To play, press and hold the enter key. To stop, release the enter key.

PCI DSS Implementation Training


PCI DSS  Implementation Training Course Features

PCI DSS, PA DSS and PTS are now considered the defacto payment card industry standards. All institutions or entities which store process or transmit card holder data are subject to compliance with these constantly evolving standards. Many organisations have achieved compliance whilst others are making significant progress in achieving compliance not without its challenges. Organisations still face a significant challenge of interpreting and applying this evolving set of standards as well as ensuring that compliance is maintained at all times, but more importantly addressing risk mitigation measures as threats evolve.

The PCI DSS Implementation Training is designed for card payments and IT specialists focused on managing and implementing all aspects of PCI compliance controls with their organisations. The training covers PCI DSS from an implementation perspective, also covered are guidelines on PA DSS, and PTS as well as additional best practices such as vulnerability assessment and secure software development. Delegates who attend this course will find many answers to pressing questions and are equipped with clear and practical guidance helping save effort, time and money.

PCI DSS  Implementation Training Objectives

  • Learn how to reduce your QSA costs and gain more control over the project;

  • Learn about key aspects of managing and maintaining compliance with key aspects such as change control and continuous compliance monitoring;

  • Gain an in-depth understanding of the PCI DSS standard and its relation to other PCI standards such as PTS DSS and PA DSS;

  • Find out about open source and commercial tools that help implement controls and secure systems.


Who should Attends PCI DSS Implementation Training

The training session focuses on technical issues, see the agenda for a full overview. Suitable for those concerned with coordinating, managing, and/or implementing PCI Compliance within their organisation, namely:

  • CSOs, CIO, CISO, System Security Executives, Software Developers

  • Incident Response Teams, PCI Project Managers

  • Information Security Managers, Compliance Managers

  • IT Audit, Payment Cards, Payment Systems or similar.


Overview of contents of PCI DSS Implementation Training

Security Breaches Overview & Vulnerability Experiences

  • Impact of Data Compromises and Increasing Risk to Cardholder Data

  • Compromise Examples

  • Compromise Discussion

PCI DSS and other standards

  • Intent of PCI DSS

  • Relationship to Industry Standards such as ISO 27001

  • Understanding key concepts: Compliance & Validation

  • Validation Levels and differences between Card Brands

  • Compliance & Validation Exercise

Securing Payment Applications

  • Payment Application DSS Scope & Requirements

  • Application Security and Industry Guidelines (OWASP)

  • Application Compromise Demonstration

PIN Transaction Security (PTS)

  • PTS Scope

  • PIN Management

PCI DSS Requirements explanation including the 12 Sections and sub requirements as well as practical examples, topics include:

  • Firewall configuration Standards and Settings

  • Network Segmentation and Firewall Rules

  • Vendors Defaults and Admin Access

  • System Configuration Standards

  • Cardholder Data Retention

  • Protecting Stored Data

  • Encrypting Cardholder Data

  • Encryption Key Management

  • Encrypting Sensitive Data over Public Networks

  • Using and updating anti-virus software principles

  • Updated Wireless Guidelines, End to End Encryption Patch management and change control

  • Software Development Controls

  • Secure Software Development

  • Web-facing Applications

Key Concepts: Understanding Card Data

  • CVV vs CVV2, Track 1 vs Track 2 Data, Full Track or Magnetic Stripe

  • Track Data Characteristics and Guidelines for Searching, MOD-10

PCI DSS Applicability and Scoping

  • Applicable Cardholder Data concepts

  • Scoping Procedure

  • Network Segmentation & Exercise

  • Scoping for Virtualization/Cloud Computing

  • Scoping Exercise

Understanding & Applying Compensating Controls

  • Understanding Scoping: Intent vs Requirement

  • Risk based approach: How to apply Compensating Controls

  • Compensating Controls Case S