PCI DSS the Trilogy – Adapting Compliance Strategies to Version 3

No ratings

Presented at AusCERT 2014 by

Pierre Tagle

With version 3.0 of the PCI Data Security Standard (PCI DSS) now released, companies are trying to understand what the new standard means for them. All companies that process, transmit and/or store cardholder data (CHD) need to comply with PCI DSS. Many companies have invested considerable time and resources to comply with PCI DSS version 2.0. Version 3.0 of the standard is now in effect but companies have until the end of 2014 to migrate/adapt their compliance programs to meet the updated requirements. This presentation seeks to provide an overview of how to review the compliance strategies in order to meet the requirements of the new standard. For companies who are compliant with PCI DSS version 2.0, this presentation identifies the key areas where existing compliance programs need review. Similarly, for companies working on their compliance strategies currently mapped against version 2.0 requirements need to understand where adjustments may be required. During this presentation, the following topics will be covered: PCI DSS evolution from version 1.0 to 3.0 What is new with PCI DSS v3.0? Classifying the type of changes in PCI DSS v3.0 Technology considerations in PCI DSS v3.0 Process consideration in PCI DSS v3.0 Documentation considerations in PCI DSS v3.0 Adapting existing compliance strategies Simplifying compliance and managing real risks Maintaining compliance - pitfalls of compliance driven security Integrating PCI DSS into a Security Framework – security driven compliance