Free webinar demystifies PCI DSS v3.0 changes
ELY, UK, November 20, 2013 /EINPresswire.com/ -- IT Governance3, the leading PCI QSA service provider, has announced that they will be hosting a free webinar on PCI DSS v3.0 on 26th November at 15:00 GMT. The webinar, led by QSA expert Geraint Williams will provide an essential overview of the new changes made to the 12 requirements of the PCI DSS. Register here: www.itgovernance.co.uk/Maintaining-PCI-DSS-and-the-complexities-of-v3.aspx.
PCI DSS v 3.0 will become applicable on 1st January 2014; however there will be a 12 month grace period which will provide companies with plenty of time to meet the requirements of the new version.
Geraint Williams, PCI QSA and CREST-registered Tester, commented on the new version:
“Making payment card security part of ‘business as usual’ is one of the most significant changes to the new version.
“A logical way to achieve this is by implementing an Information Security Management System (ISMS) which is also compliant with ISO27001 – the information security standard. Although requirement 12 of the PCI DSS v3.0 doesn’t explicitly ask for an ISO27001-based ISMS, aligning the latter to this international standard will make security integral part of the business helping organisations to increase data protection and ensure effectiveness of processes.”
The new version of the standard includes modifications to the rules on penetration testing2, service provider responsibilities, password and credential requirements, security awareness, malware detection and change management, among others.
Williams continues, “The new version calls for more rigorous penetration testing. In addition to the existing mandated quarterly assessments by an approved scanning vendor, PCI DSS v3.0 now necessitates that organisations implement a penetration testing methodology to verify the cardholder data environment (CDE) is properly segmented from other networks.”
Williams is also the trainer for the PCI DSS Foundation1 and PCI DSS Implementation and Maintenance training course.
IT Governance Ltd is a PCI QSA company and has a track record of helping many organisations comply with PCI DSS. The company can be contacted on +44 (0) 845 070 1750 or by email at servicecentre@itgovernance.co.uk.
- Ends -
NOTES TO EDITORS
IT Governance Ltd is the single-source provider of books, tools, training and consultancy for IT governance, risk management and compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is ‘non-geek’, approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.
PCI DSS v 3.0 will become applicable on 1st January 2014; however there will be a 12 month grace period which will provide companies with plenty of time to meet the requirements of the new version.
Geraint Williams, PCI QSA and CREST-registered Tester, commented on the new version:
“Making payment card security part of ‘business as usual’ is one of the most significant changes to the new version.
“A logical way to achieve this is by implementing an Information Security Management System (ISMS) which is also compliant with ISO27001 – the information security standard. Although requirement 12 of the PCI DSS v3.0 doesn’t explicitly ask for an ISO27001-based ISMS, aligning the latter to this international standard will make security integral part of the business helping organisations to increase data protection and ensure effectiveness of processes.”
The new version of the standard includes modifications to the rules on penetration testing2, service provider responsibilities, password and credential requirements, security awareness, malware detection and change management, among others.
Williams continues, “The new version calls for more rigorous penetration testing. In addition to the existing mandated quarterly assessments by an approved scanning vendor, PCI DSS v3.0 now necessitates that organisations implement a penetration testing methodology to verify the cardholder data environment (CDE) is properly segmented from other networks.”
Williams is also the trainer for the PCI DSS Foundation1 and PCI DSS Implementation and Maintenance training course.
IT Governance Ltd is a PCI QSA company and has a track record of helping many organisations comply with PCI DSS. The company can be contacted on +44 (0) 845 070 1750 or by email at servicecentre@itgovernance.co.uk.
- Ends -
NOTES TO EDITORS
IT Governance Ltd is the single-source provider of books, tools, training and consultancy for IT governance, risk management and compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is ‘non-geek’, approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.
Desi Aleksandrova
IT Governance
+44 (0) 845 070 1750
email us here
1 http://www.itgovernance.co.uk/shop/p-1017-pci-foundation-overview-introduction-training-course.aspx?utm_source=pr&utm_medium=nr
2 http://www.itgovernance.co.uk/penetration-testing.aspx?utm_source=pr&utm_medium=nr
3 http://www.itgovernance.co.uk?utm_source=pr&utm_medium=nr