PCI DSS Implementation Training Conducted by Industry Experts, customized for you & connect with relevance to your Industry & Processes

1. “If you do not know the subject well enough
You can not explain it simply enough”
Albert Einstein

2. With decades of hands on Industry Experience, and hundreds of
ISO audits, our Principal Trainers help you translate:-

3. Infact we do not teach you, but involve you and engage you one
hundred percent. To ideate, to discuss, to brainstorm.
Are you Ready to get involved?

4. www.isocertificationtrainingcourse.org
registrar@isocertificationtrainingcourse.org
PCI DSS Implementation Training
PCI DSS Implementation Training Course Features
PCI DSS, PA DSS and PTS are now considered the defacto payment card industry
standards. All institutions or entities which store process or transmit card holder data
are subject tocompliancewith theseconstantlyevolving standards. Manyorganisations
have achieved compliance whilst others are making significant progress in achieving
compliancenot without itschallenges. Organisationsstill face a significantchallengeof
interpreting and applying this evolving set of standards as well as ensuring that
compliance is maintained at all times, but more importantly addressing risk mitigation
measures as threats evolve.
The PCI DSS ImplementationTraining isdesigned for card paymentsand IT specialists
focused onmanaging and implementingallaspectsofPCIcompliancecontrolswith their
organisations. The training covers PCI DSS from an implementation perspective, also
covered are guidelines on PA DSS, and PTS as well as additional best practices such as
vulnerability assessment and secure software development. Delegates who attend this
course will find many answers to pressing questions and are equipped with clear and
practical guidance helping save effort, time and money.
PCI DSS Implementation Training Objectives
● Learn how to reduce your QSA costs and gain more control over the project;
● Learnabout keyaspectsofmanaging andmaintaining compliancewith keyaspects
such as change control and continuous compliance monitoring;
● Gainan in-depth understandingof the PCI DSS standard and its relationto other
PCI standards such as PTS DSS and PA DSS;
● Find out about open source and commercial tools that help implement controls
and secure systems.
Who should Attends PCI DSS Implementation Training

5. The training session focuses on technical issues, see the agenda for a full overview.
Suitable for those concerned with coordinating, managing, and/or implementing PCI
Compliance within their organisation, namely:
● CSOs, CIO, CISO, System Security Executives, Software Developers
● Incident Response Teams, PCI Project Managers
● Information Security Managers, Compliance Managers
● IT Audit, Payment Cards, Payment Systems or similar.
Overview of contents of PCI DSS Implementation Training
Security Breaches Overview & Vulnerability Experiences
● Impact of Data Compromises and Increasing Risk to Cardholder Data
● Compromise Examples
● Compromise Discussion
PCI DSS and other standards
● Intent of PCI DSS
● Relationship to Industry Standards such as ISO 27001
● Understanding key concepts: Compliance & Validation
● Validation Levels and differences between Card Brands
● Compliance & Validation Exercise
Securing Payment Applications
● Payment Application DSS Scope & Requirements
● Application Security and Industry Guidelines (OWASP)
● Application Compromise Demonstration
PIN Transaction Security (PTS)
● PTS Scope
● PIN Management
PCI DSS Requirements explanation including the 12 Sections and sub requirements as
well as practical examples, topics include:
● Firewall configuration Standards and Settings
● Network Segmentation and Firewall Rules
● Vendors Defaults and Admin Access
● System Configuration Standards
● Cardholder Data Retention
● Protecting Stored Data
● Encrypting Cardholder Data
● Encryption Key Management
● Encrypting Sensitive Data over Public Networks
● Using and updating anti-virus software principles

6. ● Updated Wireless Guidelines, End to End Encryption Patch management and
change control
● Software Development Controls
● Secure Software Development
● Web-facing Applications
Key Concepts: Understanding Card Data
● CVV vs CVV2, Track 1 vs Track 2 Data, Full Track or Magnetic Stripe
● Track Data Characteristics and Guidelines for Searching, MOD-10
PCI DSS Applicability and Scoping
● Applicable Cardholder Data concepts
● Scoping Procedure
● Network Segmentation & Exercise
● Scoping for Virtualization/Cloud Computing
● Scoping Exercise
Understanding & Applying Compensating Controls
● Understanding Scoping: Intent vs Requirement
● Risk based approach: How to apply Compensating Controls
● Compensating Controls Case Study Scenario and Discussion
Scope Reduction: Tokenization/Encryption
● Understanding Encryption applied to PCI DSS
● The Tokenization Concept
● Encryption/Tokenisation Case Study
● End to End (E2E) encryption
● Restricting access to cardholder data
● Unique User Ids
● Two-Factor Authentication
● User Authentication
● Restricting physical access to cardholder data
● Maintaining Information Security policies
● Employee Acceptable Use Policy
● Information Security Management Responsibilities
● Employee Education and Screening
● Service Provider Requirements
● Incident Response Planning
● Virtualization, tokenization, Cloud computing
● Logging Access to Cardholder Data
● Monitoring Access to Cardholder Data
● Vulnerability Scans and Penetration Testing
● IDS and FIM

7. PCI DSS Implementation Training Achievement
Upon successful completion of the course a Certificate of “PCIDSS Lead Implementer
Training” will be issued.
CPD-40
CEU-4.0
PCI DSS Implementation Training Duration- 05 days
PCI DSS Implementation Training Calendar [ Click here ]
Value added PCI DSS Implementation Training
Accelerate learning with the expert faculty Lead Auditors and Principal Trainers from
the Industry. PCI DSS Implementation Learning from the "SpecialistExpert" hasmany
advantages:-
● It will drastically change the way of thinking and basic approach towards the
Management System Standards.
● You would cherish & Benchmark our training for a very long time to come.
● No fictitious case studies you can not connect with.
● Real time examples, real time scenarios you can quickly relate to.
● Complete Focus on your systems, processes and line of businesses.
● 100% involvement and engagement of the participants
● Learn to make the ISO Standard sweat to:-
A). Improve the profits.
B). Reduce rework, defects, customer rejections, wastage,& cost of operation
C). Enhance customer delight
D). Reduce attrition of customers and employees
E). Enhance confidence of all stakeholders
PCI DSS Implementation