Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

CyberSecurity for credit and debit card processing storage translates to the Payment Credit Card Industry Data Security Standard (PCI DSS). Heavy emphasis is placed on the protection of payment card information, wherever and whenever it is processed, stored, or transmitted, and to ensure that members, merchants, and service providers maintain the highest CyberSecurity standards. Meeting the twelve (12) requirements of this evolving standard can be a daunting challenge… and non-compliance can result in costly fines, loss of valuable retail customers, and continued vulnerability to serious payment card data attacks.

In this practical seminar, you will gain solid familiarity with the current PCI DSS and recent significant changes, and get proven tips on how best to overcome compliance challenges. You will examine a summary of the compliance requirements and cover practical solutions, potential risks, and common pitfalls. Highlights of the CyberSecurity controls necessary to satisfy PCI DSS requirements will be presented using a practical, commonsense methodology that emphasizes a top-down, structured implementation approach to day-to-day business operations.

Learning Objectives

  • Gain familiarity with the content, compliance requirements, and potential non-compliance risks associated with PCI DSS
  • Identify formal audit vs. self-assessment requirements
  • Evaluate the causes of CyberAttacks on stored and/or transmitted payment card data experienced by prominent merchants and service bureaus
  • Identify control areas within the standard that create the greatest compliance challenges
  • Identify tools and techniques useful in achieving cost-effective compliance

Course Outline

Overview of the PCI DSS and Its Corollaries

  • Payment Card Industry Data Security Standard (PCI DSS)
  • Self-Assessment Questionnaires (SAQ)
  • Payment Application Data Security Standard (PA-DSS)
  • PIN Transaction Security (PTS)

Compliance Requirements and Strategies

  • Attestation of compliance requirements
  • Merchant and service provider attestation levels
  • Sorting out compliance roles and responsibilities
  • Mapping PCI DSS to other governance and security standards
  • Common vulnerabilities and other PCI DSS related security trends
  • Addressing compensating controls

Vulnerability Management and Testing

  • Benefit and limitations of ASV scans
  • Vulnerability severity levels
  • False-positive resolution
  • Anti-virus/malicious software*
  • Vulnerability/threat alert tracking*
  • Patch management*
  • Network and host vulnerability scanning tools and techniques*

Additional Information

Who Should Attend

IT Auditors
Information Security Managers, Analysts, and Architects
IT Architects
Compliance Officers
Consultants

Learning Level

Intermediate

Delivery

Group-Live

Field

Auditing

Advanced Preparation

None

Recommended Prerequisites

How to Perform an IT General Controls Review (AA03) or equivalent training. A basic understanding of IT audit controls and terminology is assumed.

Session Duration

Online: N/A

On Site: 1 days

CPE Credits: 8