London | Oct 17 2024 | 9:30 am - 5:00 pm

PCI DSS v4.0: Are You Ready?

Name: PCI DSS v4.0: Are You Ready?
Start: 2024-10-17T09:30:00+01:00
End: 2024-10-17T17:00:00+01:00
Location: 2|SEC

March 31st 2025 is fast approaching, you should already have a plan

Hear from leading practitioners about best practice implementation
What does compliance look like under 4.0
What you should be working on first

Join Us To Learn

How to simplify compliance validation
What will a QSA be looking for during an assessment
Why the 'Customised Approach' future-proofs both the standard and your approach to it, and why you’ll never use it
How to stay ahead of the inevitable changes
How to develop Continuous Compliance Validation (CCV) processes through automation

Who Should Attend

CISOs, Information Security Managers, PCI DSS Programme Managers, Card schemes, acquiring banks, merchants, service providers.

Where it's Happening

Tower 42
25 Old Broad Street
London EC2N 1HN United Kingdom

When it's On

Thursday, October 17, 2024
9:30 am - 5:00 pm

Register Today for PCI DSS v4.0: Are You Ready?

Why it's the closest PCI Standard yet to how real security should work
Why The 'Customised Approach' future-proofs both the standard and your approach to it
The real-world impact of the more significant new requirements
Why the project should start now, and what to do first
How to stay ahead of the inevitable changes

Tickets

PCI DSS Workshop

Includes the full-day workshop, as well as networking drinks and canapes after the workshop has wrapped up.

£ 499.00

About the Facilitator

David Froud has 25+ years of experience in areas of Information / Data / Cybersecurity, including Regulatory Compliance, Governance Frameworks, Data Protection / Privacy, and FinTech. As Project Lead for several Fortune / FTSE ‘Enterprise Class’ clients, and many startups, David has performed 100s of on-site security and compliance assessments for merchants and service providers globally. Currently focused on helping organisations unify their security and data protection programs with regulatory compliance regimes including PCI, GDPR & PSD2.

Agenda

09:00	Welcome, tea, coffee, introductions
09:30	Session 1: ‘Does the New Standard Makes Sense? Background and Context’	Subject: The PCI DSS, a Very Slow Evolution Objective: To provide context for the workshop and a little glance into the future. Subject: Is This Where the Standard Should Be? Objective: To understand that the PCI DSS is a bare minimum set of controls, and not always appropriate for your business. Subject: Is the ‘Customised Approach’ Really Such a Radical Change? Objective: Understand when, and most especially IF to use the customised approach.
10:30	Break and Refreshments
10:45	Session 2: New Reporting and Other ‘Innovations’	Subject: Reports on Compliance (RoC) are at a Whole New Level Objective: But this does NOT (necessarily) mean QSA companies should charge more Subject: Your Policy Set is now front and centre Objective: Paperwork vs. internal audit plan. Subject: Overall Impressions and Things to Note Objective: To understand that v4.0 is more than just the Customised Approach and new requirements.
12:15	Lunch
13:15	Session 3: New Requirements – Significant Impact	Subject: Significant New Requirement – What is the True Impact?’ Reqs. 3.2.1 / 3.3.2 – Encryption of Pre-Authorisation Data Req. 3.5.1.1 – PAN Hashing Req. 3.5.1.2 – Disk-Level Encryption Subject: Web-Facing Infrastructure Req. 6.4.2 – Removal of Manual Review of ‘Public-Facing Web Applications’ Req. 6.4.3 – Management of ‘Payment Page Scripts’ Req. 11.6.1 – Change-and-Tamper Detection to HTTP Headers Subject: Vulnerability Management / Incident Response Req. 10.4.1.1 – Automated Log Reviews Req. 10.7.2 / .3 – Failure of Critical Security Control Systems Detection and Response Req. 11.3.1.2 – Credentialed Internal Vulnerability Scans
14:45	Break and Refreshments
15:00	Session 4: Other Notables	Subject: Enhanced and Targeted Risk Assessments Objective: To understand the push towards a far more robust risk management process. Subject: Continuous Compliance Validation Objective: What you should have been doing all along. Subject: So What Now? Session Objective: To understand what to do next. Subject: Discussion, Q&A
17:30	Event close and onto Networking Drinks and Canapes