• Things to consider when implementing virtualization in a PCI environment
• Insight into possible changes in the PCI DSS to address virtualization
• How to approach ensuring that existing virtualization efforts meet PCI DSS requirements
• Potential security issues that arise in virtualized environments and how to avoid them
• The difference between snapshots and backups and where each is appropriate

Why Should You Attend:To be really efficient with virtualization many organizations run multiple functions on a single piece of hardware, which appears to be in conflict with the PCI Data Security Standard.  And because the PCI Security Standards Council (SSC) has not published any guidelines on virtualization, the assessment determinations are left up to individual Qualified Security Assessors (QSAs) This situation puts a lot of stress on organizations wanting to modernize their systems and on the QSAs who may be pressured to validate compliance of those systems.  Should organizations move forward with virtualized environments?  What are the risks of moving forward before virtualization guidelines are published?

Areas Covered in the Session:

• What to consider when implementing virtualization
  
• Likely changes to the PCI DSS to address virtualization
  
• Assessing controls in virtualized environments
  
• Avoiding security issues in virtualized environments
  
• Backups of virtualized systems 
• Virtualized environment segmentation
  
• Best practices for security hardening of a virtualized environment

Who Will Benefit:

• Chief Audit Officer (CAO)
  
• Chief Information Officer (CIO)
  
• Chief Information Security Officer (CISO)
  
• IT Management
  
• Internal Audit Departments
  
• Compliance Managers
  
• Project Managers