One of the most interesting sessions from the 2013 PCI Community Meeting was the presentation given by the PCI Council on network segmentation and isolation, as a way of reducing the surface and the cost of compliance. This presentation was responsible for majority of the questions asked during the Q/A section of the conference… and this is the conference where the new PCI DSS was announced!
This presentation will cover all different mechanisms for reducing the scope of the PCI environment, including:
• Network Segmentation vs. Isolation
• Tokenization
• Redaction
• Outsourcing (avoidance)
Each technique will be discussed in detail, including real-world examples of effective implementation. Additionally, since the network segmentation vs. network isolation caused so much confusion during the conference, this topic will be discussed in detail, and include specific examples of common mistakes as well as effective scope reduction techniques.
PCI DSS Scope reduction benefits all types and sizes of organizations, and should be reviewed for opportunities for further reduction every year. This presentation will provide the information necessary to perform this review.
- How to reduce PCI scope to the minimum necessary
- Understand differences and impact between network segmentation and isolation
- Learn to avoid common PCI scope reduction mistakes
About Yan Kravchenko
Yan Kravchenko is passionate about finding ways for organizations to balance their business objectives with the ever-growing cybersecurity and regulatory challenges. Today, Kravchenko is focused on one of the latest frontiers in the field of security: application security. In this role, he is creating innovative tools and services for complex enterprises to understand their application security risks and optimize their security investments. In dealing with the ever-changing cybersecurity threat landscape, he brings the ability to interpret and apply technical, legal and business information to enable his clients to make informed decisions.
Over the past 20+ years, Kravchenko has worked through many IT and security evolutionary trends, learning different ways to evaluate, understand and remediate cybersecurity risks.
