Back To Schedule
Thursday, May 16 • 2:10pm - 3:00pm
Why Companies Fail PCI DSS Assessments and What to Do About It

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Having performed hundreds of PCI DSS assessments as a PCI QSA (Qualified Security Assessor) and signed just as many Attestation of Compliance (AOCs), we have identified common reasons why companies fail PCI DSS assessments. Some are technical in nature but a significant number of them is the ever-present question on scope.  All of these have ramifications on the effectiveness of controls, but the clock is what is most affected.  Every PCI DSS assessment has a deadline and with VISA’s mandate for service providers to have the Report of Compliance (ROC) completed and AOC submitted a month before the due date for listing in the Visa Global Registry of Service Providers, the PCI DSS assessment needs more attention than in the past.

This session will cover the top reasons why companies fail PCI DSS assessments.  We will cover technical challenges, scope questions, delays in evidence gathering, review of control effectiveness, and AOC submissions.  We will also cover a recommended approach to maintain compliance through the next annual PCI DSS assessment. This session will assume participant has a working knowledge of the PCI DSS assessment process.

avatar for Miguel (Mike) O. Villegas

Miguel (Mike) O. Villegas

Senior Vice President, K3DES LLC
Miguel (Mike) O. Villegas is a Senior Vice President for K3DES LLC. He performs and QA’s PCI-DSS and PA-DSS assessments for K3DES clients. He also manages the K3DES ISO/IEC 27002:2013 program. Mike was previously Director of Information Security at Newegg, Inc. for five years. Mike... Read More →

Thursday May 16, 2019 2:10pm - 3:00pm PDT
Club Room