PCI DSS Myths 2010: Why Are They STILL Alive by Dr. Anton ChuvakinAnton Chuvakin
“PCI DSS Myths: Why Are They Still Alive?” by Anton Chuvakin
The presentation will cover PCI DSS-related myths and misconceptions that are sadly common among organizations dealing with PCI DSS challenges and payment security. Myths related to technical and process side of PCI, self-assessment and audits as well as PCI validation requirements will be discussed. The information will be useful to all organizations dealing with credit card information and thus struggling with PCI DSS mandates.
With voice at: http://www.brighttalk.com/webcast/6495
PCI DSS Myths 2009: Fiction and Reality
The presentation will cover PCI DSS-related myths and misconceptions that are common among some organizations dealing with PCI DSS challenges. Myths related to technical and process side of PCI, self-assessment and audits as well as PCI validation requirements will be discussed.
The information will be useful to all organizations dealing with credit card information and thus struggling with PCI DSS mandates
A do-it-yourself guide to protecting your digital assets and planning for the future.
Learn how to-
·Back up your private keys
·Store your digital assets
·Upgrade to two-factor authentication
·Estate planning for digital assets
An exploration of the cyber security market factors that lend to pervasive issues with hyperbole and feelings of broken trust across the various participants. Much is left off the slide & was covered in narrative at a recent OWASP LA meetup, original done for B-Sides LV.
Reducing cardholder data footprint with tokenization and other techniquesVISTA InfoSec
PCI DSS Compliance can be very challenging for businesses, especially when they are expected to meet the stringent standard requirements. They are constantly under the pressure of being compliant and struggle to keep up with the compliance challenges. Addressing this challenge, VISTA InfoSec hosted a very informative webinar on “Reducing Cardholder Data Footprint with Tokenization and other Techniques” that provides details on various techniques to reduce the scope of compliance. The webinar highlights different techniques that can be implemented to reduce the scope of Compliance by limiting the Cardholder Data footprint in the environment.
If you find this video interesting and wish to learn more about different techniques or have any queries regarding the same, then do drop us a comment in the comment section below. We would be more than happy to educate you on it and clear all your doubts. You can subscribe to our channel for more videos on Information Security and Compliance Standards. Do like, share, and comment on our video, if you find it informative and useful to you.
Are you into programming or with STEM education? Congratulations. You are safe for now. "Understanding how to program will always be useful"- Bill Gates. But when you think about machine learning, automation, bots and artificial intelligence (AI) do you think being a geek will be enough to create a better world and help organizations prosper? By working with businesses on their digital strategy and advanced analytics, we see a consistent pattern that just having technical skills is no longer enough. Combining these skills with a consultative approach and emotional intelligence however, is extremely powerful and the secret sauce to long term success. Join us and learn how to interplay technical and strategic skills to create success and long term gains in AI-first world.
PCI DSS Myths 2010: Why Are They STILL Alive by Dr. Anton ChuvakinAnton Chuvakin
“PCI DSS Myths: Why Are They Still Alive?” by Anton Chuvakin
The presentation will cover PCI DSS-related myths and misconceptions that are sadly common among organizations dealing with PCI DSS challenges and payment security. Myths related to technical and process side of PCI, self-assessment and audits as well as PCI validation requirements will be discussed. The information will be useful to all organizations dealing with credit card information and thus struggling with PCI DSS mandates.
With voice at: http://www.brighttalk.com/webcast/6495
PCI DSS Myths 2009: Fiction and Reality
The presentation will cover PCI DSS-related myths and misconceptions that are common among some organizations dealing with PCI DSS challenges. Myths related to technical and process side of PCI, self-assessment and audits as well as PCI validation requirements will be discussed.
The information will be useful to all organizations dealing with credit card information and thus struggling with PCI DSS mandates
A do-it-yourself guide to protecting your digital assets and planning for the future.
Learn how to-
·Back up your private keys
·Store your digital assets
·Upgrade to two-factor authentication
·Estate planning for digital assets
An exploration of the cyber security market factors that lend to pervasive issues with hyperbole and feelings of broken trust across the various participants. Much is left off the slide & was covered in narrative at a recent OWASP LA meetup, original done for B-Sides LV.
Reducing cardholder data footprint with tokenization and other techniquesVISTA InfoSec
PCI DSS Compliance can be very challenging for businesses, especially when they are expected to meet the stringent standard requirements. They are constantly under the pressure of being compliant and struggle to keep up with the compliance challenges. Addressing this challenge, VISTA InfoSec hosted a very informative webinar on “Reducing Cardholder Data Footprint with Tokenization and other Techniques” that provides details on various techniques to reduce the scope of compliance. The webinar highlights different techniques that can be implemented to reduce the scope of Compliance by limiting the Cardholder Data footprint in the environment.
If you find this video interesting and wish to learn more about different techniques or have any queries regarding the same, then do drop us a comment in the comment section below. We would be more than happy to educate you on it and clear all your doubts. You can subscribe to our channel for more videos on Information Security and Compliance Standards. Do like, share, and comment on our video, if you find it informative and useful to you.
Are you into programming or with STEM education? Congratulations. You are safe for now. "Understanding how to program will always be useful"- Bill Gates. But when you think about machine learning, automation, bots and artificial intelligence (AI) do you think being a geek will be enough to create a better world and help organizations prosper? By working with businesses on their digital strategy and advanced analytics, we see a consistent pattern that just having technical skills is no longer enough. Combining these skills with a consultative approach and emotional intelligence however, is extremely powerful and the secret sauce to long term success. Join us and learn how to interplay technical and strategic skills to create success and long term gains in AI-first world.
This presentation covers PCI DSS-related myths and misconceptions that are common among some merchants and other organizations dealing with PCI DSS challenges. Mistakes related to technical and process side of PCI, self-assessment and audits as well as PCI validation requirements will be discussed. The information will be useful to all merchants dealing with credit card information and thus struggling with PCI DSS mandates.
In this paper we look at common PCI DSS myths and misconceptions. We will also dispel those myths and provide a few useful tips on approaching to PCI DSS.
Credit Card Processing and Information Security: What You Need to Know
Do you take payments by credit card, or do any of your clients? SofTECH member and information security consultant Hugh Deura discusses the security regulations (called PCI) surrounding credit card processing. He’ll explain the objectives of the existing regulations, and the practical steps businesses must take in order to comply.
His discussion covers the 12 Myths of PCI compliance, along with the 12 Facts that set those myths straight.
Hugh Deura has over 10 years of experience in information security and compliance. Hugh's blogs at DeuraInfoSec and helps clients comply with industry standards and regulations to succeed in information security with due diligence.
Deura Information Security (DISC) was established in North Bay (Petaluma) California in 2002 and provides services in security risk assessment, designing new controls, and remediation processes to help businesses comply with industry regulations and standards.
PCI Compliance - How To Keep Your Business Safe From Credit Card CriminalsFit Small Business
Cyber criminals are shifting their focus to target smaller businesses that accept credit card payments, which means your business could be next. With 60% of small businesses going under within 6 months of being breached, the cyber security and PCI compliance of your business should be one of your top priorities. - See more at: http://fitsmallbusiness.com/pci-compliance-for-small-businesses/#sthash.ex1SwoaB.dpuf
Regulatory Compliance can cause poor decision making when it comes to security. Too often technology purchases are driven by a desire to make compliance 'go away', but this can actually cause MORE problems than it solves.
Spirit of PCI DSS by Dr. Anton Chuvakin
PCI compliance is seen by many merchants as “a checklist exercise” which is disconnected from reducing their fraud costs, security risks and other losses. It is sometimes perceived as a painful exercise in futility, enforced by some “higher powers” who don’t care about merchants. This presentation will discuss how to bring back the real spirit of PCI DSS, the spirit of data security, risk reduction and trustworthy business transactions. It will discuss, in particular, how to use the controls of PCI DSS to protect your business from online threats and highly damaging hacker attacks. Moreover, focusing on the spirit of PCI DSS will help merchants to both simplify compliance and improve security, while protecting their customers and their sensitive data and keeping acquirers and brands happy.
What PCI DSS Taught Us About Security by Dr. Anton ChuvakinAnton Chuvakin
... aka “Teachings of Don PCI”
Presentation title: What PCI DSS Taught Us About Security
Brief abstract: This presentation will derive some useful lessons from our industry experience with PCI DSS. Organization can use these lessons to improve their security programs and reduce risk as well.
PCI Compliance Myths, Reality and Solutions for RetailInDefense Security
Is this presentation,we discuss common misconceptions and myths that many retailers have about their PCI-DSS Compliance Obligations as well as share available solutions how to achieve and maintain PCI Compliance. Also, we outline many cyber security solutions that address certain objectives within the PCI Compliance requirements.
For additional info, visit https://indefensesecurity.com
Maintaining, verifying, and demonstrating compliance with the PCI-DSS standard is far from a trivial exercise. Find out how AlienVault USM can help you meet PCI compliance requirements.
PCI DSS Simplified: What You Need to KnowAlienVault
Maintaining, verifying, and demonstrating PCI DSS compliance is far from a trivial exercise. Those 12 requirements often translate into a lot of manual and labor-intensive tasks – chasing down discrepancies in asset inventory spreadsheets, removing false positives from network vulnerability assessment reports, and weeding through log data trying to make sense of it all. In fact, you may need to consult at least a dozen different tools for those dozen requirements.
Thankfully, there’s a simpler alternative. AlienVault Unified Security Management (USM) consolidates the five essential capabilities you need for PCI DSS compliance. As a nearly complete PCI compliance solution, AlienVault’s USM delivers the security visibility you need in a single pane-of-glass. And it solves more than the single purpose PCI DSS compliance software alternatives do. During this webcast, you will learn how to:
Achieve, demonstrate and maintain PCI DSS compliance
Consolidate and simplify SIEM, log management, vulnerability assessment, IDS, and file integrity monitoring in a single platform
Implement effective incident response with emerging threat intelligence
Plus, you'll see how quickly and easily you can simplify and accelerate PCI DSS compliance. Register Now to secure your spot.
Payment account data security – PCI DSSsocassurance
PCI DSS audit is the Payment Card Industry Data Security Standard. it enhances payment account data security controls and processes. For more information, visit the website.
Future of SOC: More Security, Less OperationsAnton Chuvakin
"Future of SOC: More Security, Less Operations" was originally presented by Dr Anton Chuvakin in March 2024 at a virtual conference in Finland
The future of SOC looks less like its past. AI is part of the future, but engineering-led approach to SOC is more critical
Detection and Response of the future will be more heavily automated
SOC Meets Cloud: What Breaks, What Changes, What to Do?Anton Chuvakin
SOC Meets Cloud: What Breaks, What Changes, What to Do?
originally presented at Mandiant mWise 2023 by Dr Anton Chuvakin of Google Cloud Office of the CISO
Cloud changes everything (does it though?), including how we do threat detection and incident response in the SOC. As we continue to transform our attack surfaces, how do we make sure our detection and response are done "the cloud way"? There were also cases where both business and IT migrated to the cloud, but security was left behind and had to approach cloud challenges with on-premise tools and practices. How should a SOC born before cloud deal with cloud? What to watch for? What changes? What breaks? What stays the same?
More Related Content
Similar to PCI DSS: Myths, Mistakes, Misconceptions 2009 - TEASER Version
This presentation covers PCI DSS-related myths and misconceptions that are common among some merchants and other organizations dealing with PCI DSS challenges. Mistakes related to technical and process side of PCI, self-assessment and audits as well as PCI validation requirements will be discussed. The information will be useful to all merchants dealing with credit card information and thus struggling with PCI DSS mandates.
In this paper we look at common PCI DSS myths and misconceptions. We will also dispel those myths and provide a few useful tips on approaching to PCI DSS.
Credit Card Processing and Information Security: What You Need to Know
Do you take payments by credit card, or do any of your clients? SofTECH member and information security consultant Hugh Deura discusses the security regulations (called PCI) surrounding credit card processing. He’ll explain the objectives of the existing regulations, and the practical steps businesses must take in order to comply.
His discussion covers the 12 Myths of PCI compliance, along with the 12 Facts that set those myths straight.
Hugh Deura has over 10 years of experience in information security and compliance. Hugh's blogs at DeuraInfoSec and helps clients comply with industry standards and regulations to succeed in information security with due diligence.
Deura Information Security (DISC) was established in North Bay (Petaluma) California in 2002 and provides services in security risk assessment, designing new controls, and remediation processes to help businesses comply with industry regulations and standards.
PCI Compliance - How To Keep Your Business Safe From Credit Card CriminalsFit Small Business
Cyber criminals are shifting their focus to target smaller businesses that accept credit card payments, which means your business could be next. With 60% of small businesses going under within 6 months of being breached, the cyber security and PCI compliance of your business should be one of your top priorities. - See more at: http://fitsmallbusiness.com/pci-compliance-for-small-businesses/#sthash.ex1SwoaB.dpuf
Regulatory Compliance can cause poor decision making when it comes to security. Too often technology purchases are driven by a desire to make compliance 'go away', but this can actually cause MORE problems than it solves.
Spirit of PCI DSS by Dr. Anton Chuvakin
PCI compliance is seen by many merchants as “a checklist exercise” which is disconnected from reducing their fraud costs, security risks and other losses. It is sometimes perceived as a painful exercise in futility, enforced by some “higher powers” who don’t care about merchants. This presentation will discuss how to bring back the real spirit of PCI DSS, the spirit of data security, risk reduction and trustworthy business transactions. It will discuss, in particular, how to use the controls of PCI DSS to protect your business from online threats and highly damaging hacker attacks. Moreover, focusing on the spirit of PCI DSS will help merchants to both simplify compliance and improve security, while protecting their customers and their sensitive data and keeping acquirers and brands happy.
What PCI DSS Taught Us About Security by Dr. Anton ChuvakinAnton Chuvakin
... aka “Teachings of Don PCI”
Presentation title: What PCI DSS Taught Us About Security
Brief abstract: This presentation will derive some useful lessons from our industry experience with PCI DSS. Organization can use these lessons to improve their security programs and reduce risk as well.
PCI Compliance Myths, Reality and Solutions for RetailInDefense Security
Is this presentation,we discuss common misconceptions and myths that many retailers have about their PCI-DSS Compliance Obligations as well as share available solutions how to achieve and maintain PCI Compliance. Also, we outline many cyber security solutions that address certain objectives within the PCI Compliance requirements.
For additional info, visit https://indefensesecurity.com
Maintaining, verifying, and demonstrating compliance with the PCI-DSS standard is far from a trivial exercise. Find out how AlienVault USM can help you meet PCI compliance requirements.
PCI DSS Simplified: What You Need to KnowAlienVault
Maintaining, verifying, and demonstrating PCI DSS compliance is far from a trivial exercise. Those 12 requirements often translate into a lot of manual and labor-intensive tasks – chasing down discrepancies in asset inventory spreadsheets, removing false positives from network vulnerability assessment reports, and weeding through log data trying to make sense of it all. In fact, you may need to consult at least a dozen different tools for those dozen requirements.
Thankfully, there’s a simpler alternative. AlienVault Unified Security Management (USM) consolidates the five essential capabilities you need for PCI DSS compliance. As a nearly complete PCI compliance solution, AlienVault’s USM delivers the security visibility you need in a single pane-of-glass. And it solves more than the single purpose PCI DSS compliance software alternatives do. During this webcast, you will learn how to:
Achieve, demonstrate and maintain PCI DSS compliance
Consolidate and simplify SIEM, log management, vulnerability assessment, IDS, and file integrity monitoring in a single platform
Implement effective incident response with emerging threat intelligence
Plus, you'll see how quickly and easily you can simplify and accelerate PCI DSS compliance. Register Now to secure your spot.
Payment account data security – PCI DSSsocassurance
PCI DSS audit is the Payment Card Industry Data Security Standard. it enhances payment account data security controls and processes. For more information, visit the website.
Future of SOC: More Security, Less OperationsAnton Chuvakin
"Future of SOC: More Security, Less Operations" was originally presented by Dr Anton Chuvakin in March 2024 at a virtual conference in Finland
The future of SOC looks less like its past. AI is part of the future, but engineering-led approach to SOC is more critical
Detection and Response of the future will be more heavily automated
SOC Meets Cloud: What Breaks, What Changes, What to Do?Anton Chuvakin
SOC Meets Cloud: What Breaks, What Changes, What to Do?
originally presented at Mandiant mWise 2023 by Dr Anton Chuvakin of Google Cloud Office of the CISO
Cloud changes everything (does it though?), including how we do threat detection and incident response in the SOC. As we continue to transform our attack surfaces, how do we make sure our detection and response are done "the cloud way"? There were also cases where both business and IT migrated to the cloud, but security was left behind and had to approach cloud challenges with on-premise tools and practices. How should a SOC born before cloud deal with cloud? What to watch for? What changes? What breaks? What stays the same?
Meet the Ghost of SecOps Future by Anton ChuvakinAnton Chuvakin
Meet the Ghost of SecOps Future by Anton Chuvakin
Meet the Ghost of SecOps Future
Today’s SOC has an increasingly difficult job protecting growing and expanding organizations. The landscape is changing and the SOC needs to change with the times or risk falling behind the evolution of business, IT, and threats.
But you have choices! Your future fate is not set in stone and can be changed: some optimize what they have without drastic upheaval, while others choose to truly transform their detection and response.
Join us as we show you a vision of what the SOC will look like in the near future and how to choose the best course of action today.
Originally aired at https://cloudonair.withgoogle.com/events/2023-dec-security-talks
Video https://youtu.be/KbQbuFAPY2c?si=0llv1v_CkVtvsyms
SOC Lessons from DevOps and SRE by Anton ChuvakinAnton Chuvakin
SOC Lessons from DevOps and SRE by Dr Anton Chuvakin - RSA 2023 Google Cloud sideshow presentation focused on using select DevOps and SRE lessons to make your SOC better
20 years of SIEM was prepared for the SANS webinar https://www.sans.org/webcasts/anton-chuvakin-discusses-20-years-of-siem-what-s-next/ and offers Anton's reflection on SIEM past and future
10X SOC - SANS Blue Summit Keynote 2021 - Anton ChuvakinAnton Chuvakin
Can We REALLY 10X the SOC? by Dr Anton Chuvakin
Many organizations promise to transform your security operations center (SOC) with technology, advice or their personnel. However, what does it take to really transform your SOC to be ready for future threats? Is this an impossible problem? Is this something that can be only done by well funded organizations? Let's explore these and other questions in this talk.
https://www.sans.org/cyber-security-training-events/blue-team-summit-2021/#agenda
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
End-User Case Study: Five Best and Five Worst Practices for SIEM
Implementing SIEM sounds straightforward, but reality sometimes begs to differ. In this session, Dr.
Anton Chuvakin will share the five best and worst practices for implementing SIEM as part of security
monitoring and intelligence. Understanding how to avoid pitfalls and create a successful SIEM
implementation will help maximize security and compliance value, and avoid costly obstacles,
inefficiencies, and risks
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
End-User Case Study: Five Best and Five Worst Practices for SIEM
Implementing SIEM sounds straightforward, but reality sometimes begs to differ. In this session, Dr.
Anton Chuvakin will share the five best and worst practices for implementing SIEM as part of security
monitoring and intelligence. Understanding how to avoid pitfalls and create a successful SIEM
implementation will help maximize security and compliance value, and avoid costly obstacles,
inefficiencies, and risks
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
2. M1 - PCI just doesn’t apply to us …
Myth: PCI just doesn’t apply to us,
because…
• “… we are small, a University, don‟t do
e-commerce, outsource “everything”,
not permanent entity, etc”
Reality: PCI DSS DOES apply to you if you “accept,
capture, store, transmit or process credit and debit
card data”, no exceptions!
At some point, your acquirer will make it clear to you!
2
3. M2 - PCI is confusing
Myth: PCI is confusing and not specific!
• “We don‟t know what to do, who to ask,
what exactly to change”
• “Just give us a checklist and we will do
it. Promise!”
Reality: PCI DSS documents explain both what
to do and how to validate it; take some time
to read it.
Whether you get it now, you will need to do it
later. Otherwise, data and $ loss is yours!
3
4. M3 - PCI is too hard
Myth: PCI is too hard …
• “… too expensive, too complicated, too
burdensome, too much for a small
business, too many technologies or even
unreasonable”
Reality: PCI DSS is basic, common sense, baseline security
practice; it is only hard if you were not doing it before.
It is no harder than running your business or IT – and you‟ve
been doing it!
4
5. M4 - Breaches prove PCI irrelevant
Myth: Recent breaches prove PCI irrelevant
• “We read that „media and pundits agree –
massive data losses “prove” PCI
irrelevant‟”
Reality: Data breaches prove that basic PCI DSS security is
not enough, but you have to start from the basics.
PCI is actually easier to understand than other advanced
security and risk matters. Start there!
5
6. M5 – PCI is Easy: Just Say “YES”
Myth: PCI is easy: we just have to “say Yes”
on SAQ and “get scanned”
• “What do we need to do - get a scan and
answer some questions? Sure!‟”
• “PCI is about scanning and questionnaires”
Reality: Not exactly - you need to:
a) Get a scan – and then resolve the vulnerabilities found
b) Do the things that the questions refer to – and prove it
c) Keep doing a) and b) forever!
6
7. M6 – My tool is PCI compliant
Myth: My network, application, tool is PCI
compliant
• “The vendor said the tool is „PCI
compliant‟”
• “My provider is compliant, thus I am too”
• “I use PA-DSS tools, thus I am PCI OK”
Reality: There is no such thing as “PCI compliant tool,
network”, PCI DSS compliance applies to organizations.
PCI DSS combines technical AND process, policy,
management issues; awareness and practices as well.
7
8. M7 – PCI Is Enough Security
Myth: PCI is all we need to do for
security
• “We are secure, we got PCI!”
• “We worked hard and we passed an
„audit‟; now we are secure!”
Reality: PCI is basic security, it is a necessary baseline,
but NOT necessarily enough.
PCI is also about cardholder data security, not the rest of
private data, not your intellectual property, not SSNs, etc.
It also covers confidentiality, and NOT integrity and
availability of data. There is more to security than PCI!
8
9. M8 – PCI DSS Is Toothless
Myth: Even if breached and also found
non-compliant, our business will not
suffer.
• “We read that companies are breached
and then continue being profitable; so
why should we care?”
Reality: Possible fines + lawsuits + breach disclosure costs
+ investigation costs + CC rate increases + contractual
breaches + cost of more security measures + cost of credit
monitoring = will you risk ALL that?
9
10. Summary: Eight Common PCI Myths
1. PCI just doesn’t apply to us,
because…
2. PCI is confusing and not specific!
3. PCI is too hard
4. Recent breaches prove PCI irrelevant
5. PCI is easy: we just have to “say Yes”
on SAQ and “get scanned”
6. My network, application, tool is PCI
compliant
7. PCI is all we need to do for security!
8. Even if breached and then found non-
compliant, our business will not
suffer
10
11. PCI Compliance for Dummies
More information?
Read “PCI Compliance
for Dummies”
Get as much information as you can
about PCI and how it relates to your
organization!
11