0345 4506120

PCI-DSS Practitioner

Course Details

Name PCI-DSS Practitioner
Description
URL
Location:
Virtual Classroom
Start Date:
Working Days:
Price:
£999.00 +vat
was £1099.00
Availability:
Please Call
Exam:
Residential:
Course ID:
454367
Offer

Overview

This two day course, fully updated for the recently released PCI DSS v3.2 standard, provides a comprehensive introduction to the PCI DSS, and provides practical coverage of all aspects of implementing a Payment Card Industry Security Standard (PCI DSS) compliance programme.

Learning Objectives

Delegates will learn:

  •   The purpose of the PCI DSS and the requirement for protection of cardholder data.
  •   PCI DSS objectives and intent. Related PCI standards and programmes.
  •   How PCI DSS compliance is enforced by the payment brands.
  •   Compliance needs for merchants and service providers.
  •   Explanation of the different levels.
  •   How compliance must be reported by merchants and service providers.
  •   The 12 standard requirements.
  •   Scoping and applicability of the PCI DSS.
  •   Technical Implementation of the requirements.
  •   Project management.
  •   Maintaining compliance.
  •   Additional considerations for: call centres, encryption, software development, mobile
  •   payments, skimming.

Pre-Requisites

There are no pre-requisites. However, we recommend that all delegates read the Payment Card Industry Data Security Standard (PCI DSS) document downloadable from the PCI SSC website.

We further recommend that delegates familiarise themselves with standard, so that they come armed with questions about the control groups, and how they may be applied to their organisation.

Course Content

Day 1

  • Module 1: Overview of the PCI DSS Understanding Security DSS Lifecycle Process Requirements versus Frameworks
  • Module 2: Security Breaches Overview & Vulnerability Experiences Current statistics and examples Impact of Data Compromises and Increasing Risk to Cardholder Data Compromise Case Study Examples
  • Module 3: PCI DSS and related standards DSS Objectives Relationship to Industry Standards Compliance & Validation - key differences Payment Application Scope
  • Module 4: PCI DSS Applicability and Scoping Important Cardholder Data concepts PCI DSS Scoping Statement Network Segmentation, Scoping examples
  • Module 5: Compliance Validation Process What is PSR/AIS Compliance and Validation Levels Compliance versus Validation Overview of Scoping, Sampling and Compensating Controls
  • Module 6: PSR/AIS Compliance Programs Security Initiatives & Industry Collaboration Merchant Levels and Validation Requirements
  • Module 7: Industry Players & Transaction Lifecycle Important Definitions - Entities involved Important Definitions - Transaction Flow Transaction Flow - Authorisation, Clearing, Settlement
  • Module 8: Cardholder Data, Finding and Eliminating Sensitive Authentication Data
  • Module 9: Compensating Controls Definition, Myths, Facts Successfully Applying Compensating Controls, Analysing Risk Case Study Scenario and Discussion
  • Module 10: PCI SSC Quality Assurance Program Intent & Lifecycle QA Scoring Matrix Program Feedback and Violations Investigation
  • Module 11: Approved Scanning Vendors (ASVs) What is an ASV, Pass and Fail ASV Certification Criteria Common Vulnerability Scoring System (CVSS) Scan Report Analysis 15:00: Refreshments & Networking
  • Module 12: New Standards and Emerging Technologies 12.1 Data Field Encryption / E2EE / P2PE 12.2 Wireless Network Guidelines 12.3 Virtualisation & Cloud Computing 12.4 Tokenisation
  • Module 13: Call Centre Environments 13.1 Desktop Environment Scope 13.2 Call Recordings - SAD Data
  • Module 14: Risk Assessments What is a Risk Assessment with regards to PCI DSS Risk Assessment Drivers Risk Assessment Methodologies

Day 2:

PCI Data Security Standard Requirements In-depth. Detailed explanations of PCI DSS Requirements and Audit Guidelines for all 6 Domains, containing the 12 Sections and related sub requirements including:

  • PCI DSS Section 1 - Install and maintain a firewall configuration to protect cardholder data
  • PCI DSS Section 2 - Do not use vendor-supplied defaults for system passwords and other security parameters
  • PCI DSS Section 3 - Protect stored cardholder data
  • PCI DSS Section 4 - Encrypt transmission of cardholder data across open, public networks
  • PCI DSS Section 5 - Use and regularly update anti-virus software
  • PCI DSS Section 6 - Develop and maintain secure systems and applications
  • PCI DSS Section 7 - Restrict access to cardholder data by business need-to-know
  • PCI DSS Section 8 - Assign a unique ID to each person with computer access
  • PCI DSS Section 9 - Restrict physical access to cardholder data
  • PCI DSS Section 10 - Track and monitor all access to network resources and CHD
  • PCI DSS Section 11 - Regularly test security systems and processes
  • PCI DSS Section 12 - Maintain a policy that addresses information security

Attend From Anywhere

Description:

How Attend from Anywhere works

Our ‘Attend from Anywhere’ courses allow you to access award-winning classroom training without leaving your home or office. We use WebEx web and video conferencing platform by Cisco. Before you book you should check to ensure you meet the WebEx system requirements and run a test meeting to ensure the software is compatible with your firewall settings (if it doesn’t work you should adjust your settings or contact your IT department about permitting the website).

WebEx system requirements >

Run a WebEx test meeting >

  • Up to three weeks before the start of the course we will send you Joining Instructions by email.
  • You should enter ‘My Virtual Account’ to update your address for courseware and book a pre-test with a member of the Virtual Learning Team, who will check everything works.
  • 15 minutes before the course begins you should launch the software, connect your audio and familiarise yourself with the interface and how the virtual interactions work.
  • The course will be split into multiple sessions, with short breaks in between so you can stay focused and refreshed.
  • Throughout the course the learning professional will use an electronic whiteboard, which will transmit all the notes directly to your screen.
  • You can ask the learning professional a question at any time, either by simply speaking aloud through your microphone or by clicking the virtual ‘raise-a-hand’ button on the interface.
  • Towards the end of the course there will be plenty of time for detailed Q&As with the learning professional, just as if you were physically in the classroom.
  • Following the course you will be asked to complete a course evaluation form, which will allow you to give detailed feedback on your experience and help us to make future improvements.
  • For four weeks after the course has finished you will have on-demand access to helpful videos on the subject matter, and we may send you useful emails reminding you of the ‘Key Learning Points’.

Benefits of Attend from Anywhere

Access to experts

Receive full support from our subject-matter experts for the duration of your course.

Convenient

Access your training from home, the office, or anywhere with internet access.

Cost-effective

Save money on training and expenses like transport, hotels, meals and childcare.

Quality

Our technology makes our online courses the same high quality as our classroom training.

Time-efficient

Reduce time out of the office and time spent travelling to and from training centres.

FAQ

What equipment do I need for an Attend from Anywhere course?

You will need an internet-connected computer and a USB headset with an in-built mic to interact with the trainer. Two monitors are recommended; one to stream the video from the classroom and the other to display the interactive interface.

How reliable are Attend from Anywhere courses?

We use leading Cisco technology and our classrooms are specifically optimised to improve sound quality for remote attendees. We also offer a pre-test so you can test everything is working before the course starts.

How are remote attendees made to fell included?

Our trainers are specially trained on how to interact with remote attendees and our technology allows them to take over remote PCs. Our remote labs ensure all participants can take part in hands-on class exercises wherever they are.

What makes Attend from Anywhere courses cost effective?

Our technology makes our Attend from Anywhere courses the same high-quality experience as our classroom training, so we do not price them differently. However, organisations and individuals do make significant financial savings by booking this type of course when associated costs (such as travel, expenses, hotels, food and childcare) are factored in.

How can I take the exam remotely?

You may be able to take your exam via one of our accredited remote live proctors. Where this is not possible you may be issued with an exam voucher or required to attend a classroom in order to take the exam. Please contact us for specific details in relation to your course.

If you are able to take your exam remotely you need to book it before the course begins  and switch on a webcam to enable invigilation and show photo ID (please note that exam slots are subject to availability with the live proctors and may not be available during the week of the exam. Exam slots are booked on a first come first served basis).

Click here to test if your hardware is compatible

 

Exam

This course, updated for 2018, is now aligned to the PCI Security Standards Council PCI-P exam syllabus.

The exam cost and voucher is not included in the course, delegates wishing to take this exam should book this exam independently via the PCI Security Council Standard Website.

Our Customers Include