course overview
Overview
This two-day fundamentals course, fully updated for the recently released PCI DSS v3.2.1 standard, provides a comprehensive introduction to the PCI DSS, and provides practical coverage of all aspects of implementing a Payment Card Industry Security Standard (PCI DSS) compliance programme.
Skills Gained
Delegates will learn:
Prerequisites
There are no pre-requisites. However, we recommend that all delegates read the Payment Card Industry Data Security Standard (PCI DSS) document downloadable from the PCI SSC website.
We further recommend that delegates familiarise themselves with standard, so that they come armed with questions about the control groups, and how they may be applied to their organisation.
Outline
Overview of the PCI DSS Understanding Security DSS Lifecycle Process Requirements versus Frameworks
Security Breaches Overview & Vulnerability Experiences Current statistics and examples Impact of Data Compromises and Increasing Risk to Cardholder Data Compromise Case Study Examples
PCI DSS and related standards DSS Objectives Relationship to Industry Standards Compliance & Validation - key differences Payment Application Scope
PCI DSS Applicability and Scoping Important Cardholder Data concepts PCI DSS Scoping Statement Network Segmentation, Scoping examples
Compliance Validation Process What is PSR/AIS Compliance and Validation Levels Compliance versus Validation Overview of Scoping, Sampling and Compensating Controls
PSR/AIS Compliance Programs Security Initiatives & Industry Collaboration Merchant Levels and Validation Requirements
Industry Players & Transaction Lifecycle Important Definitions - Entities involved Important Definitions - Transaction Flow Transaction Flow - Authorisation, Clearing, Settlement
Cardholder Data, Finding and Eliminating Sensitive Authentication Data
Compensating Controls Definition, Myths, Facts Successfully Applying Compensating Controls, Analysing Risk Case Study Scenario and Discussion
PCI SSC Quality Assurance Program Intent & Lifecycle CourseMonster Scoring Matrix Program Feedback and Violations Investigation
Approved Scanning Vendors (ASVs) What is an ASV, Pass and Fail ASV Certification Criteria Common Vulnerability Scoring System (CVSS) Scan Report Analysis 15:00: Refreshments & Networking
New Standards and Emerging Technologies 12.1 Data Field Encryption / E2EE / P2PE 12.2 Wireless Network Guidelines 12.3 Virtualisation & Cloud Computing 12.4 Tokenisation
Call Centre Environments 13.1 Desktop Environment Scope 13.2 Call Recordings - SAD Data
Risk Assessments What is a Risk Assessment with regards to PCI DSS Risk Assessment Drivers Risk Assessment Methodologies
PCI Data Security Standard Requirements In-depth. Detailed explanations of PCI DSS Requirements and Audit Guidelines for all 6 Domains, containing the 12 Sections and related sub requirements including:
Exam
This course, updated for 2018, is now aligned to the PCI Security Standards Council PCI-P exam syllabus. The exam cost and voucher is not included in the course, delegates wishing to take this exam should book this exam independently via the PCI Security Council Standard website.
If you need training for 3 or more people, you should ask us about onsite training. Putting aside the obvious location benefit, content can be customised to better meet your business objectives and more can be covered than in a public classroom. Its a cost effective option. One on one training can be delivered too, at reasonable rates.
Submit an enquiry from any page on this site, and let us know you are interested in the requirements box, or simply mention it when we contact you.
All $ prices are in USD unless it’s a NZ or AU date
SPVC = Self Paced Virtual Class
LVC = Live Virtual Class
Our clients have included prestigious national organisations such as Oxford University Press, multi-national private corporations such as JP Morgan and HSBC, as well as public sector institutions such as the Department of Defence and the Department of Health.