[Owasp-cork] Cork Chapter Meeting: PCI DSS Pen Testing / IAM - Thursday, November 12, 2015

Fiona Collins fiona.collins at owasp.org
Thu Oct 29 13:06:46 UTC 2015


Hi all,

On Thursday November 12th we have two great speakers lined up for our next
chapter meeting. Both posses great experience in their respective areas, so
can get across the information and answer your questions that might not be
so easy to find in the books. Stephen O'Boyle will talk about PCI DSS
(Payment Card Industry - Data Security Standard), the set of compliance
guidelines that you must adhere to if you store, transmit or process credit
card information. This will be followed up with Barry Mulcahy's valuable
information on management of identity and access to data across systems.

Also, thanks to the kind sponsorship from Espion on the night there will be
some food and drinks provided too. No doubt, this should be a great night :)

*Register here: http://www.meetup.com/OWASP-Cork/events/226255568/
<http://www.meetup.com/OWASP-Cork/events/226255568/> *

*Talk #1 - PCI DSS v3.1 Scanning and Penetration Testing*

Stephen will discuss the key changes in PCI DSS Version 3.1, examine
penetration testing methodology from the auditor’s point of view, and how
you can maintain compliance.

Key Takeaways will include

∙  PCI DSS Pentest / Scanning overview

∙  Migrating from V2 to V3.1

∙  Changes to penetration testing requirement 11.3

∙  Scanning vs pen testing

∙  What the auditor expects from pen testing

∙  Example methodology

*Speaker Bio:*

Stephen O’Boyle heads up Espion’s Professional Services team and has been a
PCI Qualified Security Assessor since 2008. He is an experienced
information security, risk and compliance consultant with has over ten
years’ experience in information security in both domestic and
international markets. Stephen has extensive experience in performing PCI
audits / consultancy, information security & risk management assessments,
network / architecture security reviews, application security reviews,
penetration testing and assisting organisations in aligning their
information security posture to their business objectives. Stephen has
worked across a wide range of industry verticals, including government,
financial, education and technology.

*Talk #2 - Identity and Access Management (IAM)*

This talk will focus on Identity and Access Management (IAM), what it is
and how it fits into the security landscape. It will outline the lifecycle
of an identity (Hello new hire Alice!). How we move from having an identity
to having access. Some of the common pitfalls encountered during IAM
integration projects. Analytics techniques for IAM that smooth the
integration path, validate controls and provide valuable Business
Intelligence (BI) that are useful for process improvement and security
auditing. The talk will conclude by looking at some of the recent trends in
IAM and some pointers for the future.

*Speaker Bio:*

Barry P. Mulcahy received a B.Sc. in computer science from UCC in 2001 and
a Ph.D. in distributed security systems from UCC in 2008. His academic
experience involves R&D in distributed security systems with an emphasis on
data aggregation, analytics and workflows. While working in Waterford IT as
a security researcher he was involved in several large European FP7
projects including CoMiFin, EternalS and Aniketos. His commercial roles
include Identity and Access Management (IAM) Project Manager at
Onaware-Mycroft. This boutique IAM integration house catered primarily for
financial institutions. Barry is currently part of the Qualcomm Web
Authentication team, helping design and implement security controls for
authentication and authorization in Qualcomm’s global IT infrastructure.

https://ie.linkedin.com/in/barrymulcahy

*Afterwards ...*

We* might* have a few sneaky pints afterwards, and you are all welcome to
join us.

We are having the talks in Cashman's Bar on Academy Street so we will stay
on there.

Regards,

Darren & Fiona (OWASP Cork Team)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-cork/attachments/20151029/fd9a654a/attachment.html>


More information about the Owasp-cork mailing list