atsec将参加2024年11月20日和21日在越南河内举行的支付卡产业安全标准委员会(PCI SSC: Payment Card Industry Security Standards Council)亚太社区会议,并与往年一样设置展位。
本次会议上,atsec资深顾问刘岩和沈国华将发表题为“New vs. New: Exploring PCI DSS v4.0 and ISO/IEC 27001:2022”的主题讲演。
In 2022, PCI DSS and ISO/IEC 27001 released their latest versions. For many organizations that are simultaneously implementing the two standards, integrating these requirements has become a new challenge. We will provide a high-level comparison analysis for the two standards and explore how to merge the requirements into the organization’s own and unified Information Security Management System (ISMS). The concepts related to Customized Approach, risk assessment, nonconformity and corrective action will be discussed. The authors will share the experience on how assessed entities have been compliant with both the new standards in recent years.
该摘要的中文翻译如下: 2022年,PCI DSS和ISO/IEC 27001发布了最新版本。对于许多同时实施这两个标准的机构来说,整合这些要求已成为新的挑战。我们将对这两个标准进行比较分析,并探讨如何将要求合并到机构自身统一的信息安全管理系统(ISMS)中。我们将讨论与定制化方法、风险评估、不合格和纠正措施相关的概念。作者将分享近年来被评估实体如何合规这两个新标准的最佳实践。

PCI SSC发布的宣传视频可通过以下链接访问:Youtu,atsec官网