published. Although the current version (3.2.1) remains valid until March 2024, organisations should prepare to comply with the new requirements.
PCI DSS v4.0 introduces a “customized approach”, where organisations may use their own control to meet the objective of any PCI DSS requirement in place of the defined requirement.
However, there are strict rules on using this approach. For more information on how to prepare for compliance with the PCI DSS v4.0, discuss:
PCI DSS compliance, especially for RoCs and some SAQs, requires internal and external vulnerability scans, and frequent penetration tests.
Payment card data is a prized commodity for cyber criminals and is usually the main target of attacks against commercial environments. Indeed, the 2017 Trustwave Global Security Report found that more than half of the incidents investigated targeted payment card data.
Penetration testing has long been used to help prevent data breaches, understand security weaknesses and test security controls.
This webinar will cover:
This webinar will outline the major PCI DSS challenges faced by merchants, and offer recommendations to help achieve and maintain PCI DSS compliance more effectively.
Our consultants will also explain how complying with the PCI DSS can help you meet the requirements of the GDPR. We’ll introduce a set of controls for keeping cardholder data secure, and explain how technologies, processes and procedures can help protect personal data.
Join our Qualified Security Assessor (QSA) to get an overview of the PCI DSS and how it applies to your organisation:
This webinar has been developed to help organisations effectively prepare for a PCI audit and ensure a successful outcome.
Although this webinar focuses on organisations that must undergo a PCI audit, many of the steps are relevant to any organisation that needs to meet the requirements of the PCI DSS.
Organisations preparing for a PCI audit can avoid common pitfalls and oversights that could mean failing it, which would result in excessive remediation and audit costs, and wasted resources.
Join our QSA to get practical insight into how to overcome common obstacles and comply with the Standard:
Ideal for small merchants and service providers that are not required to submit a Report on Compliance (RoC), a self-assessment questionnaire (SAQ) is a self-validation tool to assess security for cardholder data.
This webinar will provide attendees with the practical knowledge required to identify the right SAQ to achieve full compliance with the PCI DSS.
Get to grips with your SAQ requirements by joining our QSAs to understand:
This free webinar provides step-by-step guidance on scoping the CDE. This includes gathering information, defining a perimeter and analysing data flow. The webinar also provides methods for reducing the scope.
Scoping is the first step to gaining or maintaining PCI DSS compliance, and effective scope reduction can reduce the time and cost of becoming compliant.
Simplify the certification process by joining our QSAs to understand:
Requirement 12 of the PCI DSS requires organisations to actively manage their data protection responsibilities by establishing, updating and communicating security policies and procedures aligned with the results of regular risk assessments.
Security technologies can only go so far in protecting an organisation and helping maintain compliance. Policies are needed to address the weak link in security: people.
If people don’t know or understand what’s expected of them, they can put cardholder data at risk, regardless of the other security measures you have in place. Policies play an important role in securing data. They are the foundation for everything else as they provide direction and instruction, and assign responsibility.
Join our QSAs to understand how to develop PCI policies, including: