The Payment Card Industry – Data Security Standard (PCI-DSS) has been in place since 2006. Compliance with the standard is a contractual obligation, not a regulatory requirement. However, an increasing number of financial institutions are being directed to demonstrate their risk management of credit card security through adherence to, and compliance with, the standard.
PCI compliance for financial institutions is complicated by the fact that they function as both ‘Merchants’ and ‘Service Providers.’ This session will describe the latest updates to the compliance standard, present solutions to common adherence challenges, and provide strategies for how to begin the journey to PCI-DSS compliance.
- Key elements of PCI-DSS compliance
- Difference between the specificity of the PCI requirements and the less-prescriptive FFIEC guidelines
- Critical IT operational requirements to support compliance
- Common pitfalls and challenges to PCI compliance
- Formulate strategies for starting a PCI-DSS compliance program
- Prioritized approach to PCI compliance
- Flow chart/decision matrix for how to determine which compliance report to file
- Employee training log
- NEW – Interactive quiz
WHO SHOULD ATTEND?
This informative session would best suit internal auditors, risk managers, information security officers, operations staff, and management responsible for risk and compliance.
PLEASE NOTE: The live webinar option allows you to have one internet connection (from a single computer terminal). You may have as many people as you like listen and watch from your office computer.
ABOUT THE PRESENTER – Randall J. Romes, CISSP, CRISC, MCP, CliftonLarsonAllen LLP
Randy Romes has been a cybersecurity consultant at CliftonLarsonAllen since 1999 and brings a strong background in computer technology, physics, and education. As a Principal in the Information Security Services and Financial Institutions groups, Randy leads a team of technology and industry specialists and is responsible for the continuing development of the open-source, Unix, and Windows applications used in security audits.
Randy has been involved in developing numerous leading-edge hacking/testing methods and security service offerings. A featured speaker at national information and security management conferences, Randy holds multiple certifications, a Master’s in Educational Technology from the University of Saint Thomas, and a Bachelor’s in Education from the University of Wisconsin – Madison. In addition, he is an instructor at the Graduate School of Banking at the University of Colorado in Boulder.