A key highlight was an open discussion with PCI SSC and MasterCard on how organizations can gain more value by focusing on overall security rather than on just achieving compliance.
ControlCase, a leading global provider of Compliance as a Service (CaaS), Certifications, and IT Governance, Risk and Compliance (GRC) software recently held its Annual User Group Conference at the Hard Rock Hotel Universal in Orlando, Florida, USA. This year’s event focused on knowledge sharing and included a series of panel discussions covering the different components required to achieve compliance and maintain security.
The event attracted professionals working in the areas of IT Governance, Risk and Compliance from banks, merchants and service providers around the world. Session panelists included senior executives from ControlCase, the PCI Council, MasterCard and WorldPay.
A key highlight of the conference was an open discussion facilitated by Kishor Vaswani, CEO – ControlCase; Adam Sommer, Vice President for MasterCard Enterprise Security Solutions and Jeff Wilder, Standards Trainer – PCI Security Standards Council (PCI SSC). This discussion focused on how organizations can gain more value by focusing on overall security rather than on just achieving compliance. The session referenced many of the requirements in regulations, including PCI, ISO 270001/2, HIPAA and SOC 1/2/3.
“Organizations must focus on being secure as an overall corporate strategy and look to compliance as a means to accomplishing that goal. If a company is secure, it is also likely to be compliant with any compliance framework, but being compliant does not necessarily mean a company is secure” said Jeff Wilder, PCI SSC. Wilder went on to reference notable industry breaches and reiterated that the breached organizations were likely compliant with some regulation but obviously not secure.
ControlCase has assembled an exciting series of speakers from a variety of organizations, including the PCI Security Standards Council. The conference programs will feature sessions on the following topics:
Sommer provided insight on emerging payments security and highlighted the key challenges and benefits of EMV, tokenization and point-to-point encryption or P2PE. Key benefits include:
EMV – EMV has the ability to generate a dynamic card authentication value which, if stolen, cannot be used to create counterfeit cards.
TOKENIZATION – Tokens replace valuable information (such as PAN) with surrogate values that, if compromised, reduce the impact of subsequent fraud.
POINT TO POINT ENCRYPTION (P2PE) – P2PE protects sensitive PAN data “in transit” but renders it unusable across all channels if stolen.
“ControlCase events, such as the Annual User Group Conference, provide a platform for organizations to share best practices for making security a key part of overall business planning and a main focus in the education and training of staff,” said Kishor Vaswani, CEO of ControlCase. “Exchanging valuable knowledge on security and compliance is a real passion for us at ControlCase. We look forward to expanding these interactive events and helping security professionals increase value to their organizations.”
The Key Takeaways from the Annual User Group Conference in Orlando included:
- Confirm your organization has processes in place to ensure that implemented controls are effective.
- The drivers of your security program must be able to evaluate risk the efficiency of the controls to ensure that any residual risk is within an acceptable limit.
- Your assessors should not be the ones to tell you that issues exist. A vulnerability scan should be used to confirm that your vulnerability identification and remediation program is effectively working.
About ControlCase
ControlCase is a global provider of Compliance as a Service (CaaS), Enterprise Software and Services. Our offerings enable clients to effectively manage their IT Governance, Risk Management and Compliance Management (IT GRCM or GRC) efforts.
Headquartered in the United States, with locations in North America, Europe, Asia Pacific and the Middle East, ControlCase focuses on providing and developing services, software products, hardware appliances and managed solutions that focus on compliance regulations and standards; including PCI DSS, SOC1, SOC2, SSAE16, PIPEDA, ISO 27001/2, FERC/NERC, Sarbanes Oxley (SOX), GLBA, HIPAA/HITRUST, CoBIT, and BITS FISAP SIG/AUP.
For more information, please visit the company website at www.controlcase.com