PCI DSS |
Certified Payment Industry Data Security Implementer (CPI DSI) |
The Payment Card Industry Data Security Standard – PCI DSS is a set of focused comprehensive controls for managing the risks surrounding the payment card transactions, particularly over the Internet. This course is created to allow organizations to exercise due care by performing internal validations through a repeatable, objective process. While the course covers all of the requirements of the standard, the primary focus is on the technical controls and how they can be measured.
|
| Who should attend? |
- Managers overseeing PCI/DSS compliance
- External auditors performing PCI/DSS validation
- Security professionals operating in a PCI/DSS compliant environment
- Internal auditors desiring to validate interim compliance
- IT staff, project managers & Risk Managers
- Legal staff, sales engineers and others who deals with the confidential data
- Professionals from various industry verticals such as: banks, IT, Telecommunication etc
|
| Why should you attend? |
Upon completing this course, delegates would be able to:
- Understand the requirements of Payment Card Industry’s Data Security Standard (PCI DSS) in depth
- Understand the implementation challenges
- Understand the process flow of payment card industry.
|
| Benefits |
- This certification provides formal recognition to the professional and demonstrates proficiency in payment card industry data security implementation
- Certification will be awarded by Institute Of Information Security
- We would provide 21 CPE credit for CISA/CISSP/CISM
- This certification provides significant value-addition to your career
- A very strong emphasis is placed on case studies and examples from the industry
|
| Course Contents |
The course covers the following topics:
|
|
Session One– Introduction to PCI DSS V 1.24.2
- Module 1: What is PCI DSS?
- Module 2: Who are the ‘Participating Organizations‘?
- Module 3: Who must comply with PCI DSS?
- Module 4: Why one must comply with PCI DSS?
- Module 5: What are the Risk and consequences of non-compliance?
|
|
Session Two – PCI DSS Implementation Initiatives – An Overview
|
|
Session Three – Identifying business information flow requirements
|
|
Session Four- Best practice for storage
- Module 6:What not to store
- Module 7: How to store what to store
|
|
Session Five – Compliance Process
- Module 8:Understanding the requirements of PCI DSS ü Scope and overview of 12 requirements of PCI DSSü Overview of 14 requirements of PA DSSü Relation between PA DSS & PCI DSS
- Module 9: Understanding the differences between PCI DSS 1.1 and 1.2
- Module 10Understanding 'Scoping'
- Module 11:Understanding the 'Self Assessment Questionnaire (SAQ)'·
- Module 12:Understanding Report on Compliance for PCI DSS·
- Module 13:Understanding the overall Compliance Process
|
|
Session Six – Understanding PCI DSS requirements
- Module 14:Requirement 1: Install and maintain a firewall configuration to protect cardholder data
- Module 15:Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
|
|
Session Seven – Understanding PCI DSS requirements
|
|
Session Eight – Understanding PCI DSS requirements
- Module 19:Requirement 6: Develop and maintain secure systems and applications
- Module 20:Requirement 7: Restrict access to cardholder data by business need-to-know
- Module 21:Requirement 8: Assign a unique ID to each person with computer access
|
|
Session Nine - Understanding PCI DSS requirements
|
|
Session Ten – Understanding PCI DSS requirements
- Module 24:Requirement 11: Regularly test security systems and processes
- Module 25:Requirement 12: Maintain a policy that addresses information security
(Note: All sessions will have the required case studies, hands-on exercises and interactive sessions using available tools as and when the topic warrants)
|
|
Session Eleven – Guidelines on PCI DSS Auditing practices
|
