The Payment Card Industry (PCI) Data Security Standard (DSS) applies to every entity or organization that stores, processes, or transmits cardholder data. In this course, you will learn about the standard in detail and all its requirement.Along with that you will learn about various terminologies which are required to understand PCI DSS Compliance.
You will learn PCI DSS is STANDARD OR REGULATION ( No of Candidates have confusion around the same)
This course provides essential knowledge so that one can understand the Payment Card Industry Data Security Standard (PCI DSS). It will providing additional insight into both the standard and the compliance process.
You will learn intention of each of the 12 PCI DSS requirements and how these requirements will be accessed by a Qualified Security Assessor (QSA) to share information about the compliance readiness
For easy understanding complete course is divided in 10 Sections and topics covered in respective sections are defined as follows:
In Section 1 following topics are covered
- Background – PCI DSS Standard
- History – PCI DSS Standard
- What do mean by PCI DSS
- Why you should get PCI Compliant
- Confusion around PCI DSS
In Section 2 following topics are covered wherein most common terminologies used in PCI DSS are covered.
- What do Merchants, Provider or Issuers Mean ?
- What is a Qualified Security Assessor (QSA)?
- Who is ISA (Internal Security Assessor) ?
- What is (SAQ) Self-Assessment Questionnaire ?
- What is (AOC ) Attestation of Compliance ?
- What is (RoC) Report on Compliance ?
In Section 3 following topics are covered wherein concepts like PCI DSS Scope and Its Requirements are covered in detail
- How Card transaction work (Explained in 8 Steps)
- PCI DSS Applicability
- Systems In Scope of PCI DSS
- 6 Goals and 12 requirements
- Imp- Structure of PCI DSS Standard
In Section 4 is about Goal 1 (Build and Maintain a Secure Network) wherein underlying Requirements are covered in detail
- Req 1: Install and maintain a firewall configuration to protect cardholder data
- Req 2: Don’t use vendor-supplied defaults for system passwords
In Section 5 is about Goal 2 (Protect Card Holder data) wherein underlying Requirements are covered in detail
- Req 3: Protect stored cardholder data
- Req 4 : Encrypt transmission of cardholder data across open, public networks
In Section 6 is about Goal 3 (Maintain a Vulnerability Management Program) wherein underlying Requirements are covered in detail
- Req-5: Use and regularly update antivirus software or programs
- Req-6 : Develop and maintain secure systems and applications
In Section 7 is about Goal 4 (Implement Strong Access Control Measures) wherein underlying Requirements are covered in detail
- Req-7 : Restrict access to cardholder data by business need to know
- Req-8 : Assign a unique ID to each person with computer access
- Req-9 : Restrict physical access to cardholder data
In Section 8 is about Goal 5 (Goal-5 : Regularly Monitor and Test Networks) wherein underlying Requirements are covered in detail
- Req-10 : Track and monitor all access to network resources and cardholder data
- Req-11 : Regularly test security systems and processes
In Section 9 is about Goal 6 (Goal-6 : Maintain an Information Security Policy) wherein underlying Requirements are covered in detail
- Req-12 : Maintain a policy that addresses information security for all personnel
In Section 10 we have covered following topics which helps you to understand as how Verification of PCI Compliance can be done
- Levels of PCI Compliance/Merchant Levels
- Scanning by ASV (APPROVED SCANNING VENDOR)
- Verifying Compliance with PCI
- Validating a Requirement is in Place
- Meeting the reporting requirement of PCI DSS
Who this course is for:
- Internal Auditors
- IT Professionals
- Cyber Security Managers
- Engineers, Architects, Compliance officers
- Professionals working in organizations where PCI-DSS applies