Cookies disclaimer

I agree Our site saves small pieces of text information (cookies) on your device in order to deliver better content and for statistical purposes. You can disable the usage of cookies by changing the settings of your browser. By browsing our website without changing the browser settings you grant us permission to store that information on your device.

PCI DSS, PA DSS and PTS are now considered the defacto payment card industry standards. All institutions or entities which store process or transmit card holder data are subject to compliance with these constantly evolving standards. Many organisations have achieved compliance whilst others are making significant progress in achieving compliance not without its challenges. Organisations still face a significant challenge of interpreting and applying this evolving set of standards as well as ensuring that compliance is maintained at all times.
The PCI DSS 3.2 Training is designed for card payments and IT specialists focused on managing and implementing all aspects of PCI DSS. The intensive training covers key aspects related to implementation and ongoing management as well as best practices. Delegates who attend this course will find many answers to pressing questions and are equipped with clear and practical guidance helping save effort, time and money.

Days Remaining

181

Days left for early bird

61

seat(s) left

20

Objectives

Gain an in-depth understanding of the PCI DSS standard and its relation to other PCI standards such as PTS DSS and PA DSS
A unique opportunity to gain insight from multiple perspectives on gap analysis, remediation and assessment issues from certified ISAs & QSAs with years of experience in the field.
Practical demonstrations and guidance on interpretation, sampling, applicability and importance of PCI DSS controls.
Gain In-depth understanding of Interpretation, Scoping, Network Segmentation, Compensation Controlsand Control Applicability with practical case studies and group exercises.
Learn key concepts surrounding PCI Project Management, Reporting,m Prioritisation and Risk Management.
Keep up to date with the latest changes to the standard and how they affect your compliance status
Learn how to reduce your QSA costs and gain more control over the project
Learn about key aspects of managing and maintaining compliance with key aspects such as change control and continuous compliance monitoring

Who Attends

CSOs, Security Management
CIO, IT Management
CISO, Information Security Manager
Network & System Security
Application Software Developers & Administrators
Business Continuity & Incident Response Teams
Compliance/PCI Project Managers
Internal Audit & Compliance Managers
And anyone generally interested in learning about PCI DSS in depth

It is recommended that attendees are familiar with key payment card industry terminology prior to attending the course.

Testimonials

Hundreds of delegates from all over the world have attended LiquidNexxus training sessions. Here are some testimonials related to this course/event.

View More Testimonials

Agenda

Introduction and Context - Payment Card Industry Threats

Security Breach Reports Overview
Attack Vector Analysis

Payment Card Industry Stakeholders Overview & Their Relationship with PCI DSS

About the PCI SSC
Card Brand Compliance Programs
Standards Applicability & Levels
  • Merchants, Service Providers
  • PCI DSS , PA DSS, PTS
Knowledge Check

Scoping & Network Segmentation

Applicable Cardholder Data concepts
Understanding & Finding Card Data 
  • CVV vs CVV2, Track 1 vs Track 2 Data, Full Track or Magnetic Stripe
  • Track Data Characteristics and Guidelines for Searching,  MOD-10
Card Data Flow & Network Diagrams
Segmentation and Sampling of Business Facilities/System Components 
  • Scoping Procedure
  • Network Segmentation & Exercise

Prioritising Compliance & Security: Risk Assessment Guidelines 

PCI DSS Requirement 12.1.2
Risk Management Strategy, Assessments 
Prioritised Approach. 
  • Remove sensitive authentication data and limit data retention. 
  • Protect systems and networks, and be prepared to respond to a system breach.  
  • Secure payment card applications
  • Monitor and control access to your systems.  
  • Protect stored cardholder data.
Risk Assessments
  • Risk Assessment Team 
  • Risk Assessment Methodology.
Third-Party Risks 
Reporting, Critical Success Factors 
Knowledge Check

Compensating Controls

Compensating Controls Worksheet
Case Study

PCI DSS Requirements and Security Assessment Procedures

PCI DSS Assessment Process
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
  • Case Study
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
  • Case Study
Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs
Requirement 6: Develop and maintain secure systems and applications
  • Case Study
Requirement 7: Restrict access to cardholder data by business need to know.
Requirement 8: Identify and authenticate access to system components 
Requirement 9: Restrict physical access to cardholder data
  • Skimming Fraud (ATM & POS card reader manipulation)
  • Case Study
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
  • Case Study
Requirement 12: Maintain a policy that addresses information security for all personnel
  • Case Study
A.1: Shared hosting providers must protect the cardholder data environment 
  • Case Study

Reporting

Report on Compliance (ROC) Reporting Template and Reporting Instructions 
Self-assessment Questionnaires (SAQs) and SAQ Instructions and Guidelines 
Attestations of Compliance (AOCs) 
Case Study

Supporting Organisations

This event is supported by the following organisations…

Strategic Partner
Savannah Training Solutions

Savannah Training Solutions

We are a Kenyan based firm whose main objective is to offer internationally recognized best management practice schemes and a range of IT and general management certifications based on international standards and best practices as well as offering executive education. Savannah Training Solutions Ltd provides accredited training and consultancy services in Africa from its Head Office in Nairobi -Kenya.

Venue

Windsor Golf Hotel and Country Club

Enquiries

Next Sessions

LiquidNexxus regularly hosts open training sessions globally, below is a list of courses related to this course which are currently scheduled. If your region is not listed or you would like to discuss inhouse training or partnership please contact us.

View Full Schedule

Keywords

The website keywords. Click on one to see associated contents.