Guidance for PCI DSS Scoping and Segmentation

DID YOU KNOW, TARGET STORES WERE BREACHED DUE TO A FAULT IN THEIR NETWORK SEGMENTATION?

Scoping and segmentation are the backbone of any PCI compliance initiative and can result in a horribly expansive and prohibitively expensive initiative or a less than optimal scope which would then result in failing the PCI audit or worse, a data breach exposing your organization to millions in potential damages.

Many organizations struggle to understand where PCI DSS controls are required and which systems need to be protected. This webinar provides guidance to help organizations identify the systems that, at a minimum, need to be included in the scope of PCI DSS. Additionally, it provides guidance on how segmentation can be used to help reduce the number of systems that require PCI DSS controls.

This webinar is intended for any entity looking to understand scoping and segmentation principles when applying PCI DSS to its environment. The recommendations provided in this webinar can be used by both large and small entities to evaluate which system components should be covered by PCI DSS requirements.

This webinar also provides a method for facilitating effective scoping discussions between entities and is useful for:

• Merchants, acquirers, issuers, service providers—for example, issuer processors and Token Service Providers (TSPs)—and others responsible for meeting PCI DSS requirements for their enterprises

• Assessors (such as Qualified Security Assessors or Internal Security Assessors) responsible for performing PCI DSS assessments

• Acquirers evaluating merchants’ or service providers’ PCI DSS Reports on Compliance or Self-Assessment Questionnaires

• PCI Forensic Investigators (PFIs) are responsible for determining PCI DSS scope as part of an investigation.


▬ Social Media ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬

Twitter:   / vistainfosec  
LinkedIn:   / vistainfosec  
Facebook:   / vistainfosec  

More Free Resources

Blog: https://www.vistainfosec.com/blog/
Webinars:https://www.vistainfosec.com/webinar/

Phone Number: +1-415-513-5261(United States)
+65-3129-0397(Singapore)
+442081333131(UK)
+91 9987244769 (India)
Email : [email protected]

Chapters
*********************************************
0:00 Introduction
1:40 AGENDA
2:40 Terminology
9:01 Scoping Confusion
12:13 What is Scoping
13:00 Scoping concepts
16:34 Scoping and Sampling
18:03 PCI DSS Scoping
19:58 Compliance scope
22:25 Scope - Technology requirements
23:35 Scope of PCI DSS
27:24 Where is the Cardholder Data Stored?
28:24 Storing track data
30:30 Track Data Location
31:56 General Guidelines for searching
32:56 Mod-10 (The Luhn Formula)
36:22 Cardholder Data Discovery Tool
39:24 Scoping flowchart
40:49 Scoping Summarised
42:13 What is Segmentation
43:44 Why Segmentation?
***********************************************