4. - 6. 9. 2024
Nova Gorica, Hotel Perla
Izkoristite posebno ceno, ki velja samo še do 30. 6. 2024
750 €
Cene ne vsebujejo 22% DDV

Lokacija: Nova Gorica, hotel Perla

Kdaj: 21. november 2012 oz. predkonferenčni dan konference Infosek 2012, med 9 in 15 uro

Vabljeni, da se na predkongerenčni dan konference Infosek udeležite delavnice, ki bo potekala va angleškem jeziku, pod naslovom:

PCI DSS: Practical ways of achieving compliance (workshop)

1. Overview

The risks of identity theft, fraud and security breaches are on the rise, prompting consumers to demand greater assurance that their debit or credit card data is well protected. Card fraud and identity theft are rampant across the globe and affecting millions of consumers and businesses every day. The media is filled with stories of credit card information breaches and payment card industry has determined a need for a concerted and comprehensive response. Industry leaders responded by introducing the Payment Card Industry Data Security Standard (PCI DSS). By adhering to PCI DSS, stakeholders can foster a more secure environment to process, store and transmit cardholder data. On the flip side, failure to comply can result in fines, restrictions and even the loss of card acceptance privileges — not to mention a severely damaged reputation. To ensure effective compliance, merchants, acquirers and other service providers that meet certain conditions are required to engage a PCI-approved Qualified Security Assessor (QSA) to regularly review their information security policies and scan their Internet points of presence. For shoppers, compliance simply provides a greater reassurance of data protection.

PCI DSS compliance is mandatory for all organisations storing, processing or even transmitting debit or credit card information. Failure to comply with the standard can have serious financial and reputational repercussions.

2. Compliance challenges

The difficulty of complying with PCI DSS can range from low to high. This is determined primarily by two factors: the extent of card processing that takes place within business processes and the maturity of processing mechanisms employed. Because there is no one proper way to implement PCI DSS, practitioners often find themselves struggling with some of the following issues:
• What’s the best way to explain to the business what PCI DSS is and what is means for them?
• How should I do to get management buy in?
• Is it really an IT project?
• What exactly is a Cardholder Data Environment (CDE) and how do I define it?
• How do I find compliance gaps?
• How do I even know what level of compliance is expected of me?
• What’s the best way to reduce compliance costs?
• Should I push with reducing the scope?
• Should I use business process reengineering in my approach?
• What should I do with my legacy systems that are unable to meet compliance requirements?
• Do I really need to employ a QSA?
• What’s the best way to maintain compliance?
• Who can help me out and when?
• How can I effectively use my company’s Internal Audit Department?

If anything above sounds familiar, feel free to join this workshop for a lively discussion and idea sharing.

3. Solutions

The objective of Dariusz Sadowski’s workshop is to facilitate a conversation about typical problems with PCI DSS deployment. It is suggested that the target audience should have some knowledge or previous experience with PCI DSS. However, other professionals are also welcome to attend, as the first hour will be devoted to the general PCI DSS overview, which will be sufficient to equip them with the basic understanding.

The second part will expand on the topic and go through major pervasive PCI DSS considerations. First, it will detail the gap finding and scoping stage of each deployment. Second, it will go through each PCI DSS requirement and present a viable solution for each of them. Third, it will say how to validate compliance and stay compliant in a long term. Participants are encouraged to challenge the presenter and others with their views, so that everyone can leave saying that they have learned something new and useful.

About Dariusz Sadowski (bio)

Dariusz is an Assistant Manager in Deloitte UK Enterprise Risk Services (ERS). He has over 4 years of experience in Governance, Risk Management and Compliance areas, including Project Management Advisory, IT Audit (General IT Controls and Application Controls), Business Process/Internal Audit (Business Cycle Controls), Information Security, Privacy and Resiliency. Moreover, he’s a Project Management Professional (PMP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA) and Certified Internal Auditor (CIA). Dariusz has a mix of both technical and financial background which means he understands technology and at the same time delivers in line with business expectations. His current focus is financial services industry clients.

Prior to joining UK practice, Dariusz worked in Deloitte Poland’s ERS, where he was managing one of the most prominent PCI DSS project nationwide. This experience taught him much about the practical side of becoming PCI DSS compliant. He is willing to share all those lessons learned with the participants of the INFOSEK 2012.

Cena in prijava TUKAJ.

Za informacije sem vam na razpolago [email protected] ali na telefonski številki 05 338 48 51. 

Izkoristite posebno ceno, ki velja samo še do 30. 6. 2024

4. - 6. 9. 2024

Redna cena za 3 konferenčne dni:
1.200 € + 22% DDV.


Cene ne vsebujejo 22% DDV



Generalni sponzor

Partner dogodka

Platinasti sponzorji

Zlati sponzorji

Bronasti sponzorji

Sponzorji tehnologije

Medijski sponzorji

Obveščamo vas, da so bili naši pogoji poslovanja posodobljeni.
Sprememba se nanaša na člen »Odpoved ali sprememba dogodka s strani organizatorja«. Zaradi nepredvidenih dogodkov, kot je tudi trenutna epidemija koronavirusa, si pridržujemo pravico, da posamezna izobraževanja odpovemo ali spremenimo termin oz. način izvedbe (online izvedba).

Odpoved ali sprememba dogodka s strani organizatorja
Organizator si pridržuje pravico do odpovedi posameznega izobraževanja, delavnice, dogodka, seminarja ali spremembe terminov oz. načina izvedbe (namesto osebne izvedbe dogodka, izvedba dogodka preko spleta ali na drug način, pri čemer se ključna vsebina in obseg dogodka ne spreminjata oziroma se prilagodita glede na spremembo, npr. zamenjava predavatelja, prilagoditev urnika ipd., vendar se ohrani enakovredna kakovost izvedenega dogodka). Zavezuje se k obvestilu prijavljenim najkasneje en delovni dan pred predvidenim pričetkom izobraževanja oz. takoj, ko prejme novico o morebitnih izrednih dogodkih, ki so razlog za spremembo/odpoved. V primeru odpovedi izobraževanja s strani organizatorja, organizator, morebitno že vplačano kotizacijo, brezobrestno povrne v roku štirinajstih dni od obvestila o odpovedi ali pa omogoči stranki, da kotizacijo porabi za druge izdelke ali storitve. V primeru spremembe načina izvedbe ostanejo plačila v veljavi, v primeru spremembe termina pa ima udeleženec možnost odpovedati udeležbo iz utemeljenih razlogov po določbi Odpoved s strani udeleženca ali pa se odjaviti na način v rokih, ki jih predvideva določba Odjava udeleženca. 

Celotni pogoji poslovanja so dostopni tukaj: https://poslovanje.pogoji.si/tos/29xyi0o

Ta spletna stran uporablja piškotke. Z obiskom in uporabo spletne strani soglašate s piškotki.  DOVOLIM Več informacij o piškotkih najdete in nastavitve tukaj.