Session Details: SF ISACA Fall Conference 2018

Date & Time

Wednesday, October 17, 2018, 1:15 PM - 2:45 PM

Category

Core Competencies

Description

Having performed hundreds of PCI DSS assessments as a PCI QSA (Qualified Security Assessor) and signed just as many Attestation of Compliance (AOCs), we have identified common reasons why companies fail PCI DSS assessments. Some are technical in nature but a significant number of them is the ever-present question on scope. All of these have ramifications on the effectiveness of controls, but the clock is what is most affected. Every PCI DSS assessment has a deadline and with VISA’s mandate to have the Report of Compliance (ROC) completed and AOC submitted a month before the due date for listing in the Visa Global Registry of Service Providers, the PCI DSS assessment needs more attention that in the past. This session will cover the Top 10 reasons why companies fail PCI DSS assessments. We will cover technical challenges, scope questions, delays in evidence gathering, review of control effectiveness, and AOC submissions. We will also cover a recommended approach to maintain compliance through the next annual PCI DSS assessment. This session will assume participant has a working knowledge of the PCI DSS assessment process.

Speaker(s)

Miguel Villegas; Brad Brown

Speaker Bio(s)

Miguel (Mike) O. Villegas is a Senior Vice President for K3DES LLC. He performs and QA’s PCI-DSS and PA-DSS assessments for K3DES clients. He also manages the K3DES ISO/IEC 27002:2013 program. Mike was previously Director of Information Security at Newegg, Inc. for five years. Mike currently is a Contributing Writer for SearchSecurity.com -TechTarget.Mike has over 35 years of Information Systems security and IT audit experience. Mike was previously Vice President & Technology Risk Manager for Wells Fargo Services responsible for IT Regulatory Compliance and was previously a partner at Arthur Andersen and Ernst & Young for their information systems security and IS audit groups over a span of nine years. Mike is a CISA and CISSP. He is also a PCI-QSA and PA-QSA as VP for K3DES.Mike was president of the LA ISACA Chapter during 2010-2012 and president of the SF ISACA Chapter during 2005-2006. He was the SF Fall Conference Co-Chair from 2002–2007 and also served for two years as Vice President on the Board of Directors for ISACA International. Mike has taught CISA review courses for over 23 years.

Bradley Brown is an Information Security Senior Consultant and PCI-DSS assessor for K3DES focused on card brands, banks, service providers and merchants servicing electronic payment solutions. Previously Brad has served as an Information Technology Consultant with both PwC and EY; Director of Corporate Information Systems for Ticketmaster; Senior Information Technology Advisor to Bank Artha Graha Internasional (Indonesia); and CEO of Artha Telekomindo (Indonesia). Brad has been a CISA and member of ISACA since 2008, and is also a PMP and QSA.

CEUs

1.8