This course aims to assist organizations that store, process, communicate or otherwise handle credit or debit card data, whether they are merchants or service providers, to understand the requirements of the PCI DSS v4.0 and how the Standard applies to them.
It is vital to protect payment card data in order to prevent fraudulent transactions and misuse. This course will guide you through the use of the PCI DSS v4.0, which has been designed to ensure the appropriate protection of payment card data. PCI DSS is an information security standard for organizations that handle card data associated with the major card brands Visa, MasterCard, American Express, Discover, UnionPay and JCB. Compliance with the Standard is mandatory for all organizations involved in storing, communicating or otherwise handling debit and credit card data.
This course will help you understand the structure of the PCI DSS v4.0 and what is involved in meeting the 12 high-level requirements, with a focus on those requirements which can be particularly challenging. It provides practical guidance on ways to reduce the scope of the Standard, making sure you apply the appropriate levels of security that fulfil compliance requirements, which can often reduce costs. You’ll also learn what the Standard’s reporting requirements are and whether reporting needs to be done through a qualified security assessor (QSA) or through one of numerous self-assessment questionnaires (SAQs).
How will I benefit?
This course will help you:
- Understand how compliance with the PCI DSS v4.0 will reduce the risk of a security breach
- Understand the requirements of PCI DSS v4.0 and how to address the 12 requirements
- Understand the different levels of reporting requirements for both merchants and service providers, to help you to report appropriately
- Understand the importance of reducing the scope of PCI DSS assessments
- Understand how workload and costs can be reduced through effective segmentation
- Demonstrate to customers and other stakeholders that you take the security of payment card data seriously
- Understand how PCI DSS can be used to enhance the control set from ISO/IEC 27002
Who is this course for?
Anyone who:
- Has an interest in protecting payment card data and wants to learn how PCI DSS v4.0 can assist
- Wants to understand the main requirements of the Standard
- Wishes to understand what the benefits and challenges are of complying with the PCI DSS
- Wants to understand how to reduce the scope of their PCI DSS assessment
- Wants to update their knowledge of the PCI DSS to v4.0
The course is applicable to representatives from any size or type of organization who are planning to or currently store, communicate, process or otherwise handle debit and / or credit card information. The course is equally applicable to any service providers that could impact the security of cardholder data in other organizations.
What will I learn?
- Explain the purpose of the standard
- Appreciate the rules for protecting cardholder data
- Identify where the standard is applicable
- Appreciate how to reduce the scope of an assessment
- Interpret each of the 12 high-level requirements correctly
- Recognize the different validation options
What is included?
Upon successful completion of your course, you’ll receive an internationally recognized BSI certificate.
Prerequisites
You are expected to have the following prior knowledge:
There are no mandatory prerequisites for attending this course, although it may be beneficial to consider how your organization is involved with the processing of debit and credit card information and through what mediums.
A basic knowledge of IT security methodologies, such as firewalling, access controls and encryption would be useful.