Loading Events

London | Nov 21 2024 | 9:30 am - 5:00 pm

PCI DSS v4.0: Are You Ready?

March 31st 2025 is fast approaching, you should already have a plan

  • Hear from leading practitioners about best practice implementation
  • What does compliance look like under 4.0
  • What you should be working on first
  • This event has passed.

Join Us To Learn

  • How to simplify compliance validation
  • What will a QSA be looking for during an assessment
  • Why the 'Customised Approach' future-proofs both the standard and your approach to it, and why you’ll never use it
  • How to stay ahead of the inevitable changes
  • How to develop Continuous Compliance Validation (CCV) processes through automation

Who Should Attend

CISOs, Information Security Managers, PCI DSS Programme Managers, Card schemes, acquiring banks, merchants, service providers.

Where it's Happening

  • Tower 42
  • 25 Old Broad Street
  • London EC2N 1HN United Kingdom

When it's On

  • Thursday, November 21, 2024
  • 9:30 am - 5:00 pm

Register Today for PCI DSS v4.0: Are You Ready?

  • Why it's the closest PCI Standard yet to how real security should work
  • Why The 'Customised Approach' future-proofs both the standard and your approach to it
  • The real-world impact of the more significant new requirements
  • Why the project should start now, and what to do first
  • How to stay ahead of the inevitable changes

Tickets

The numbers below include tickets for this event already in your cart. Clicking "Get Tickets" will allow you to edit any existing attendee information as well as change ticket quantities.
Tickets are no longer available

About the Facilitator

David Froud has 25+ years of experience in areas of Information / Data / Cybersecurity, including Regulatory Compliance, Governance Frameworks, Data Protection / Privacy, and FinTech. As Project Lead for several Fortune / FTSE ‘Enterprise Class’ clients, and many startups, David has performed 100s of on-site security and compliance assessments for merchants and service providers globally. Currently focused on helping organisations unify their security and data protection programs with regulatory compliance regimes including PCI, GDPR & PSD2.

Agenda

09:00 Welcome, tea, coffee, introductions
09:30 Session 1: ‘Does the New Standard Makes Sense? Background and Context’

Subject: The PCI DSS, a Very Slow Evolution
Objective: To provide context for the workshop and a little glance into the future.

Subject: Is This Where the Standard Should Be?
Objective: To understand that the PCI DSS is a bare minimum set of controls, and not always appropriate for your business.

Subject: Is the ‘Customised Approach’ Really Such a Radical Change?
Objective: Understand when, and most especially IF to use the customised approach.

10:30 Break and Refreshments
10:45 Session 2: New Reporting and Other ‘Innovations’

Subject: Reports on Compliance (RoC) are at a Whole New Level
Objective: But this does NOT (necessarily) mean QSA companies should charge more

Subject: Your Policy Set is now front and centre
Objective: Paperwork vs. internal audit plan.

Subject: Overall Impressions and Things to Note
Objective: To understand that v4.0 is more than just the Customised Approach and new requirements.

12:15 Lunch
13:15 Session 3: New Requirements – Significant Impact

Subject: Significant New Requirement – What is the True Impact?’

Reqs. 3.2.1 / 3.3.2 – Encryption of Pre-Authorisation Data
Req. 3.5.1.1 – PAN Hashing
Req. 3.5.1.2 – Disk-Level Encryption

Subject: Web-Facing Infrastructure

Req. 6.4.2 – Removal of Manual Review of ‘Public-Facing Web Applications’
Req. 6.4.3 – Management of ‘Payment Page Scripts’
Req. 11.6.1 – Change-and-Tamper Detection to HTTP Headers

Subject: Vulnerability Management / Incident Response

Req. 10.4.1.1 – Automated Log Reviews
Req. 10.7.2 / .3 – Failure of Critical Security Control Systems Detection and Response
Req. 11.3.1.2 – Credentialed Internal Vulnerability Scans

14:45 Break and Refreshments
15:00 Session 4: Other Notables

Subject: Enhanced and Targeted Risk Assessments
Objective: To understand the push towards a far more robust risk management process.

Subject: Continuous Compliance Validation
Objective: What you should have been doing all along.

Subject: So What Now?
Session Objective: To understand what to do next.

Subject: Discussion, Q&A

17:30 Event close and onto Networking Drinks and Canapes

Scroll to Top