HOME
 

PCI-DSS Practitioner

Focus on Training
Course summary
2 days
805 GBP excl. VAT
Manchester
Open / Scheduled

Course description

PCI-DSS Practitioner

This two day course, fully updated for the recently released PCI DSS v3.2 standard, provides a comprehensive introduction to the PCI DSS, and provides practical coverage of all aspects of implementing a Payment Card Industry Security Standard (PCI DSS) compliance programme

Suitability - Who should attend?

Pre-Requisites

There are no pre-requisites.

However, we recommend that all participants read the Payment Card Industry Data Security Standard (PCI DSS) document downloadable from the PCI SSC website.

We further recommend that participants familiarise themselves with standard, so that they come armed with questions about the control groups, and how they may be applied to their organisation.

Training Course Content

Day 1

Module 1:

  • Overview of the PCI DSS Understanding Security DSS Lifecycle Process Requirements versus Frameworks

Module 2:

  • Security Breaches Overview & Vulnerability Experiences Current statistics and examples Impact of Data Compromises and Increasing Risk to Cardholder Data Compromise Case Study Examples

Module 3:

  • PCI DSS and related standards DSS Objectives Relationship to Industry Standards Compliance & Validation - key differences Payment Application Scope

Module 4:

  • PCI DSS Applicability and Scoping Important Cardholder Data concepts PCI DSS Scoping Statement Network Segmentation, Scoping examples

Module 5:

  • Compliance Validation Process What is PSR/AIS Compliance and Validation Levels Compliance versus Validation Overview of Scoping, Sampling and Compensating Controls

Module 6:

  • PSR/AIS Compliance Programs Security Initiatives & Industry Collaboration Merchant Levels and Validation Requirements

Module 7:

  • Industry Players & Transaction Lifecycle Important Definitions - Entities involved Important Definitions - Transaction Flow Transaction Flow - Authorisation, Clearing, Settlement

Module 8:

  • Cardholder Data, Finding and Eliminating Sensitive Authentication Data

Module 9:

  • Compensating Controls Definition, Myths, Facts Successfully Applying Compensating Controls, Analysing Risk Case Study Scenario and Discussion

Module 10:

  • PCI SSC Quality Assurance Program Intent & Lifecycle QA Scoring Matrix Program Feedback and Violations Investigation

Module 11:

  • Approved Scanning Vendors (ASVs) What is an ASV, Pass and Fail ASV Certification Criteria Common Vulnerability Scoring System (CVSS) Scan Report Analysis 15:00: Refreshments & Networking

Module 12:

  • New Standards and Emerging Technologies 12.1 Data Field Encryption / E2EE / P2PE 12.2 Wireless Network Guidelines 12.3 Virtualisation & Cloud Computing 12.4 Tokenisation

Module 13:

  • Call Centre Environments 13.1 Desktop Environment Scope 13.2 Call Recordings - SAD Data

Module 14:

  • Risk Assessments What is a Risk Assessment with regards to PCI DSS Risk Assessment Drivers Risk Assessment Methodologies

Day 2:

PCI Data Security Standard Requirements In-depth.

Detailed explanations of PCI DSS Requirements and Audit Guidelines for all 6 Domains, containing the 12 Sections and related sub requirements including:

  • PCI DSS Section 1 - Install and maintain a firewall configuration to protect cardholder data
  • PCI DSS Section 2 - Do not use vendor-supplied defaults for system passwords and other security parameters
  • PCI DSS Section 3 - Protect stored cardholder data
  • PCI DSS Section 4 - Encrypt transmission of cardholder data across open, public networks
  • PCI DSS Section 5 - Use and regularly update anti-virus software
  • PCI DSS Section 6 - Develop and maintain secure systems and applications
  • PCI DSS Section 7 - Restrict access to cardholder data by business need-to-know
  • PCI DSS Section 8 - Assign a unique ID to each person with computer access
  • PCI DSS Section 9 - Restrict physical access to cardholder data
  • PCI DSS Section 10 - Track and monitor all access to network resources and CHD
  • PCI DSS Section 11 - Regularly test security systems and processes
  • PCI DSS Section 12 - Maintain a policy that addresses information security

About provider

Focus on Training

Focus on Training: Best Practice Skills from the Specialists

Focus on Training is a professional training company specialising in offering accredited Project Management and IT programmes. With over 10,000 courses offered in over 100 locations throughout the United Kingdom, Focus is a premier training provider. All programmes can be booked online...


Read more and show all courses with this provider

Request info

Fill out your details to find out more about PCI-DSS Practitioner.

  Contact the provider

  Get more information

  Register your interest

Contact info

Focus on Training

Olympus House, Werrington Centre
PE4 6NA Peterborough

 Show phone number
www.focus-on-training.co.uk


Request information

Find out more about this PCI-DSS Practitioner course - simply fill out your details:

 
U.K. L&D Report: 2018 - Benchmark Your Workplace Learning Strategy

Are you curious about the L&D strategies of some of the U.K.'s top companies?

Find out what they're up to in findcourses.co.uk's first annual U.K. L&D Report!

UK L&D Report

Learn more

 
Find a course for you!

  Read the course
 summary on this page

 Fill in your details and Request information

 Receive all the info you need

 
Find more courses here