www.isocertificationtrainingcourse.org registrar@isocertificationtrainingcourse.org
PCI DSS Implementation Training PCI DSS Implementation Training Course Features PCI DSS, PA DSS and PTS are now considered the defacto payment card industry standards. All institutions or entities which store process or transmit card holder data are subject to compliance with these constantly evolving standards. Many organisations have achieved compliance whilst others are making significant progress in achieving compliance not without its challenges. Organisations still face a significant challenge of interpreting and applying this evolving set of standards as well as ensuring that compliance is maintained at all times, but more importantly addressing risk mitigation measures as threats evolve. The PCI DSS Implementation Training is designed for card payments and IT specialists focused on managing and implementing all aspects of PCI compliance controls with their organisations. The training covers PCI DSS from an implementation perspective, also covered are guidelines on PA DSS, and PTS as well as additional best practices such as vulnerability assessment and secure software development. Delegates who attend this course will find many answers to pressing questions and are equipped with clear and practical guidance helping save effort, time and money. PCI DSS Implementation Training Objectives â—? Learn how to reduce your QSA costs and gain more control over the project;
● Learn about key aspects of managing and maintaining compliance with key aspects such as change control and continuous compliance monitoring; ● Gain an in-depth understanding of the PCI DSS standard and its relation to other PCI standards such as PTS DSS and PA DSS; ● Find out about open source and commercial tools that help implement controls and secure systems. Who should Attends PCI DSS Implementation Training The training session focuses on technical issues, see the agenda for a full overview. Suitable for those concerned with coordinating, managing, and/or implementing PCI Compliance within their organisation, namely: ● CSOs, CIO, CISO, System Security Executives, Software Developers ● Incident Response Teams, PCI Project Managers ● Information Security Managers, Compliance Managers ● IT Audit, Payment Cards, Payment Systems or similar. Overview of contents of PCI DSS Implementation Training Security Breaches Overview & Vulnerability Experiences ● Impact of Data Compromises and Increasing Risk to Cardholder Data ● Compromise Examples ● Compromise Discussion PCI DSS and other standards ● Intent of PCI DSS ● Relationship to Industry Standards such as ISO 27001 ● Understanding key concepts: Compliance & Validation ● Validation Levels and differences between Card Brands ● Compliance & Validation Exercise Securing Payment Applications ● Payment Application DSS Scope & Requirements ● Application Security and Industry Guidelines (OWASP) ● Application Compromise Demonstration PIN Transaction Security (PTS) ● PTS Scope ● PIN Management PCI DSS Requirements explanation including the 12 Sections and sub requirements as well as practical examples, topics include: ● Firewall configuration Standards and Settings ● Network Segmentation and Firewall Rules ● Vendors Defaults and Admin Access ● System Configuration Standards ● Cardholder Data Retention ● Protecting Stored Data
● ● ● ● ●
Encrypting Cardholder Data Encryption Key Management Encrypting Sensitive Data over Public Networks Using and updating anti-virus software principles Updated Wireless Guidelines, End to End Encryption Patch management and change control ● Software Development Controls ● Secure Software Development ● Web-facing Applications Key Concepts: Understanding Card Data ● CVV vs CVV2, Track 1 vs Track 2 Data, Full Track or Magnetic Stripe ● Track Data Characteristics and Guidelines for Searching, MOD-10 PCI DSS Applicability and Scoping ● Applicable Cardholder Data concepts ● Scoping Procedure ● Network Segmentation & Exercise ● Scoping for Virtualization/Cloud Computing ● Scoping Exercise Understanding & Applying Compensating Controls ● Understanding Scoping: Intent vs Requirement ● Risk based approach: How to apply Compensating Controls ● Compensating Controls Case Study Scenario and Discussion Scope Reduction: Tokenization/Encryption ● Understanding Encryption applied to PCI DSS ● The Tokenization Concept ● Encryption/Tokenisation Case Study ● End to End (E2E) encryption ● Restricting access to cardholder data ● Unique User Ids ● Two-Factor Authentication ● User Authentication ● Restricting physical access to cardholder data ● Maintaining Information Security policies ● Employee Acceptable Use Policy ● Information Security Management Responsibilities ● Employee Education and Screening ● Service Provider Requirements ● Incident Response Planning ● Virtualization, tokenization, Cloud computing ● Logging Access to Cardholder Data ● Monitoring Access to Cardholder Data ● Vulnerability Scans and Penetration Testing
● IDS and FIM PCI DSS Implementation Training Achievement Upon successful completion of the course a Certificate of “PCIDSS Lead Implementer Training” will be issued. CPD-40 CEU-4.0 PCI DSS Implementation Training Duration- 05 days PCI DSS Implementation Training Calendar [ Click here ] Value added PCI DSS Implementation Training Accelerate learning with the expert faculty Lead Auditors and Principal Trainers from the Industry. PCI DSS Implementation Learning from the "Specialist Expert" has many advantages:● It will drastically change the way of thinking and basic approach towards the Management System Standards. ● You would cherish & Benchmark our training for a very long time to come. ● No fictitious case studies you can not connect with. ● Real time examples, real time scenarios you can quickly relate to. ● Complete Focus on your systems, processes and line of businesses. ● 100% involvement and engagement of the participants ● Learn to make the ISO Standard sweat to:A). Improve the profits. B). Reduce rework, defects, customer rejections, wastage,& cost of operation C). Enhance customer delight D). Reduce attrition of customers and employees E). Enhance confidence of all stakeholders PCI DSS Implementation