PCI-DSS Training

Get course

About PCI DSS training

Advanced PCI DSS Training Course targets security professionals with business or technical background responsibilities for managing the project aspects of a compliance program or the implementation of the technical elements contained within the PCI. The course’s Training Manual has been developed upon the PCI DSS council manual which served as the basis for the QSA (Qualified Security Assessor) and fully covers all topics included on the QSA and ISA certification exams.

Course Content:

Overview of the PCI DSS

  • Understanding Security
  • DSS Lifecycle Process
  • Requirements versus Frameworks
  • Security Breaches Overview & Vulnerability Experiences Current statistics and examples Impact of Data Compromises and Increasing Risk to Cardholder Data Compromise Case Study Examples
  • PCI DSS and related standards DSS Objectives Relationship to Industry Standards Compliance & Validation – key differences Payment Application Scope
  • PCI DSS Applicability and Scoping Important Cardholder Data concepts PCI DSS Scoping Statement Network Segmentation, Scoping examples
  • Compliance Validation Process What is PSR/AIS Compliance and Validation Levels Compliance versus Validation Overview of Scoping, Sampling and Compensating Controls
  • PSR/AIS Compliance Programs Security Initiatives & Industry Collaboration Merchant Levels and Validation Requirements
  • Industry Players & Transaction Lifecycle Important Definitions – Entities involved
    • Important Definitions – Transaction Flow
    • Transaction Flow – Authorization, Clearing, Settlement
  • Cardholder Data, Finding and Eliminating Sensitive Authentication Data CVV vs CVV2, Track 1 vs Track 2 Data, Full Track or Magnetic Stripe Track Data Characteristics and Guidelines for Searching, MOD-10 (The Luhn Formula) The PCI PIN Transaction Security Program
  • Compensating Controls Definition, Myths, Facts Successfully Applying Compensating Controls, Analysing Risk Case Study Scenario and Discussion
  • PCI SSC Quality Assurance Program
    • Program Intent & Lifecycle
    • QA Scoring Matrix
    • Program Feedback and Violations Investigation
  • Approved Scanning Vendors (ASVs)
    • What is an ASV, Pass and Fail ASV Certification Criteria
    • Common Vulnerability Scoring System (CVSS)
    • Scan Report Analysis
  • New Standards and Emerging Technologies
    • Data Field Encryption / E2EE / P2PE
    • Wireless Network Guidelines
    • Virtualization & Cloud Computing
    • Tokenization
  • Call Centre Environments
    • Desktop Environment Scope
    • Call Recordings – SAD Data
  • Risk Assessments
    • What is a Risk Assessment with regards to PCI DSS
    • Risk Assessment Drivers
    • Risk Assessment Methodologies
  • Install and maintain a firewall configuration to protect cardholder data
  • Do not use vendor-supplied defaults for system passwords and other security parameters
  • Protect stored cardholder data
  • Encrypt transmission of cardholder data across open, public networks
  • Use and regularly update anti-virus software
  • Develop and maintain secure systems and applications
  • Restrict access to cardholder data by business need-to-know
  • Assign a unique ID to each person with computer access
  • Restrict physical access to cardholder data
  • Track and monitor all access to network resources and CHD
  • Regularly test security systems and processes
  • Maintain a policy that addresses information security

Duration: 16 Hrs
____
Delivery Mode: Online
____
Includes: Course slides
____
Schedule date:
5 & 6-Sep-2020
____
Live from JC Shield Cyber Studio
____
Course Code: JCCPCIDSS091EX

PCI DSS Training Details

  • Duration: 16 hours
  • Includes: Course Material (Trainers slides)
  • Mode of course delivery: Online

Prerequisites

  • Elementary knowledge of Cyber Security & Risk Assessment

Duration:

  • 2 days

Upon Completion:

  • Control costs and gain tangible, real-world insights on best practices.
  • Understand PCI compliance before you go through an assessment.
  • Apply PCI DSS security principles across your business.
  • Completion of this course may help satisfy PCI DSS Requirement 12.6 for general security.

JC S H I E L D
A Division of JC Ventures

Introduction

1
Understanding Security
2
DSS Lifecycle Process
3
Requirements versus Frameworks
4
Security Breaches Overview & Vulnerability Experiences Current statistics and examples Impact of Data Compromises and Increasing Risk to Cardholder Data Compromise Case Study Examples
5
PCI DSS and related standards DSS Objectives Relationship to Industry Standards Compliance & Validation – key differences Payment Application Scope
6
Compliance Validation Process What is PSR/AIS Compliance and Validation Levels Compliance versus Validation Overview of Scoping, Sampling and Compensating Controls
7
PSR/AIS Compliance Programs Security Initiatives & Industry Collaboration Merchant Levels and Validation Requirements
8
Industry Players & Transaction Lifecycle Important Definitions – Entities involved
9
Cardholder Data, Finding and Eliminating Sensitive Authentication Data CVV vs CVV2, Track 1 vs Track 2 Data, Full Track or Magnetic Stripe Track Data Characteristics and Guidelines for Searching, MOD-10 (The Luhn Formula) The PCI PIN Transaction Security Program
10
Compensating Controls Definition, Myths, Facts Successfully Applying Compensating Controls, Analysing Risk Case Study Scenario and Discussion

Section 2

1
PCI SSC Quality Assurance Program
2
Approved Scanning Vendors (ASVs)
3
New Standards and Emerging Technologies
4
Call Centre Environments
5
Risk Assessments
6
Install and maintain a firewall configuration to protect cardholder data
7
Do not use vendor-supplied defaults for system passwords and other security parameters
8
Protect stored cardholder data
9
Encrypt transmission of cardholder data across open, public networks
10
Use and regularly update anti-virus software
11
Develop and maintain secure systems and applications
12
Restrict access to cardholder data by business need-to-know
13
Assign a unique ID to each person with computer access
14
Restrict physical access to cardholder data
15
Track and monitor all access to network resources and CHD
16
Regularly test security systems and processes
17
Maintain a policy that addresses information security

Be the first to add a review.

Please, login to leave a review