In place of our regular classroom based training, we are offering our PCI DSS Training courses online, in a condensed one-day course. A limited number of complementary places are available to 2|SEC Consulting clients.
Why train with us?
- Learn from real-life QSAs and Security Consultants
- Experienced trainers, having run hundreds of courses worldwide
- We allow plenty of time for case studies and questions, as to how they may apply to your organisation
- Learn how other companies in your sector are approaching PCI DSS
- Help prepare for PCIP and QSA exams
- Certificate of Attendance and 7 Contuining Professional Education (CPE) credits
Course pre-requisites:
- Experience of server, network and application security
- ISO 27001 Lead Auditor/Implementer, CISSP/SSCP or CompTIA Security+ certifications are recommended. PCI DSS is a technical standard and this is a technical course
- A laptop or PC with BrightTALK installed (register for a free account here – https://www.brighttalk.com)
Previous delegates have been:
- PCI DSS Project/Programme Managers
- PCI DSS Consultants
- Infosec Managers
- IT Managers
- IT Security Analysts
- Security Architects
Agenda
We will cover syllabus areas as follows, using plenty of real-life, practical examples, broken down into 6x 1-hour sessions throughout the day:
Session 1 – Introduction: 9am – 10am
- The Art of Information Security
- Security Breaches as Compliance Drivers
- PCI DSS Evolution and Timeline Compliance Propagation & Data Flow
- PCI DSS & Related Standards – Differences, Applicability
- Card Scheme Compliance Programs
- Roles, Responsibilities, Enforcement
- Visa TIP Program – Risk Based Approach for Merchants
- Prioritised Approach
Session 2 – Scoping: 10am – 11am
- Self Assessment Questionnaire Types
- Report on Compliance (RoC)
- Attestation of Compliance (AoC)
- Prohibited Data
- Requirement Zero
- Applicability, scoping and sampling
Session 3 – PCI DSS Parts 1-3: 11am -12.15pm
- PCI DSS Section 1 – Install and maintain a firewall configuration to protect cardholder data
- PCI DSS Section 2 – Do not use vendor-supplied defaults for system passwords and other security parameters
- PCI DSS Section 3 – Protect stored cardholder data
Break – 12:15 – 13:00
Session 4 – PCI DSS Parts 4-6: 1pm-2pm
- PCI DSS Section 4 – Encrypt transmission of cardholder data across open, public networks.
- PCI DSS Section 5 – Use and regularly update anti-virus software Workshop
- PCI DSS Section 6 – Develop and maintain secure systems and applications
Session 5 – PCI DSS Parts 7-9: 2pm – 3pm
- PCI DSS Section 7 – Restrict access to cardholder data by business need-to-know
- PCI DSS Section 8 – Assign a unique ID to each person with computer access
- PCI DSS Section 9 – Restrict physical access to cardholder data
Session 6 – PCI DSS Parts 10-12: 3pm – 4pm
- PCI DSS Section 10 – Track and monitor all access to network resources and CHD
- PCI DSS Section 11 – Regularly test security systems and processes
- PCI DSS Section 12 – Maintain a policy that addresses information security
- Appendix requirements for Service Providers
- Compensating controls
Session 7 – Case Studies, Q&A: 4pm – 5.30pm
- We welcome the opportunity to discuss any anonymised scenarios you would like to present us. Remember there will be other companies on the course too.
Your Trainer – Parminder Lall, QSA, CISA, ISO 27001 Lead Auditor
The course is led by Parminder Lall, an experienced Lead QSA and Security Consultant, who has plenty of real-world experience in both auditing and advising Merchants, Service Providers and Banks globally.
As Director of Cyber Security for 2|SE Consulting, he heads up the PCI DSS / QSA team here at 2|SEC Consulting. His prior roles included Head of Cyber Security Consultancy at Six Degrees, and full time Lead PCI DSS Consulting roles at British Aiways and T-Mobile.
Parminder is well regarded in the security Industry and has a vast network of security professionals and being renowned for his thought leadership. Having been chair of the UK Merchants PCI working group, Parminder understands the challenges of many different sectors in the security industry.
Price – £375 per delegate
[contact-form-7 id=”10016″ title=”PCI DSS 4.0 Training”]