| Date: | January 23, 2015 |
|---|---|
| Time: | 06:00 p.m. - 09:00 pm |
| Event: | ISACA Singapore |
| Topic: | Achieving PCI Compliance through Strategic Application Security Program |
| Sponsor: | ISACA Singapore |
| Venue: | National Library Board Building |
| Location: | Possibility Room, Level 5, NLB Building 100 Victoria Street Singapore |
| Public: | Public |
Speaking at ISACA Singapore – Achieving PCI Compliance through Strategic Application Security Program
Not long ago the Payment Card Industry released version 3 of PCI DSS. This new version compared to its predecessor introduces a number of changes, PCI states that these changes are intended to address the maturity of the industry since 2006. Lack of education and awareness coupled with poor implementation and maintenance are leading causes of breaches today; this update is intended to target these challenges by providing guidance and clarification on the intent of requirements and how to meet them. In this talk we will focus on Requirement 6 – ‘Develop and Maintain Secure Systems and Applications’ of version 3.
In HP’s Fortify Solution Consulting Group, we refer to our SSA (Software Security Assurance) framework to design application security programmes or secure development lifecycle for our customers and hence I often get asked if programmes built upon the SSA framework can help in fulfilling the PCI DSS Requirement 6.
If you have the similar questions, this is the session to attend. In this session, we will cover:
- How to build a “compliant” secure development lifecycle for development teams using modern software development methodologies
- Challenges of enforcing secure development lifecycle at an enterprise scale
- Reasons why most application security programmes fail and how we can collaborate with development teams for easier enterprise adoption while meeting regulatory requirements
Please note: I reserve the right to delete comments that are offensive or off-topic.