Significant Developments in the PCI DSS 3.0 and PA-DSS 3.0: Compliance in 2015
In August 2014, the Payment Card Industry (PCI) Security Standards Council issued new guidance on how to ensure that payment card data entrusted by merchants to third parties is securely maintained.
The PCI Data Security Standards (PCI DSS) 3.0 requires that companies protect customers’ credit card data even after out-sourcing to a third-party service provider which processes, stores, or transmits card-holder data on behalf of another entity.
Since the adoption and implementation of Payment Card Industry Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA DSS), it has been a continuing battle to secure and protect payment card information against breaches and fraud in financial systems.
In this 2 hour live webcast, a panel of key thought leaders and professionals assembled by The Knowledge Group will discuss of the Significant Developments in the PCI DSS & PA DSS Version 3.0. Compliance.
Key topics include:
- PCI DSS 3.0 & PA DSS 3.0 - An Overview
- Standard Development Process
- 8 Stages PCI DSS and PA DSS
- Dos and Don'ts in PCI Data Storage
- Changes to PCI DSS and PA-DSS
- Compliance Validity and Security
- Compliance Challenges
- Best Practices: Ownership, Risk, Monitoring, Metrics
- Key Issues Emphasized in Version 3.0
Davis Wright Tremaine LLP
- Changes to the Data Security Standard (PCI DSS)
- Quick background the PCI Council and the PCI DSS and PA-DSS [<1 min, I presume everyone already generally familiar PCI]
- General overview on the numerous clarifications and additional guidance
- Nine new requirements effective on December 31, 2014 [summary of change, examples of impact on your organization and implementation tips]
- Five new requirements effective on July 1, 2015
- Overview on the Significant Clarifications and Additional Guidance on Existing Requirements
- Changes to the Payment Application Data Security Standard (PA-DSS)
McDermott Will & Emery LLP
General Dynamics Fidelis Cybersecurity Solutions
Who Should Attend:
- Finance Lawyers
- Compliance Officers
- Software Vendors
- Finance Professionals
- Financial Executives
- Service Providers
- Merchant Banks
- Private and Public Companies
- Other Related/Interested Professionals and Organizations
Christopher Avery, CIPP/US, counsels on a broad range of privacy and security matters. He advises clients on U.S. and international privacy laws and regulations pertaining to consumer privacy, employee privacy, data security, and cybersecurity. Christopher advises merchants and service providers on implementing the PCI DSS requirements, successfully completing QSA and ISA lead annual assessments, and timely submissions of PCI attestations of compliance. Christopher draws on nearly a decade of experience to serve the needs of clients both nationwide and abroad.
Christopher Avery, CIPP/US, counsels on a broad range of privacy and security matters. He advises clients on U.S. and international …
Heather Egan Sussman is a partner of McDermott Will & Emery. She is Co-Chair of the Firm’s Global Privacy and Data Protection Group and a Certified Information privacy Professional. Heather’s practice focuses on privacy, information security and consumer protection. She routinely advises on the many laws in these areas, including GLBA, HIPAA, COPPA, FCRA, TCPA and CAN-SPAM, and the patchwork of U.S. state laws, including California’s Online Privacy Protection Act, state breach notification laws, state information security laws, and self-regulatory frameworks like those covering online advertising and payment card processing. In her practice, Heather helps clients manage information, generally, and leverage the incredible value of data and digital technologies in way that not only meets compliance obligations, but also supports innovation, delivers value to the business, and solidifies brand and consumer trust.
Heather Egan Sussman is a partner of McDermott Will & Emery. She is Co-Chair of the Firm’s Global Privacy and …
Mike is the Regional Director of Cyber Security Incident Response for General Dynamics Fidelis Cybersecurity Solutions (GDFidelis). Mike has more than three decades of experience in the Information Assurance and Network Security field. He possesses in-depth practical experience managing medium to large classified Local /Wide Area Networks (LAN/WAN) operations and maintenance facilities, personnel, and resources. Proven professional experience working information assurance, network security, communications system design, installation, strategic planning, project management, policy development, budgeting, supervision, and training. Mike is an expert in critical network functions to include Network Operations Center (NOC), Computer Emergency Response Team (CERT), Incident Response Teams (IRT), Certification and Accreditation (C&A), intrusion detection, network security scanning, and penetration testing. He has a strong working knowledge of LAN/WAN architectures, encryption and protected distribution systems for multiple security enclave environments.
As the Cyber Defense Incident Response lead, Mike has lead teams on many large commercial intrusions that were some of the largest global intrusion responses to date. Mike controls all aspects for these events. This includes organizing initial response and forensic support, remediation, expulsion, security engineering and security operations for network monitoring. Mike performs as the on-site customer liaison working closely with customer leadership, IT personnel, legal, law enforcement and external forensic analysts ensuring work flow and communications are managed.
- MA Computer Resource Management, Webster University
- BS/BA Management, University of Southern Colorado
- AAS Digital Equipment Technology, Community College of the AF
Mike is the Regional Director of Cyber Security Incident Response for General Dynamics Fidelis Cybersecurity Solutions (GDFidelis). Mike has more …
Print and review course materials
Method of Presentation:
NASBA Field of Study:
Specialized Knowledge and Applications
NY Category of CLE Credit:
Areas of Professional Practice
Unlock All The Knowledge and Credit You Need
Leading Provider of Online Continuing Education
It's As Easy as 1, 2, 3
Get Your 1-Year All Access Pass For Only $199
General Dynamics Fidelis Cybersecurity Solutions
About Davis Wright Tremaine LLP
Davis Wright Tremaine LLP is a national, full-service, business and litigation law firm representing clients located in the United States and around the world. The firm was founded on a simple guiding principle: to provide clients with high-value legal services customized to their particular needs. Today the firm has grown to include approximately 500 attorneys and nine offices, covering a wide range of practice and industry areas.
The depth and strength we offer in the core legal functions of litigation, business transactions, intellectual property, real estate, and employment are supplemented with nationally recognized teams serving the communications, media, financial services, health care, energy, technology, and hospitality industries.
About McDermott Will & Emery LLP
McDermott Will & Emery is a premier international law firm with a diverse business practice including more than 1,000 lawyers in 17 offices around the globe. Our Privacy and Data Protection practice comprises more than 50 attorneys who are dedicated to assisting companies manage information and related risks throughout the data lifecycle. We represent large and small companies from nearly every industry and sector. We have experience across the full range of privacy and data protection laws. This deep industry experience and our global, multi-disciplinary approach to data management uniquely position us to provide practical, efficient solutions to our clients.
About General Dynamics Fidelis Cybersecurity Solutions
General Dynamics Fidelis Cybersecurity Solutions provides organizations with a robust, comprehensive portfolio of products, services, and expertise to combat today's sophisticated advanced threats and prevent data breaches. Our commercial enterprise and government customers around the globe can face advanced threats with confidence through use of our Network Defense and Forensics Services, delivered by an elite team of security professionals with decades of hands-on experience, and our award-winning Fidelis XPS™ Advanced Threat Defense Products , which provide visibility and control over the entire threat life cycle.