Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

CyberSecurity for credit and debit card processing storage translates to the Payment Credit Card Industry Data Security Standard (PCI DSS). Heavy emphasis is placed on the protection of payment card information, wherever and whenever it is processed, stored, or transmitted, and to ensure that members, merchants, and service providers maintain the highest CyberSecurity standards.

Meeting the twelve (12) requirements of this evolving standard can be a daunting challenge… and non-compliance can result in costly fines, loss of valuable retail customers, and continued vulnerability to serious payment card data attacks.

Highlights of the CyberSecurity controls necessary to satisfy PCI DSS requirements will be presented using a practical, commonsense methodology that emphasizes a top-down, structured implementation approach to day-to-day business operations.

Note: This course content is an overview of PCI DSS, for a more intensive seminar those performing analysis of PCI DSS readiness or adequacy of compliance see CyberSecurity and Audit of Payment Card Systems (CY30)

Learning Objectives

  • Gain familiarity with the current PCI DSS and recent significant changes
  • Obtain proven tips on how best to overcome compliance challenges
  • Examine a summary of the compliance requirements and cover practical solutions, potential risks, and common pitfalls

Course Outline

Overview of PCI DSS and Its Corollaries

  • PCI DSS Goals and Requirements
  • Changes in PCI DSS V3.2
  • Corollary Standards and Supportive Information
  • Overview of Payment Card Processing and Roles in the PCI DSS Process
  • Participating Organizations

Protecting Cardholder Data

  • PCI Data Protection Requirements
  • Retention of Card Holder Data
  • Card Authentication Data Storage
  • Magnetic Stripe Data Storage
  • Card Validation Data
  • Personal Account Number (PAN) Protection

Compliance Validation: Reports, Audits, and Assessment

  • Compliance Requirements
  • Certification and Validation
  • Reporting Criteria
  • Compensating Controls
  • Compliance and Change Management

Payment Card Data Breaches and Compliance Failures

  • Notable PCI Data Breaches
  • Incident Reporting
  • “Safe Harbor”
  • Common Vulnerabilities and Compliance Gaps

Payment Card Vulnerability Management

  • Risk Assessments
  • SSL/TLS Security Testing
  • Vulnerability Management and Testing
  • PCI DSS Security Testing Requirements: Wireless, Vulnerability, Penetration
  • Scanning Requirements
  • Dealing with Scanning Results

Wrap-Up Summary

Additional Information

Who Should Attend
  • Audit Management
  • IT Auditors
  • Information Security Managers and Analysts
  • Financial Auditors; Operational Auditors
  • Compliance Officers
  • Controls Professionals
Learning Level

Basic

Delivery

Group-Live

Field

Auditing

Advanced Preparation

None

Recommended Prerequisites

How to Perform an IT General Controls Review or equivalent training. A basic management understanding of IT, Information Security, and Audit terminology and concepts is assumed.

Session Duration

Online: NA

On Site: 1 day

CPE Credits: 8