0345 4506120

PCI-DSS Fundamentals

Special Notices

This course, updated for 2018, is now aligned to the PCI Security Standards Council PCI-P exam syllabus.

This two-day fundamentals course, fully updated for the recently released PCI DSS v3.2.1 standard, provides a comprehensive introduction to the PCI DSS, and provides practical coverage of all aspects of implementing a Payment Card Industry Security Standard (PCI DSS) compliance programme.

Learning Objectives

Delegates will learn:

  •   The purpose of the PCI DSS and the requirement for protection of cardholder data.
  •   PCI DSS objectives and intent. Related PCI standards and programmes.
  •   How PCI DSS compliance is enforced by the payment brands
  •   Compliance needs for merchants and service providers
  •   Explanation of the different levels
  •   How compliance must be reported by merchants and service providers
  •   The 12 standard requirements
  •   Scoping and applicability of the PCI DSS
  •   Technical Implementation of the requirements
  •   Project management
  •   Maintaining compliance
  •   Additional considerations for: call centres, encryption, software development, mobile payments, skimming

Pre-Requisites

There are no pre-requisites. However, we recommend that all delegates read the Payment Card Industry Data Security Standard (PCI DSS) document downloadable from the PCI SSC website.

We further recommend that delegates familiarise themselves with standard, so that they come armed with questions about the control groups, and how they may be applied to their organisation.

Course Content

Day 1

Module 1: Overview of the PCI DSS Understanding Security DSS Lifecycle Process Requirements versus Frameworks

Module 2: Security Breaches Overview & Vulnerability Experiences Current statistics and examples Impact of Data Compromises and Increasing Risk to Cardholder Data Compromise Case Study Examples

Module 3: PCI DSS and related standards DSS Objectives Relationship to Industry Standards Compliance & Validation - key differences Payment Application Scope

Module 4: PCI DSS Applicability and Scoping Important Cardholder Data concepts PCI DSS Scoping Statement Network Segmentation, Scoping examples

Module 5: Compliance Validation Process What is PSR/AIS Compliance and Validation Levels Compliance versus Validation Overview of Scoping, Sampling and Compensating Controls

Module 6: PSR/AIS Compliance Programs Security Initiatives & Industry Collaboration Merchant Levels and Validation Requirements

Module 7: Industry Players & Transaction Lifecycle Important Definitions - Entities involved Important Definitions - Transaction Flow Transaction Flow - Authorisation, Clearing, Settlement

Module 8: Cardholder Data, Finding and Eliminating Sensitive Authentication Data

Module 9: Compensating Controls Definition, Myths, Facts Successfully Applying Compensating Controls, Analysing Risk Case Study Scenario and Discussion

Module 10: PCI SSC Quality Assurance Program Intent & Lifecycle Scoring Matrix Program Feedback and Violations Investigation

Module 11: Approved Scanning Vendors (ASVs) What is an ASV, Pass and Fail ASV Certification Criteria Common Vulnerability Scoring System (CVSS) Scan Report Analysis 15:00: Refreshments & Networking

Module 12: New Standards and Emerging Technologies 12.1 Data Field Encryption / E2EE / P2PE 12.2 Wireless Network Guidelines 12.3 Virtualisation & Cloud Computing 12.4 Tokenisation

Module 13: Call Centre Environments 13.1 Desktop Environment Scope 13.2 Call Recordings - SAD Data

Module 14: Risk Assessments What is a Risk Assessment with regards to PCI DSS Risk Assessment Drivers Risk Assessment Methodologies

Day 2:

PCI Data Security Standard Requirements In-depth. Detailed explanations of PCI DSS Requirements and Audit Guidelines for all 6 Domains, containing the 12 Sections and related sub requirements including:

PCI DSS Section 1 - Install and maintain a firewall configuration to protect cardholder data

PCI DSS Section 2 - Do not use vendor-supplied defaults for system passwords and other security parameters

PCI DSS Section 3 - Protect stored cardholder data

PCI DSS Section 4 - Encrypt transmission of cardholder data across open, public networks

PCI DSS Section 5 - Use and regularly update anti-virus software

PCI DSS Section 6 - Develop and maintain secure systems and applications

PCI DSS Section 7 - Restrict access to cardholder data by business need-to-know

PCI DSS Section 8 - Assign a unique ID to each person with computer access

PCI DSS Section 9 - Restrict physical access to cardholder data

PCI DSS Section 10 - Track and monitor all access to network resources and CHD

PCI DSS Section 11 - Regularly test security systems and processes

PCI DSS Section 12 - Maintain a policy that addresses information security

Exams & Certification

This course, updated for 2018, is now aligned to the PCI Security Standards Council PCI-P exam syllabus. The exam cost and voucher is not included in the course, delegates wishing to take this exam should book this exam independently via the PCI Security Council Standard website.

Related Courses

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the requested service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.

 

Virtual Classroom

Virtual classrooms provide all the benefits of attending a classroom course without the need to arrange travel and accomodation. Please note that virtual courses are attended in real-time, commencing on a specified date.

Virtual Course Dates

Our Customers Include