If you do not know the subject well enough

You can not explain it simply enough

Albert Einstein
With decades of hands on Industry Experience, and hundreds of
ISO audits, our Principal Trainers help you translate:-
In fact, we do not teach you, but involve you and engage you one
Hundred percent. To ideate, to discuss, to brainstorm.
Are you Ready to get involved?
 www.isocertificationtrainingcourse.org
registrar@isocertificationtrainingcourse.org

PCI DSS Implementation Training

PCI DSS Implementation Training Course Features

PCI DSS, PA DSS and PTS are now considered the defacto payment card industry
standards. All institutions or entities which store process or transmit card holder data
are subject to compliance with these constantly evolving standards. Many organisations
have achieved compliance whilst others are making significant progress in achieving
compliance not without its challenges. Organisations still face a significant challenge of
interpreting and applying this evolving set of standards as well as ensuring that
compliance is maintained at all times, but more importantly addressing risk mitigation
measures as threats evolve.
The PCI DSS Implementation Training is designed for card payments and IT specialists
focused on managing and implementing all aspects of PCI compliance controls with their
organisations. The training covers PCI DSS from an implementation perspective, also
covered are guidelines on PA DSS, and PTS as well as additional best practices such as
vulnerability assessment and secure software development. Delegates who attend this
course will find many answers to pressing questions and are equipped with clear and
practical guidance helping save effort, time and money.

PCI DSS Implementation Training Objectives

Learn how to reduce your QSA costs and gain more control over the project;
Learn about key aspects of managing and maintaining compliance with key aspects
such as change control and continuous compliance monitoring;
Gain an in-depth understanding of the PCI DSS standard and its relation to other
PCI standards such as PTS DSS and PA DSS;
Find out about open source and commercial tools that help implement controls
and secure systems.

Who should Attends PCI DSS Implementation Training

The training session focuses on technical issues, see the agenda for a full overview.
Suitable for those concerned with coordinating, managing, and/or implementing PCI
Compliance within their organisation, namely:
CSOs, CIO, CISO, System Security Executives, Software Developers
Incident Response Teams, PCI Project Managers
Information Security Managers, Compliance Managers
IT Audit, Payment Cards, Payment Systems or similar.

Overview of contents of PCI DSS Implementation Training

Security Breaches Overview & Vulnerability Experiences
Impact of Data Compromises and Increasing Risk to Cardholder Data
Compromise Examples
Compromise Discussion
PCI DSS and other standards
Intent of PCI DSS
Relationship to Industry Standards such as ISO 27001
Understanding key concepts: Compliance & Validation
Validation Levels and differences between Card Brands
Compliance & Validation Exercise
Securing Payment Applications
Payment Application DSS Scope & Requirements
Application Security and Industry Guidelines (OWASP)
Application Compromise Demonstration
PIN Transaction Security (PTS)
PTS Scope
PIN Management
PCI DSS Requirements explanation including the 12 Sections and sub requirements as
well as practical examples, topics include:
Firewall configuration Standards and Settings
Network Segmentation and Firewall Rules
Vendors Defaults and Admin Access
System Configuration Standards
Cardholder Data Retention
Protecting Stored Data
Encrypting Cardholder Data
Encryption Key Management
Encrypting Sensitive Data over Public Networks
Using and updating anti-virus software principles
Updated Wireless Guidelines, End to End Encryption Patch management and
change control
Software Development Controls
Secure Software Development
Web-facing Applications
Key Concepts: Understanding Card Data
CVV vs CVV2, Track 1 vs Track 2 Data, Full Track or Magnetic Stripe
Track Data Characteristics and Guidelines for Searching, MOD-10
PCI DSS Applicability and Scoping
Applicable Cardholder Data concepts
Scoping Procedure
Network Segmentation & Exercise
Scoping for Virtualization/Cloud Computing
Scoping Exercise
Understanding & Applying Compensating Controls
Understanding Scoping: Intent vs Requirement
Risk based approach: How to apply Compensating Controls
Compensating Controls Case Study Scenario and Discussion
Scope Reduction: Tokenization/Encryption
Understanding Encryption applied to PCI DSS
The Tokenization Concept
Encryption/Tokenisation Case Study
End to End (E2E) encryption
Restricting access to cardholder data
Unique User Ids
Two-Factor Authentication
User Authentication
 Restricting physical access to cardholder data
Maintaining Information Security policies
Employee Acceptable Use Policy
Information Security Management Responsibilities
Employee Education and Screening
Service Provider Requirements
Incident Response Planning
Virtualization, tokenization, Cloud computing
Logging Access to Cardholder Data
Monitoring Access to Cardholder Data
Vulnerability Scans and Penetration Testing
IDS and FIM

PCI DSS Implementation Training Achievement

Upon successful completion of the course a Certificate of PCIDSS Lead Implementer
Training will be issued.
CPD-40
CEU-4.0

PCI DSS Implementation Training Duration- 05 days

PCI DSS Implementation Training Calendar [ Click here ]

Value added PCI DSS Implementation Training

Accelerate learning with the expert faculty Lead Auditors and Principal Trainers from
the Industry. PCI DSS Implementation Learning from the "Specialist Expert" has many
advantages:-
It will drastically change the way of thinking and basic approach towards the
Management System Standards.
You would cherish & Benchmark our training for a very long time to come.
No fictitious case studies you can not connect with.
Real time examples, real time scenarios you can quickly relate to.
Complete Focus on your systems, processes and line of businesses.
100% involvement and engagement of the participants
Learn to make the ISO Standard sweat to:-
A). Improve the profits.
B). Reduce rework, defects, customer rejections, wastage,& cost of operation
C). Enhance customer delight
D). Reduce attrition of customers and employees
E). Enhance confidence of all stakeholders
PCI DSS Implementation