Looking Forward: What to Expect With PCI 4.0

SureCloud
SureCloudSureCloud
What to expect with PCI DSS v4.0
Who’s put this together? Ben Dalton, Sr GRC Technology Consultant • IT security & GRC industry • PCI compliance program at Disney Parks & Resorts www.surecloud.com © 2019 SureCloud. All rights reserved. 2 Craig Moores, CISSP, QSA, Risk Advisory Practice Director • Delivering complex cyber security solutions • PCI DSS, strategic planning and business auditing NCC Group
Agenda • Key Takeaways from the PCI DSS 4.0 Draft • Anticipated Challenges and Opportunities • How to best prepare for a new version of PCI DSS • How SureCloud can help • Q&A: Ask a QSA!
Key Takeaways from the PCI DSS 4.0 Draft • Added flexibility: Defined & customized validation • Updated terminology and clarifications • New requirements • Best practice updates (e.g. authentication) • Meaningful risk assessments • Promoting security as a continuous process www.surecloud.com © 2019 SureCloud. All rights reserved. 4
5 Anticipated Challenges and Opportunities
6 Business Challenges with PCI Compliance Key Points: • More common challenges: • Aligning PCI compliance requirements with business objectives • Ensuring the scope of the CDE is accurate • Maintaining an accurate view of PCI compliance requirements • Communication with key third parties e.g. Acquirers, Customers and Service Providers • New challenges: • Keeping abreast of the threat landscape • Understanding new technologies, particularly around mobile devices and data management • Evolving the compliance program to accommodate new changes in the DSS www.surecloud.com © 2019 SureCloud. All rights reserved.
7 Common Pitfalls… and Opportunities Key Points: • Common pitfalls: • Standalone PCI programs that are disjointed from business processes • Compliance for compliance sake • Broad cardholder data environment scopes based on lack of understanding • Opportunities: • Increased awareness – particularly with regards to cardholder data risks • Better understanding of the business operations and how these support the objectives of the organization • More efficient approach to executing business processes • Embedded security controls that form a more effective business culture www.surecloud.com © 2019 SureCloud. All rights reserved.
8 How to best prepare for a new version of PCI DSS Key Points: • Keep abreast of changes and review the new version of the DSS when it is available! • Ensure the scope of your CDE is accurate • Assess the impact of any changes in requirements that affect your CDE • Update your compliance program! www.surecloud.com © 2019 SureCloud. All rights reserved.
9 How Can SureCloud Help? Whether you represent an organization in the beginning stages of the PCI journey, or if you’re a seasoned PCI veteran and simply need a more efficient way to manage your program, SureCloud’s PCI Compliance Management solution is purpose-built to provide a quick win for your compliance organization. With automated workflow, centralized controls testing and artefact collection, and real-time reporting, SureCloud enhances visibility into your PCI program and can save you time in the process. Don’t hesitate to reach out to us for a demo today! www.surecloud.com © 2019 SureCloud. All rights reserved.
How Can SureCloud Help? PCI Compliance Management Platform
Discover more… Get in touch - @surecloud Benjamin.Dalton@surecloud.com Craig.Moores@surecloud.com contact@surecloud.com Watch the slides with audio here.
1 of 11

Looking Forward: What to Expect With PCI 4.0

Download to read offline
Software

From our webinar - 14th November 2019 Compliance professionals around the world are eagerly awaiting more information about PCI’s latest release to the Data Security Standards: PCI DSS 4.0. During this 30-minute webinar, we will review the timeline of the 4.0 release. Discuss findings from the 2019 RFC period draft release, highlight key changes that are coming with the revised framework, and discuss how SureCloud will help clients navigate these changes.

SureCloud
SureCloudSureCloud

Recommended

Cadre pci by
Cadre pciCadre pci
Cadre pciScott Mcilwaine
201 views1 slide
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION by
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONhimalya sharma
143 views8 slides
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION by
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONhimalya sharma
149 views7 slides
PCI DSS Compliance Checklist by
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance ChecklistControlCase
1.2K views44 slides
PCI DSS and PA DSS Compliance by
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS ComplianceKimberly Simon MBA
674 views31 slides
collateral_datasheet_sungard by
collateral_datasheet_sungardcollateral_datasheet_sungard
collateral_datasheet_sungardCheryl Goldberg
114 views2 slides

More Related Content

What's hot

Spirit of PCI DSS by Dr. Anton Chuvakin by
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinAnton Chuvakin
2.9K views30 slides
PCI presentation by
PCI presentationPCI presentation
PCI presentationMahmoud Salaheldin
335 views15 slides
Docker and Container Compliance by
Docker and Container ComplianceDocker and Container Compliance
Docker and Container ComplianceControlCase
220 views21 slides
PCI DSS v3.0: How to Adapt Your Compliance Strategy by
PCI DSS v3.0: How to Adapt Your Compliance StrategyPCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyAlienVault
4K views37 slides
Performing PCI DSS Assessments Using Zero Trust Principles by
Performing PCI DSS Assessments Using Zero Trust PrinciplesPerforming PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust PrinciplesControlCase
348 views34 slides
PCI PIN Security & Key Management Compliance by
PCI PIN Security & Key Management CompliancePCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management ComplianceControlCase
802 views22 slides

What's hot(20)

Spirit of PCI DSS by Dr. Anton Chuvakin by Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton Chuvakin
Anton Chuvakin2.9K views
PCI presentation by Mahmoud Salaheldin
PCI presentationPCI presentation
PCI presentation
Mahmoud Salaheldin335 views
Docker and Container Compliance by ControlCase
Docker and Container ComplianceDocker and Container Compliance
Docker and Container Compliance
ControlCase220 views
PCI DSS v3.0: How to Adapt Your Compliance Strategy by AlienVault
PCI DSS v3.0: How to Adapt Your Compliance StrategyPCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance Strategy
AlienVault4K views
Performing PCI DSS Assessments Using Zero Trust Principles by ControlCase
Performing PCI DSS Assessments Using Zero Trust PrinciplesPerforming PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust Principles
ControlCase348 views
PCI PIN Security & Key Management Compliance by ControlCase
PCI PIN Security & Key Management CompliancePCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management Compliance
ControlCase802 views
PCI-DSS Compliant Cloud - Design & Architecture Best Practices by HyTrust
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesPCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
HyTrust1.2K views
PCI DSS Compliance Readiness by Al Abbas, PMP, CISSP, MBA, MSc
PCI DSS Compliance ReadinessPCI DSS Compliance Readiness
PCI DSS Compliance Readiness
Al Abbas, PMP, CISSP, MBA, MSc1.1K views
PCI DSS v3 - Protecting Cardholder data by InMobi Technology
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder data
InMobi Technology3.7K views
PCI DSS and Other Related Updates by ControlCase
PCI DSS and Other Related UpdatesPCI DSS and Other Related Updates
PCI DSS and Other Related Updates
ControlCase161 views
TrustedAgent GRC for Public Sector by Tri Phan
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
Tri Phan380 views
FedRAMP Certification & FedRAMP Marketplace by ControlCase
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP Marketplace
ControlCase1.1K views
Veritas Managed Backup Services Sales Presentation by Ideba
Veritas Managed Backup Services Sales PresentationVeritas Managed Backup Services Sales Presentation
Veritas Managed Backup Services Sales Presentation
Ideba815 views
Veritas Managed Backup Services Presentation by Ideba
Veritas Managed Backup Services PresentationVeritas Managed Backup Services Presentation
Veritas Managed Backup Services Presentation
Ideba587 views
PCI DSS Essential Guide by Kim Jensen
PCI DSS Essential GuidePCI DSS Essential Guide
PCI DSS Essential Guide
Kim Jensen5.1K views
Understanding the New PCI DSS Scoping Supplement by SecurityMetrics
Understanding the New PCI DSS Scoping SupplementUnderstanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping Supplement
SecurityMetrics554 views
Managed Services Overview by dcVAST
Managed Services OverviewManaged Services Overview
Managed Services Overview
dcVAST55 views
PCI DSS Business as Usual by ControlCase
PCI DSS Business as UsualPCI DSS Business as Usual
PCI DSS Business as Usual
ControlCase366 views
Security Modelling in ArchiMate by PECB
Security Modelling in ArchiMateSecurity Modelling in ArchiMate
Security Modelling in ArchiMate
PECB 5.2K views
Veritas Managed Enterprise Vault Presentation by Ideba
Veritas Managed Enterprise Vault Presentation Veritas Managed Enterprise Vault Presentation
Veritas Managed Enterprise Vault Presentation
Ideba900 views

Similar to Looking Forward: What to Expect With PCI 4.0

Reducing cardholder data footprint with tokenization and other techniques by
Reducing cardholder data footprint with tokenization and other techniquesReducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniquesVISTA InfoSec
32 views52 slides
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING by
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGhimalya sharma
76 views6 slides
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING by
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGhimalya sharma
440 views6 slides
Looking Forward to PCI DSS v4.0 by
Looking Forward to PCI DSS v4.0Looking Forward to PCI DSS v4.0
Looking Forward to PCI DSS v4.0Kriangkrai Chumsaktrakul
175 views11 slides
Reduce PCI Scope - Maximise Conversion - Whitepaper by
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperShaun O'keeffe
770 views34 slides
PCI-DSS for IDRBT by
PCI-DSS for IDRBTPCI-DSS for IDRBT
PCI-DSS for IDRBTShanmugavel Sankaran
1.6K views46 slides

Similar to Looking Forward: What to Expect With PCI 4.0(20)

Reducing cardholder data footprint with tokenization and other techniques by VISTA InfoSec
Reducing cardholder data footprint with tokenization and other techniquesReducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniques
VISTA InfoSec32 views
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING by himalya sharma
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
himalya sharma76 views
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING by himalya sharma
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
himalya sharma440 views
Looking Forward to PCI DSS v4.0 by Kriangkrai Chumsaktrakul
Looking Forward to PCI DSS v4.0Looking Forward to PCI DSS v4.0
Looking Forward to PCI DSS v4.0
Kriangkrai Chumsaktrakul175 views
Reduce PCI Scope - Maximise Conversion - Whitepaper by Shaun O'keeffe
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - Whitepaper
Shaun O'keeffe770 views
PCI-DSS for IDRBT by Shanmugavel Sankaran
PCI-DSS for IDRBTPCI-DSS for IDRBT
PCI-DSS for IDRBT
Shanmugavel Sankaran1.6K views
How to Centre your PCI Programme Around your Business Objective - SureCloud by SureCloud
How to Centre your PCI Programme Around your Business Objective - SureCloud How to Centre your PCI Programme Around your Business Objective - SureCloud
How to Centre your PCI Programme Around your Business Objective - SureCloud
SureCloud246 views
Webinar - PCI DSS Merchant Levels validations and applicable by VISTA InfoSec
Webinar - PCI DSS Merchant Levels validations and applicableWebinar - PCI DSS Merchant Levels validations and applicable
Webinar - PCI DSS Merchant Levels validations and applicable
VISTA InfoSec42 views
PCI DSSand PA DSS by Kimberly Simon MBA
PCI DSSand PA DSSPCI DSSand PA DSS
PCI DSSand PA DSS
Kimberly Simon MBA1K views
PCI DSS v4 - ControlCase Update Webinar Final.pdf by ControlCase
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdf
ControlCase608 views
Pci dss in retail now and into the future by VisionID
Pci dss in retail now and into the futurePci dss in retail now and into the future
Pci dss in retail now and into the future
VisionID840 views
Secrets for Successful Regulatory Compliance Projects by Christopher Foot
Secrets for Successful Regulatory Compliance ProjectsSecrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance Projects
Christopher Foot472 views
Webinar - pci dss 4.0 updates by VISTA InfoSec
Webinar - pci dss 4.0 updates Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates
VISTA InfoSec425 views
The emerging pci dss and nist standards by Ulf Mattsson
The emerging pci dss and nist standardsThe emerging pci dss and nist standards
The emerging pci dss and nist standards
Ulf Mattsson163 views
PCI DSS and PA DSS Compliance by ControlCase
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS Compliance
ControlCase268 views
Verderber Rothke What’s New With PCI by Ben Rothke
Verderber Rothke What’s New With PCIVerderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCI
Ben Rothke321 views
Hadoop and Financial Services by Cloudera, Inc.
Hadoop and Financial ServicesHadoop and Financial Services
Hadoop and Financial Services
Cloudera, Inc.3.8K views
Cisco Connect 2018 Malaysia - Emerging technologies are game-changers for te... by NetworkCollaborators
Cisco Connect 2018 Malaysia - Emerging technologies are game-changers for te...Cisco Connect 2018 Malaysia - Emerging technologies are game-changers for te...
Cisco Connect 2018 Malaysia - Emerging technologies are game-changers for te...
NetworkCollaborators55 views
PCI DSS | PCI DSS Auditor | PCI DSS Training by himalya sharma
PCI DSS | PCI DSS Auditor | PCI DSS TrainingPCI DSS | PCI DSS Auditor | PCI DSS Training
PCI DSS | PCI DSS Auditor | PCI DSS Training
himalya sharma111 views
PCI DSS | PCI DSS Auditor | PCI DSS Training by himalya sharma
PCI DSS | PCI DSS Auditor | PCI DSS TrainingPCI DSS | PCI DSS Auditor | PCI DSS Training
PCI DSS | PCI DSS Auditor | PCI DSS Training
himalya sharma129 views

Recently uploaded

nintendo_64.pptx by
nintendo_64.pptxnintendo_64.pptx
nintendo_64.pptxpaiga02016
5 views7 slides
DSD-INT 2023 Exploring flash flood hazard reduction in arid regions using a h... by
DSD-INT 2023 Exploring flash flood hazard reduction in arid regions using a h...DSD-INT 2023 Exploring flash flood hazard reduction in arid regions using a h...
DSD-INT 2023 Exploring flash flood hazard reduction in arid regions using a h...Deltares
9 views31 slides
Ports-and-Adapters Architecture for Embedded HMI by
Ports-and-Adapters Architecture for Embedded HMIPorts-and-Adapters Architecture for Embedded HMI
Ports-and-Adapters Architecture for Embedded HMIBurkhard Stubert
21 views19 slides
Fleet Management Software in India by
Fleet Management Software in India Fleet Management Software in India
Fleet Management Software in India Fleetable
11 views1 slide
Keep by
KeepKeep
KeepGeniusee
77 views10 slides
SUGCON ANZ Presentation V2.1 Final.pptx by
SUGCON ANZ Presentation V2.1 Final.pptxSUGCON ANZ Presentation V2.1 Final.pptx
SUGCON ANZ Presentation V2.1 Final.pptxJack Spektor
23 views34 slides

Recently uploaded(20)

nintendo_64.pptx by paiga02016
nintendo_64.pptxnintendo_64.pptx
nintendo_64.pptx
paiga020165 views
DSD-INT 2023 Exploring flash flood hazard reduction in arid regions using a h... by Deltares
DSD-INT 2023 Exploring flash flood hazard reduction in arid regions using a h...DSD-INT 2023 Exploring flash flood hazard reduction in arid regions using a h...
DSD-INT 2023 Exploring flash flood hazard reduction in arid regions using a h...
Deltares9 views
Ports-and-Adapters Architecture for Embedded HMI by Burkhard Stubert
Ports-and-Adapters Architecture for Embedded HMIPorts-and-Adapters Architecture for Embedded HMI
Ports-and-Adapters Architecture for Embedded HMI
Burkhard Stubert21 views
Fleet Management Software in India by Fleetable
Fleet Management Software in India Fleet Management Software in India
Fleet Management Software in India
Fleetable11 views
Keep by Geniusee
KeepKeep
Keep
Geniusee77 views
SUGCON ANZ Presentation V2.1 Final.pptx by Jack Spektor
SUGCON ANZ Presentation V2.1 Final.pptxSUGCON ANZ Presentation V2.1 Final.pptx
SUGCON ANZ Presentation V2.1 Final.pptx
Jack Spektor23 views
ShortStory_qlora.pptx by pranathikrishna22
ShortStory_qlora.pptxShortStory_qlora.pptx
ShortStory_qlora.pptx
pranathikrishna225 views
360 graden fabriek by info33492
360 graden fabriek360 graden fabriek
360 graden fabriek
info33492122 views
.NET Developer Conference 2023 - .NET Microservices mit Dapr – zu viel Abstra... by Marc Müller
.NET Developer Conference 2023 - .NET Microservices mit Dapr – zu viel Abstra....NET Developer Conference 2023 - .NET Microservices mit Dapr – zu viel Abstra...
.NET Developer Conference 2023 - .NET Microservices mit Dapr – zu viel Abstra...
Marc Müller40 views
FOSSLight Community Day 2023-11-30 by Shane Coughlan
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30
Shane Coughlan5 views
Navigating container technology for enhanced security by Niklas Saari by Metosin Oy
Navigating container technology for enhanced security by Niklas SaariNavigating container technology for enhanced security by Niklas Saari
Navigating container technology for enhanced security by Niklas Saari
Metosin Oy14 views
Dev-Cloud Conference 2023 - Continuous Deployment Showdown: Traditionelles CI... by Marc Müller
Dev-Cloud Conference 2023 - Continuous Deployment Showdown: Traditionelles CI...Dev-Cloud Conference 2023 - Continuous Deployment Showdown: Traditionelles CI...
Dev-Cloud Conference 2023 - Continuous Deployment Showdown: Traditionelles CI...
Marc Müller41 views
Airline Booking Software by SharmiMehta
Airline Booking SoftwareAirline Booking Software
Airline Booking Software
SharmiMehta6 views
Software evolution understanding: Automatic extraction of software identifier... by Ra'Fat Al-Msie'deen
Software evolution understanding: Automatic extraction of software identifier...Software evolution understanding: Automatic extraction of software identifier...
Software evolution understanding: Automatic extraction of software identifier...
Ra'Fat Al-Msie'deen9 views
DSD-INT 2023 European Digital Twin Ocean and Delft3D FM - Dols by Deltares
DSD-INT 2023 European Digital Twin Ocean and Delft3D FM - DolsDSD-INT 2023 European Digital Twin Ocean and Delft3D FM - Dols
DSD-INT 2023 European Digital Twin Ocean and Delft3D FM - Dols
Deltares9 views
tecnologia18.docx by nosi6702
tecnologia18.docxtecnologia18.docx
tecnologia18.docx
nosi67025 views
Unlocking the Power of AI in Product Management - A Comprehensive Guide for P... by NimaTorabi2
Unlocking the Power of AI in Product Management - A Comprehensive Guide for P...Unlocking the Power of AI in Product Management - A Comprehensive Guide for P...
Unlocking the Power of AI in Product Management - A Comprehensive Guide for P...
NimaTorabi212 views
FIMA 2023 Neo4j & FS - Entity Resolution.pptx by Neo4j
FIMA 2023 Neo4j & FS - Entity Resolution.pptxFIMA 2023 Neo4j & FS - Entity Resolution.pptx
FIMA 2023 Neo4j & FS - Entity Resolution.pptx
Neo4j8 views
Programming Field by thehardtechnology
Programming FieldProgramming Field
Programming Field
thehardtechnology5 views
Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium... by Lisi Hocke
Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium...Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium...
Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium...
Lisi Hocke35 views

Looking Forward: What to Expect With PCI 4.0

  • 1. What to expect with PCI DSS v4.0
  • 2. Who’s put this together? Ben Dalton, Sr GRC Technology Consultant • IT security & GRC industry • PCI compliance program at Disney Parks & Resorts www.surecloud.com © 2019 SureCloud. All rights reserved. 2 Craig Moores, CISSP, QSA, Risk Advisory Practice Director • Delivering complex cyber security solutions • PCI DSS, strategic planning and business auditing NCC Group
  • 3. Agenda • Key Takeaways from the PCI DSS 4.0 Draft • Anticipated Challenges and Opportunities • How to best prepare for a new version of PCI DSS • How SureCloud can help • Q&A: Ask a QSA!
  • 4. Key Takeaways from the PCI DSS 4.0 Draft • Added flexibility: Defined & customized validation • Updated terminology and clarifications • New requirements • Best practice updates (e.g. authentication) • Meaningful risk assessments • Promoting security as a continuous process www.surecloud.com © 2019 SureCloud. All rights reserved. 4
  • 6. 6 Business Challenges with PCI Compliance Key Points: • More common challenges: • Aligning PCI compliance requirements with business objectives • Ensuring the scope of the CDE is accurate • Maintaining an accurate view of PCI compliance requirements • Communication with key third parties e.g. Acquirers, Customers and Service Providers • New challenges: • Keeping abreast of the threat landscape • Understanding new technologies, particularly around mobile devices and data management • Evolving the compliance program to accommodate new changes in the DSS www.surecloud.com © 2019 SureCloud. All rights reserved.
  • 7. 7 Common Pitfalls… and Opportunities Key Points: • Common pitfalls: • Standalone PCI programs that are disjointed from business processes • Compliance for compliance sake • Broad cardholder data environment scopes based on lack of understanding • Opportunities: • Increased awareness – particularly with regards to cardholder data risks • Better understanding of the business operations and how these support the objectives of the organization • More efficient approach to executing business processes • Embedded security controls that form a more effective business culture www.surecloud.com © 2019 SureCloud. All rights reserved.
  • 8. 8 How to best prepare for a new version of PCI DSS Key Points: • Keep abreast of changes and review the new version of the DSS when it is available! • Ensure the scope of your CDE is accurate • Assess the impact of any changes in requirements that affect your CDE • Update your compliance program! www.surecloud.com © 2019 SureCloud. All rights reserved.
  • 9. 9 How Can SureCloud Help? Whether you represent an organization in the beginning stages of the PCI journey, or if you’re a seasoned PCI veteran and simply need a more efficient way to manage your program, SureCloud’s PCI Compliance Management solution is purpose-built to provide a quick win for your compliance organization. With automated workflow, centralized controls testing and artefact collection, and real-time reporting, SureCloud enhances visibility into your PCI program and can save you time in the process. Don’t hesitate to reach out to us for a demo today! www.surecloud.com © 2019 SureCloud. All rights reserved.
  • 10. How Can SureCloud Help? PCI Compliance Management Platform
  • 11. Discover more… Get in touch - @surecloud Benjamin.Dalton@surecloud.com Craig.Moores@surecloud.com contact@surecloud.com Watch the slides with audio here.