Facebook Twitter Linked In
Panacea InfoSec

Implementing of payment system standards is a hands-on training course designed to help delegates understand the requirements of the Payment System Standards and develop the competences needed to implement an effective Payment system standards compliance programme. Through the hands-on exercises, delegates will work on developing an compliance programme, beginning by performing a gap-analysis of the current security posture and defining a clear and optimized scope. The course also addresses the use of tools to identify card details in order to more accurately scope a given environments and to ensure that machines containing card details have been identified and removed from systems prior to decommissioning. Finally, delegates are given an opportunity to reflect on a number of practical issues in meeting the requirements of payment Industry, and learn common mistakes to avoid and effective ways of going from a noncompliant state to a compliant one.

Why Panacea Infosec ?

"Our trainers are security consultants with many years of experience,
highly dedicated to teach and share their knowledge."

"This Course is about acquiring practical skills and competence - not just theory."

"We focus on competence and understanding through hands-on exercises"


Ajay Kaushik CEO,
Panacea InfoSec

Who Should Attend

This course is ideally suited for:

“The class will benefit anyone who wants to gain practical knowledge in the domain of implementing and reviewing implementations of the Payment Security Standard”


Prerequisites

The course is “hands-on”, focused on both understanding and attaining payment Industry compliance. It is aimed at those individuals who already have a degree of understanding of banking and how credit card payments are processed. The course is not highly technical, but a basic understanding of general computing is necessary to get the most out of the course. Although not essential, any existing exposure to general Information Security principles will be beneficial.
Duration: 5 days

About the course

IPD is a hands-on course developed around a set of real-life case studies used to simulate real PCI DSS compliance activities on cardholders environments. Specifically, the course will address the following scenarios:

Course Breakdown

Module 1: What is PCI DSS?

1.1: What the PCI DSS Standard is
1.2: How PCI DSS Originated
1.3: Organisational PCI DSS Classification
1.4: How PCI Applies to Different Categories of Organisation
1.5: Enforcement and Compliance Channels
1.6: Overview of Related Standards (PA-DSS, PCI PTS/PCI PED)

Module 2: The Standard Itself

2.1: How the Standard is Structured
2.2: The 12 Requirements of PCI DSS
2.3: Associated Documentation

Module 3: Prioritised Approach

3.1: What is the Prioritised Approach?
3.2: Usage of the Prioritized Approach to Minimize Risk and Aid Compliance
3.3: “Safe Harbour” and Enforcement Implications of Prioritized Approach

Module 4: IT Controls and Requirements

4.1: Overview of IT-Related Controls of the Standard
4.2: How to Assess your IT Security Status
4.3: Recommended IT and Finance Department Interaction models
4.4: Compiler Back End
4.5: Detecting Compilers

Module 5: Supporting Documentation

5.1: Classification of other SSC-issued Guidance Types
5.2: How to use the Related Documents
5.3: Primacy and Hierarchy of PCI Literature

Module 6: Defining the Scope of your Environment

6.1: Scope’s Relationship with Assessment and Attestation of Compliance
6.2: Consequences of Poor Scoping
6.3: Methods that can be used to achieve a more accurate Scope
6.4: Means of minimising Scope
6.5: De-scoping Systems that can be decommissioned

Module 7: PCI Policy and Documentation Requirements

7.1: Policy Overview
7.2: Incorporating PCI into existing Information Security
7.3: PCI DSS Requirement 12 detailed review
7.4: Incident Response
7.5: End user Messaging

Module 8: Planning a Compliance Programme

8.1: Project Planning Requirements
8.2: Timeframes and Compliance Life-Cycle activities
8.3: Ensuring ongoing Compliance

Module 9: PCI DSS Certification

9.1: PCI DSS Certification Process
9.2: QSAs and ASVs
9.3: Pre-certification checks

Contact us