0845 450 6120

PCI DSS - Payment Card Industry Data Security Standards

The Implementers course is aimed at organisations currently undertaking or about to start with PCI Compliance or professionals looking to get into this area of consulting, with the aim of giving them an in depth understanding of PCI DSS and to assist those organisations in becoming compliant!

The course also covers a number of areas of PCI DSS not normally covered in other courses, such as scoping, segmentation tips, advice on the auditing process and how PCI compliance affects the business

We don't currently have any courses listed for PCI DSS - Payment Card Industry Data Security Standards, would you like to view all courses for Information & Cyber Security?

Learning Objectives

The aim of this course is to give the delegate an in depth understanding of PCI DSS and to assist those organisations in becoming compliant!

Pre-Requisites

This course is designed for individuals who are responsible for the ensuring that their organisation becomes fully compliant to the technical and business requirements of the PCI DSS standard. The course would also benefit external consultants seeking to provide PCI implementation advice to their respective client organisations.

Course Content

Module 1:

Security Breaches Overview & Vulnerability Experiences
Structure & Relationships
Impact of Data Compromises and Increasing Risk to Cardholder Data
Compromise Case Study Examples

Module 2:

Overview of the PCI DSS and AIS
PCI DSS Objectives
Relationship to Industry Standards
Compliance & Validation – key differences

Module 3:

Compliance Validation Process
What is AIS Compliance and Validation Levels
New Self-Assessment Questionnaires
Overview of Scoping, Sampling and Compensating Controls

Module 4:

Requirements for Payment Applications
Payment Application Scope
Guidelines for Payment Application Security Strategy
Payment Application Mandates

Module 5:

Cardholder Data, Finding and Eliminating Sensitive Authentication Data
CVV vs CVV2, Track 1 vs Track 2 Data, Full Track or Magnetic Stripe
Track Data Characteristics and Guidelines for Searching, MOD-10
The PCI PIN Transaction Security Program

Module 6:

PCI DSS Applicability and Scoping
Important Cardholder Data concepts
PCI DSS Scoping Statement
Network Segmentation, Scoping examples

Module 7:

Compensating Controls
Definition, Myths, Facts
Successfully Applying Compensating Controls, Analysing Risk
Case Study Scenario and Discussion

Module 8:

New Standards and Emerging Technologies
PIN Transaction Security
Data Field / End to End Encryption
New Wireless Guidelines
Virtualization & Cloud Computing
Tokenization

Module 9:

A detailed explanation of PCI DSS Requirements (above) and Audit Guidelines including the 12 Sections and related sub requirements including:

Firewall configuration Standards Settings
Network Segmentation and Firewall Rules
Vendors Defaults and Admin Access
System Configuration Standards
Cardholder Data Retention
Protecting Stored Data
Encrypting Cardholder Data
Encryption Key Management
Encrypting Sensitive Data over Public Networks
Using and updating anti-virus software principles
Updated Wireless Guidelines, End to End
Encryption Patch management and change control
Software Development Controls
Secure Software Development
Web-facing Applications
End to End (E2E) encryption Restricting access to cardholder data
Unique User Ids
Two-Factor Authentication
User Authentication
Restricting physical access to cardholder data
Maintaining Information Security policies
Employee Acceptable Use Policy
Information Security Management Responsibilities
Employee Education and Screening
Service Provider Requirements
Incident Response Planning
Virtualization, tokenization, Cloud computing
Logging Access to Cardholder Data
Monitoring Access to Cardholder Data
Vulnerability Scans and Penetration Testing
IDS and FIM
One Month
Two Months
Three Months
More than Three Months
PRINCE2 Foundation & Practitioner
MSP Foundation & Practitioner
APMP Certificate
ITIL Foundation
Scrum in One Day
Certified ScrumMaster
ISTQB Software Test Foundation
Microsoft Project
BCS Business Analysis Practice
Other - Please Specify Below

Online Courses

You may prefer an online course if you are looking for a flexible and cost-effective solution. Online courses allow you to study at your own pace, at a time that suits you.

We have the following eLearning options available:

Our Customers Include