In this episode of the SecurityMetrics Podcast, Jeremy King (Regional VP for Europe, Middle East, and Africa at the PCI Security Standards Council) provides an overview of the recent community meeting in Dublin, Ireland, and why it is important for your business to attend the annual PCI Community Meeting.

Listen to learn:

• How the community meeting provides a valuable opportunity to learn about the new requirements and get help with PCI implementation.
• How assessors are playing a critical role in helping organizations prepare for the transition.
• Why collaboration is a key theme of the PCI Community Meeting.

The podcast can be helpful for:

• Merchants who are preparing for the PCI DSS version 4.0 transition.Assessors who are helping organizations with the transition.
• -Anyone who wants to learn more about PCI security standards.

Filmed at the 2023 PCI Community Meeting in Dublin, Ireland.

Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit

Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing

Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide

Get FREE security and compliance training ► https://academy.securitymetrics.com/

Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

This episode of the Security Metrics Podcast discusses the transition from the Payment Application Data Security Standard (PA-DSS) to the Software Security Framework (SSF). The guest speaker, Jake Marcinko, is a Standards Manager at the PCI Security Standards Council and chairs the SSF working groups.

Listen to learn:

• How the PCI Security Standards Council is continuously evolving the SSF to keep pace with emerging threats and technologies.
• Why the SSF replaced the previous Payment Application Data Security Standard (PADSS).
• The recent updates to SSF to address the increasing use of cloud-based applications.

Filmed at the 2023 PCI Community Meeting in Dublin, Ireland.

Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit

Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing

Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide

Get FREE security and compliance training ► https://academy.securitymetrics.com/

Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

PCI SSC takes great care in working with other key technical bodies, such as EMVCo. Arman Aygen (Master of Science (MSc) in Communication Systems from EPFL (École Polytechnique Fédérale de Lausanne), MSc in Multimedia Communication Systems from EURECOM, and Bachelor of Science (BSc) in Micro Engineering from EPFL), Director of Technology, EMVCo, and Andrew Jamieson, VP, Solutions, PCI Security Standards Council, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting Europe to discuss:

• The mission of EMVCo and its key technical initiatives
• How PCI SSC and EMVCo collaborate to ensure industry alignment
• EMVCo’s work on mobile payment acceptance and PCI SSC’s work regarding security

Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit

Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing

Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide

Get FREE security and compliance training ► https://academy.securitymetrics.com/

Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

The new PCI 4.0 requirements focused on managing payment page scripts are excellent because they can be used to address data leakage risks with other cybersecurity standards and regulations, such as HIPAA. John Elliott, GRC Consultant with a focus on PCI and GDPR, Security Advisor at Jscrambler, Pluralsight Author and Keynote Speaker, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting Europe to discuss:

• How malicious actors use scripts to steal information
• Why PCI DSS requirements were added to deal with this threat
• Jscrambler’s approach to payment page script management 
  
  

Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit

Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing

Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide

Get FREE security and compliance training ► https://academy.securitymetrics.com/

Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

Application Programming Interfaces (APIs) are critical targets for malicious actors seeking to steal credit card data and other sensitive information. Any organization that uses APIs needs to learn how to protect them.

Dan Barahona, Founder of APIsec University, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:

• What an API is
• Why APIs are targets
• How to keep APIs secure

Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit

Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing

Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide

Get FREE security and compliance training ► https://academy.securitymetrics.com/

Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

Payment page scripts in consumer browsers need to be secured as defined in these new PCI DSS 4.0 requirements. Organizations that are doing their research on the best way to meet these requirements will be interested in this episode.

Jeff Zitomer, Senior Director of Product Management, Human Security, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:

• How to understand PCI DSS 4.0 requirements 6.4.3 and 11.6.1
• What the risks are to payment page scripts in consumer browsers
• Some of the solutions available to meet these requirements

Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit

Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing

Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide

Get FREE security and compliance training ► https://academy.securitymetrics.com/

Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

With the required shift from PCI DSS 3.2.1 to 4.0 upon us, many organizations are concerned about their ability to successfully meet new requirements. Martin Kenney, Senior Systems Engineer/Admin, IT at InfoSend, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:

• How Infosend approached the shift to being assessed against PCI DSS 4.0
• Why companies should make the shift to PCI DSS 4.0 now
• Advice offered to others making the transition to PCI DSS 4.0

Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit

Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing

Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide

Get FREE security and compliance training ► https://academy.securitymetrics.com/

Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

Ethical hackers and cybercriminals are not the same thing, and it can be beneficial to establish a channel to communicate with hackers trying to alert you to vulnerabilities. Ilona Cohen, Chief Legal and Policy Officer at Hacker One, and Harley Geiger, Counsel at Venable LLP, sit down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at the PCI Community Meeting North America to discuss:

• Hackers vs. cybercriminals
• Vulnerability disclosure policies (VDPs) vs. bug bounties
• PCI DSS post-disclosure obligations 

Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)

Filmed at the 2023 PCI Community Meeting in Portland, Oregon.

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit

Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing

Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide

Get FREE security and compliance training ► https://academy.securitymetrics.com/

Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

Cybersecurity professionals come from all walks of life, and true professionals find ways to improve their skill sets at each step of the journey. Pentester and Security Consultant Joseph Pierini (CISSP, CISA, PCIP) sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:

• His unique entry into cybersecurity
• How he continually found non-traditional ways to forge forward in his career
• How introspection and communication make him a better technology professional

Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit

Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing

Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide

Get FREE security and compliance training ► https://academy.securitymetrics.com/

Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

The PCI SSC relies on participating organizations to support its efforts in card payment security. Simon Turner (CISSP, CISM, CISA, VCP, ISA), Senior Manager, ISSCA Consultancy Services, BT Group (British Telecom), sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:

• The role of BT as a PCI Principle Participating Organization (PPO)
• PCI payment security groups BT is interested in collaborating on
• BT representation on the PCI Board of Advisors

Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit

Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing

Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide

Get FREE security and compliance training ► https://academy.securitymetrics.com/

Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place