PCI-DSS Practitioner

Day 1

• Module 1: Overview of the PCI DSS Understanding Security DSS Lifecycle Process Requirements versus Frameworks
• Module 2: Security Breaches Overview & Vulnerability Experiences Current statistics and examples Impact of Data Compromises and Increasing Risk to Cardholder Data Compromise Case Study Examples
• Module 3: PCI DSS and related standards DSS Objectives Relationship to Industry Standards Compliance & Validation - key differences Payment Application Scope
• Module 4: PCI DSS Applicability and Scoping Important Cardholder Data concepts PCI DSS Scoping Statement Network Segmentation, Scoping examples
• Module 5: Compliance Validation Process What is PSR/AIS Compliance and Validation Levels Compliance versus Validation Overview of Scoping, Sampling and Compensating Controls
• Module 6: PSR/AIS Compliance Programs Security Initiatives & Industry Collaboration Merchant Levels and Validation Requirements
• Module 7: Industry Players & Transaction Lifecycle Important Definitions - Entities involved Important Definitions - Transaction Flow Transaction Flow - Authorisation, Clearing, Settlement
• Module 8: Cardholder Data, Finding and Eliminating Sensitive Authentication Data
• Module 9: Compensating Controls Definition, Myths, Facts Successfully Applying Compensating Controls, Analysing Risk Case Study Scenario and Discussion
• Module 10: PCI SSC Quality Assurance Program Intent & Lifecycle QA Scoring Matrix Program Feedback and Violations Investigation
• Module 11: Approved Scanning Vendors (ASVs) What is an ASV, Pass and Fail ASV Certification Criteria Common Vulnerability Scoring System (CVSS) Scan Report Analysis 15:00: Refreshments & Networking
• Module 12: New Standards and Emerging Technologies 12.1 Data Field Encryption / E2EE / P2PE 12.2 Wireless Network Guidelines 12.3 Virtualisation & Cloud Computing 12.4 Tokenisation
• Module 13: Call Centre Environments 13.1 Desktop Environment Scope 13.2 Call Recordings - SAD Data
• Module 14: Risk Assessments What is a Risk Assessment with regards to PCI DSS Risk Assessment Drivers Risk Assessment Methodologies

Day 2:

PCI Data Security Standard Requirements In-depth. Detailed explanations of PCI DSS Requirements and Audit Guidelines for all 6 Domains, containing the 12 Sections and related sub requirements including:

• PCI DSS Section 1 - Install and maintain a firewall configuration to protect cardholder data
• PCI DSS Section 2 - Do not use vendor-supplied defaults for system passwords and other security parameters
• PCI DSS Section 3 - Protect stored cardholder data
• PCI DSS Section 4 - Encrypt transmission of cardholder data across open, public networks
• PCI DSS Section 5 - Use and regularly update anti-virus software
• PCI DSS Section 6 - Develop and maintain secure systems and applications
• PCI DSS Section 7 - Restrict access to cardholder data by business need-to-know
• PCI DSS Section 8 - Assign a unique ID to each person with computer access
• PCI DSS Section 9 - Restrict physical access to cardholder data
• PCI DSS Section 10 - Track and monitor all access to network resources and CHD
• PCI DSS Section 11 - Regularly test security systems and processes
• PCI DSS Section 12 - Maintain a policy that addresses information security