Free Admission for ISACA members

With increasing awareness and concern over privacy and identity theft, in 2001, Visa International launched their Cardholder Information Security Programme (CISP). Visa was the first payment card organisation to mandate security safeguards and compliance to its merchants and service providers, for protecting any personally identifiable payment card data that could be associated with a cardholder (cardholder data). Unlike the requirements stipulated by SOX regulations, the Visa standard has a greater technical depth focused on the payment card processing environment. The CISP (also known as the 12 Step Programme or the Digital Dozen), calls for a detailed security analysis of systems that process, store, or transmit cardholder data.

Eventually, other major payment card companies became more involved in protection of cardholder data and with minor modifications, adopted the Visa CISP for their merchants and service providers. In late 2006, to better align the security standards with overall industry requirements, ownership of the standards was transferred to a new independent body, known as the “Payment Card Industry Security Standards Council, LLC” (PCI SSC). In this seminar, Alex will share with you a risk based approach to Payment Card Industry Data Security Standard (PCI DSS).

AlexisaManagerwiththeRiskandControlsSolutions(RCS)practiceofPricewaterhouseCoopersinHongKong.Hehasmorethan8yearsofITcontrolsandITsecurityexperience.AlexhaspreviouslyworkedforMinistry  ofDefenseSingapore,PricewaterhouseCoopersSingapore,VisaWorldwidePrivateLimitedandStellentServicesCorporationandtheindustryexperiencesincludesOnlineGaming,FinancialandBanking,SingaporeGovernmentandStatutory  bodies,TechnologyCompany,ManufacturingCompany,TradingSector,AviationCompany,SoftwareCompany,ConsumerElectronicsCompany,TelecommunicationCompanyandLogisticsCompany.

Alex’sexperiencesinbusinessprocessesandhistechnicalbackgroundhasenabledhimtocommunicatethetechnicalissueseffectivelytobusinessusers.Hiskeyrelevantexperiencesinclude:

• HeadtheAuditandCompliance,PaymentSecurityServicesforVisaAsiaPacificresponsibleforreviewingthesecurityofthebanksmobilepaymentoperationsandOver-The-Air(OTA)personalizationservices.
• RepresentedVisaAsiaPacificinthedevelopmentofPaymentCardIndustryDataSecurityStandard(PCIDSS).
• ProvidedadvisoryservicestobanksandfinancialinstitutionsontheirpaymentrelatedprojectsandPaymentCardIndustryDataSecurityStandards
• ReviewedVisaMembersagainstVisacompliancerequirementssuchPCIDSS,VisaPINSecurityStandard

• ReviewedandapprovedCardVendorsforusebyVisaMembersinAsiaPacific

• Revised the Line Encryption best practices for Visa and reviewed an implementation for a bank in Thailand
• Conducted investigations on various payment providers due to credit card number breaches
  
• Participated in Visa Risk Advisor Meetings to discuss various payment security issues and new initiatives
• Participated in various IT controls assurance assignments and IT security reviews pertaining to operating systems, applications, network components and architecture during his tenure with PricewaterhouseCoopers Singapore.
• Conducted penetration testing and independent security reviews on the network architecture of the new inter-bank payment system (i.e. system, network devices and SWIFT Security)of the new MAS Electronic Payments System Plus(MEPS+) for Monetary Authority of Singapore.
  
  

Qualifications:

• BachelorofComputingScience2^ndUpperClassHonors,CoventryUniversity
• CertifiedInformationSystemsAuditor(CISA)
• CertifiedInformationSystemsSecurityProfessional(CISSP)
• CertifiedOpenSourceSecurityTestingMethodologyManualSecurityTester(OPST)                                                                                                                                        
  

Fees:       HKICPA/HKCS/CGA/ITAA Member    : HK $50   

Non Member                             : HK$100

• Please reserve your place by filling in the Reservation Reply below and emailing back to ao@isaca.org.hk on or before 5pm on Monday, 13 June 2011.For enquiry, please contact our Administration Officer at (+852) 3568 5438.

I would like to attend the seminar “A Risk based Approach to Payment Card Industry Data Security Standard (PCI DSS) (Conducted in English)” on Tuesday, 14 June 2011.

1.           Please note that all personal data collected will only be used for this enrollment and administration purposes. They will not be disclosed by the ISACA China Hong Kong Chapter (“the Chapter) to any party outside the Chapter except as notified to you at the time of collection, or with your prior consent. For details of Chapter Privacy Policy, please visit www.isaca.org.hk/cms/content/view/108/54/.

2.           The Chapter reserves the right to change the event details at any time in circumstances beyond our control. In case of such changes, the details will be announced at the chapter websites (www.isaca.org.hk and www.isaca-china.org ).

Please post to