PCI-DSS ver. 3.2.1 (Payment Card Industry Data Security Standard) Implementation Training
This 2 day PCI DSS v3.2.1 Implementation Training is primarily aimed at enabling you to understand and implement PCI DSS 3.2.1 Standard successfully in your organization. You will gain a clear conception of the various requirements of the Payment Card Industry Standards, and discover the intent behind each of its requirements.
This Workshop is primarily aimed at enabling delegates to understand and implement PCI DSS Standard successfully in their organization. Delegates will gain a clear understanding of the various requirements of the Payment Card Industry Standards, and discover the intent behind each of its requirements.
The standard basically requires to:
- Build and maintain a secure IT network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
Who should attend this training?
- Those who will be involved in advising top management on the introduction of PCI DSS ver.3.2.1 into an organization
- Designed for those with implementing PCI DSS 3.2.1 responsibility
- Those planning to implement a system or new to managing a system
- Anyone working within information security, including consultants.
Day – 1
- What is PCIDSS 3.2.1 and its purpose
- Payment Transaction Flow
- Merchant levels and Service provider levels
- SAQ types and reporting requirements
- Card holder data discovery
- Scoping the Cardholder Data Environment
- Req.1 – Install and maintain a firewall configuration
- Req.2 – Do not use vendor – supplied defaults for system passwords
- Req. 3 – Protect stored card holder data
- Req. 4 – Encrypt transmission of card holder data across open and public networks
Day – 2
- Req. 5 - Protect all systems against malware and regularly update anti-virus
- Req. 6 - Develop and maintain secure systems and applications
- Req. 7 - Restrict access to cardholder data by business need to know
- Req. 8 - Identify and authenticate access to system components
- Req. 9 - Restrict physical access to cardholder data
- Req. 10 - Track and Monitor all access to network resources and cardholder data
- Req. 11 - Regularly test security systems and processes
- Req. 12 - Maintain a policy that addresses information security for all personnel
- Q and A Session
- Appendix A
What will you learn?
Upon completion of this training, delegates will be able to:
- Gain an understanding of the Payment Card Industry.
- An understanding of PCI DSS to ensure better protection of cardholder data.
- Conduct a base line review of the organizations current position with regard to PCI DSS ver. 3.2.1
- Interpret the requirements of PCI DSS ver. 3.2.1 from an implementation perspective in the context of their organization
- Implement PCI DSS ver. 3.2.1 in the organisation
Candidates should have and basic understanding and experience in Information Security standards such as ISO 27001.
- Refreshments/ Lunch
- Course Folder
- Pen and Notepad
- Certificate of attendance
- Loan copy of the standard (to be returned after the course)