Straight Talk on PCI - A free seminar

According to VISA, 42% of large and medium-sized US merchants did not reach their respective PCI compliance deadlines.

And while deadlines for merchants are varied based on their partner bank and card associations, one thing is clear: organizations will continue to struggle with PCI compliance - in 2008 and well beyond.

The PCI forum provides tactical advice on how to meet the requirements and integrate PCI into your overall compliance program. We'll explain the forthcoming application security requirements and the steps you need to take now to keep your organization compliant throughout 2008. Attend and receive the latest information on PCI, advice on how to meet today's PCI compliance challenges, including when implementing compensating controls is sufficient, and how to prepare for the possible changes to come.

Admission is FREE but seating is limited. Apply today.

Session 1: How to Comply With PCI Today and Prepare for PCI Compliance Tomorrow

Compliance is a necessity for all organizations in the payment process, but how far do merchants need to go in addressing PCI requirements? In this session, Diana Kelley and Ed Moyle partners at SecurityCurve, walk you through the payment lifecycle and the role that issues, acquirers, merchants and service providers play. They outline the history of the technical and compliance programs, and provide an overview of the 12 requirements of PCI DSS. Return to the office with straight answers to the following questions:

Who has to comply with PCI DSS?
Which companies have to validate the requirements?
How do they validate it?
What does the process entail?
How do you prepare today for future PCI requirements?

Session 2: The PCI Audit: Scope, Zoning, and Requirements 1-6

In this session, Ed Moyle and Diana Kelley review the first six requirements for PCI while showing you how to set the appropriate scope for a compliance assessment. Learn strategies for defining physical and technical boundaries that help reduce the scope of PCI assessment, saving time, energy and resources.

They explain how to institute a preliminary gap analysis to show where you might be deficient in your audit and how to use the results of the gap analysis to locate potential compensating controls. Save your company money by understanding when implementing compensating controls is sufficient for achieving compliance and when purchasing new solutions is necessary. Review the documentation, procedural and technical implementations for each of the first six requirements:

Requirement 1: Firewalls
Requirement 2: Vendor-supplied defaults
Requirement 3: Protect stored data
Requirement 4: Network encryption
Requirement 5: Anti-virus software
Requirement 6: Develop and Maintain Secure Systems and Applications

Session 3: PCI Compliance Strategy Panel

In this session we'll get the perspective of industry vendor experts who advise numerous customers on how to tactically solve compliance challenges. Panelists are joined by seminar speakers/moderators to explore how to leverage IT security tools to address business compliance imperatives. Topics include:

From the front lines: Vendors relate common customer problems and solutions via case studies
Tips on how to select the right solutions for your enterprise without breaking the bank
The process of "continuous improvement" - how to get better at compliance over time
Technology must-haves for all security-focused PCI compliance tools

Session 4: Researching PCI: Statistics to help you remain secure while hitting your compliance requirements

David Taylor, president, PCI Alliance and founder, PCI Knowledge Base, has conducted over 100 hours of in-depth, independent interviews with PCI stakeholders; including, merchants involved with PCI compliance initiatives, certified PCI assessors, and security technologists. In this session, David Taylor presents the results of this research and explains the role of PCI compliance in the overall business and technical environments. Taylor reveals best practices on achieving PCI based on the success and failures of those merchants currently involved in PCI initiatives.

Session 5: The PCI Audit: Requirements 7-12

Ed Moyle and Diana Kelley continue assessment of the PCI audit and its requirements by reviewing requirements 7-12. They show you the documentation, procedural and technical implementations for these requirements and conclude with a list of top recommendations for successfully meeting PCI.

Requirement 7: Restrict Access to Cardholder Data
Requirement 8: Authorization and Authentication
Requirement 9: Restrict Physical Access
Requirement 10: Track Access
Requirement 11: Test Security Systems and Processes
Requirement 12: Policy
Recommendations for success

Click here to register.

Or call Annabelle Bozin at 508-621-5530 to reserve your seat today.

Giveaways

Along with receiving expert advice, free breakfast and lunch, all related seminar materials and a complete PowerPoint presentation with all our speakers' notes and slides, you'll also have the chance to return home with a Olympus Stylus Digital Camera and a Garmin GPS when you attend!