The PCI DSS is a security standard that addresses security management, network architecture, software design and other critical protective measures and the policies and procedures used during implementation of these standards. PCI DSS is intended to help businesses and organizations apply forethought and measurements to protect customer account data.
This course is designed to provide the learner with a working knowledge of compliance, primarily with PCI. This includes the DSS (Data Security Standards), processes and requirements that businesses must adhere to in order to accept payments and to store, process and transmit cardholder data. In addition, the concepts of PCI-DSS are generalized and related to broader trends and emerging issues in information assurance and IT security
The following topics covered will be:
- PCI DSS overview 2.0 including key terminology
- PCI reporting requirements
- Testing procedures for validating compliance
- Payment transaction flows & service provider relationships
- Compliance key players – QSA, PA-QSA, ISA, ASV, etc.
PCI Break Down (Control Objectives and Associated Standards)
- Build and Maintain a Secure Network through network architecture, segmentation and active surveillance
- Protect Cardholder Data through data isolation, access controls and security in depth
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks with active surveillance and ongoing auditign
- Maintain an Information Security Policy
- Address cloud integration
This course is designed for a wide range of candidates that need to understand the importance of payment card data security and PCI Compliance requirements. It is especially designed for: Managers, Business Analysts, IT Auditors, Financial/Operational Auditors, Finance Managers, IS Managers, IT Specialists, Project/Program Analysts, Security Analysts, Software Engineers, System Administrators.