thePCI Portal

Track Selection Guidance for Community Meeting

If you are attending the North American community meeting in a couple of weeks, you have a choice of two tracks full of great sessions on Wednesday Sept 30th.  Recently a medium sized Canadian multi location retailer asked me to recommend some sessions for them.  Unfortunately (?), it looks like every session has something for somebody and I don’t think a blanket recommendation will work.  Instead I put together some qualifying questions for each time slot to help someone decide which track might be better for them.   Maybe they would be of use to you too.

13:00 – 13:50  PT

Track 1: “Discover the Critical Link Between PCI DSS Compliance and Real-World Security”

Track 2: “Overview Point-to-Point Encryption Version 2: What You Need to Know”

Qualifying Question: Do you agree that being PCI DSS compliant makes you more real world secure overall and can articulate why to others?

If yes, go to Track 2: “Overview Point-to-Point Encryption Version 2: What You Need to Know” to learn more about P2PE.

If no, go to Track 1: “Discover the Critical Link Between PCI DSS Compliance and Real-World Security” to be convinced that it really does and show you why.


14:00 – 14:50  PT

Track 1: Fifty Shades of “In Scope” — Dealing with “Near Scope” Assets. Mr. Grey Will See You Now

Track 2: Mitigating the Data Breach Threat While Enforcing PCI DSS Compliance

Qualifying Question: Do you have an internal methodology (documented) that you follow for determining which PCI controls you apply to which system components?

If yes, go to Track 2: “Mitigating the Data Breach Threat While Enforcing PCI DSS Compliance” to advance to the next level.

If no, go to: Track 1: “Fifty Shades of “In Scope” — Dealing with “Near Scope” Assets. Mr. Grey Will See You Now” to address fundamental scoping which will ease the rest of your PCI challenges.


15:10 – 16:00 PT

Track 1: No More Credit Card Breach Risk — How Caesars Implemented Point-to-Point Encryption (P2PE)

Track 2: Requirements -1, 0, 13 and 14: The Big Picture of PCI DSS Compliance

TOUGH CALL.

If you are a large brick and mortar retailer and might be interested in investing in a P2PE solution go to Track 1: No More Credit Card Breach Risk — How Caesars Implemented Point-to-Point Encryption (P2PE).

P2PE is a little bit silver bulletish and to my knowledge it is not a solution supported by Canadian acquirers yet, so implementation will be too complex for most small-medium environments. P2PE might be a relevant solution for you. Maybe your acquirer will soon offer P2PE pin pads and solutions as a service and want to know how it works (rethink your 13:00 track selection!)

If the idea of leveraging your PCI DSS compliance efforts further to mature your information security program appeals to you, go to Track 2: Requirements -1, 0, 13 and 14: The Big Picture of PCI DSS Compliance.


16:10 – 17:00

Track 1: The Evolution of Transaction Security – EMV Chip, Mobile and Beyond

Track 2: Managing PCI Compliance in an Outsourced World: Challenges, Opportunities and Risks

Qualifying Question: Do you insist on “in house only” solutions (for development, hosting, software, security services)?

If yes, go to Track 1: “The Evolution of Transaction Security – EMV Chip, Mobile and Beyond”.

If no, go to Track 2: “Managing PCI Compliance in an Outsourced World: Challenges, Opportunities and Risks”.  Dealing with service providers and third parties who can impact CHD is too big a topic to miss.

http://events.pcisecuritystandards.org/2015/vancouver

Ad below this line:

2 comments for “Track Selection Guidance for Community Meeting

  1. December 1, 2015 at 12:49 am

    I’m impressed, I have to admit. Rarely do I encounter a blog that’s equally educative and interesting, and without a
    doubt, you’ve hit the nail on the head. The issue is something
    which too few folks are speaking intelligently about.
    I’m very happy that I stumbled across this in my search for something regarding this.

    • thePCIportal
      December 4, 2015 at 4:02 pm

      Educative is my peculiar specialty. S.

Leave a Reply

Your email address will not be published. Required fields are marked *