Recorded: March 22 | 2016 Attend
Under the rules of PCI DSS v3.1, SSL and early versions of the Transport Layer Security (TLS) protocol are no longer considered acceptable for payment data protection due to "inherent weaknesses" within the protocol. Organizations who process payments must migrate to TLS 1.1 encryption or higher by June 2018. Prior to this date, existing implementations using SSL and/or early TLS must have a formal risk mitigation and migration plan in place. Moreover, details have just been released on the upcoming PCI DSS 3.2.
In a landscape filled with new threats and new regulations, risk management has never been more critical. On this webinar we will look at ways to address the SSL and TLS vulnerabilities by implementing a pragmatic risk migration plan. Join us to learn about innovative data-centric protection technologies that mitigate risk, enable compliance, and are all the more important – especially if potentially insecure transfer methods will continue to be used through mid-2018.
Speakers
Branden Williams has nearly two decades of experience in technology and information security with a formidable background in the the technologies that drive today's businesses. After spending the first several years of his career working with education institutions and internet service providers to secure their infrastructures, Branden co-founded and sold an IT consulting business. He continued in this entrepreneurial spirit and worked with several of the buyer's portfolio companies to enable secure growth of their business. Branden has practical experience working with global clients in multiple verticals and is known for creating innovative solutions to challenging problems.He has current, extensive experience in a number of popular server platforms, and further experience in other operating systems including Mainframe (z/OS) and OS X. From a networking perspective, Branden has experience with many of the major networking players as well as practical deployments of infrastructure to promote efficiency and order where cost and chaos normally exists. Branden is a Distinguished Fellow of the Information Systems Security Association (ISSA) and was also an Adjunct Professor at the University of Dallas's Graduate School of Management where he taught in their NSA Certified Information Assurance program. He publishes regularly and co-authored multiple books on PCI Compliance.
Stuart Hince is a Senior Solutions Architect of the Professional Services organization at HPE Security – Data Security (previously Voltage Security). For the past six years, Stuart has focused on the company's payments-related products, including terminal-based encryption, e-commerce, mobile payments, and tokenization solutions. In this role, he works directly with numerous card processors, device manufacturers, POS vendors, and larger merchants to ensure these technologies are integrated and deployed successfully, and effectively protect consumers from security breaches. Stuart has been recognized as an HPE Master Technologist – a qualification that requires a continuity of contributions shown to have a major impact on the company' business. This award demands leadership, innovation and collaboration within HPE, recognition from the external technical community, and a depth of expertise in multiple technical disciplines. Stuart has 25+ years of experience in software development, a Master's degree in Engineering from Stanford University, and a BSc from the University of Bath in England.
Mason Karrer, Principle GRC Strategist, Policy and Compliance. As a GRC Strategist for RSA, Mason is responsible for driving strategy and design decisions for the Archer Policy and Compliance business solutions as well as Archer content operations. With a 20 year background mix of software development, operations, security management, and audit, Mason brings a diverse practitioner's perspective to the GRC product space. He continually collaborates with analysts, partners, and customers across industries and geographies to shape strategic perspectives, product innovation, and promote thought leadership around key policy, compliance, and risk areas of focus such as regulatory change and IT operational risk management. Mason received a Bachelor of Science degree in Aerospace Engineering from the University of Kansas, and holds the CISSP and CISA professional certifications.
Emma Sutcliffe, Director, Data Security Standards, PCI Security Standards Council. As Director of Data Security Standards, Ms. Sutcliffe oversees a number of PCI security standards, including the PCI DSS and PA-DSS. Ms. Sutcliffe chairs PCI SSC's Technical Working Group (TWG) and the Tokenization Working Group, where she works closely with the Payment Brands and Affiliate members to develop standards, supporting documentation, and guidance papers. Ms. Sutcliffe has over 15 years' information security experience and is a current CISSP, CISM, and CISA