PCI-DSS Practitioner

• Understand the online payment concept 
• Network Fundamentals 
• Basics of Information Security 
• Work experience in an IT or IT-related role

This instructor-led, live Payment Card Industry Professional training (online or onsite) provides an individual qualification for industry practitioners who wish to demonstrate their professional expertise and understanding of the PCI Data Security Standard (PCI DSS).

By the end of this training, participants will be able to:

• Understand the payment process and the PCI standards designed to protect it.
• Understand the roles and responsibilities for entities involved in the payment industry.
• Have deep insight into, and understanding of, the 12 PCI DSS requirements.
• Demonstrate knowledge of PCI DSS and how it applies to organizations that are involved in the transaction process.

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

Introduction

Understanding PCI-DSS

• Introduction to PCI-DSS
• Importance of PCI-DSS compliance
• Key objectives of PCI-DSS

PCI-DSS Standards and Requirements

• Overview of PCI-DSS requirements
• The 12 PCI-DSS requirements
  • Build and maintain a secure network and systems
  • Protect cardholder data
  • Maintain a vulnerability management program
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

PCI-DSS Compliance and Assessment

• PCI-DSS compliance process
• Roles and responsibilities in PCI-DSS compliance
• Types of PCI-DSS assessments (SAQ, ROC)
• Working with Qualified Security Assessors (QSAs)

Scoping and Segmentation

• Defining the cardholder data environment (CDE)
• Scoping PCI-DSS
• Network segmentation and its importance

Building and Maintaining a Secure Network

• Firewalls and router configurations
• Securing network components
• Wireless networking security

Protecting Cardholder Data

• Data encryption and masking techniques
• Protecting stored cardholder data
• Secure transmission of cardholder data

Maintaining a Vulnerability Management Program

• Regular updates and patch management
• Identifying and mitigating vulnerabilities
• Anti-virus and anti-malware solutions

Implementing Strong Access Control Measures

• Access control policies and procedures
• Managing user access and authentication
• Physical security controls

Regularly Monitoring and Testing Networks

• Monitoring network traffic and logs
• Conducting vulnerability scans
• Penetration testing best practices

Maintaining an Information Security Policy

• Developing and implementing security policies
• Security awareness training for employees
• Incident response planning

Preparing for a PCI-DSS Audit

• Preparing documentation and evidence
• Conducting internal audits
• Addressing non-compliance issues

Summary and Next Steps