17
mar
PCI DSS in Essence
Introduction The Payment Card Industry Data Security Standard’s requirement...
Beograd Bezbednost i Osiguranje
PCI DSS in Essence
Jezik: 
English
Introduction
The Payment Card Industry Data Security Standard’s requirements are practices performed by many, but mastered by surprisingly few. And yet, the payoff from achieving excellence in these areas is large. This course addresses in detail the specific requirements of the PPCI DSS standard in terms of opening questions revealed from the implementation practice and answers them as effective requirements’ specifications and recommendations.
PCI DSS in Essence is a practical hands-on two-day interactive program involving guidelines, roadmaps, examples, exercises, case studies and discussions. This training program has been developed to transfer the skills and expertise to those involved in maintaining various parts from the security in corporate networks, overviewed through the prism of the PCI DSS requirements.
Who Should Attend This Course? / Audience
The “PCI DSS in Essence” training course is designed for IT/IS Professionals, Security Officers, IT/IS Managers, who, in any capacity, deal with the PCI DSS requirements and tasks related to it.
Training Methods and Course Materials
For each course attended, you will be provided with:
- comprehensive course specifications, writing guidelines and notes;
- workshop model solutions;
- checklists, forms and charts which you can use immediately in your projects;
- a CD-ROM with extensive documents and resources;
- Information regarding access to web-resources and etc.;
- Post access to the presenter via phone and email for up to 3 months after the completion of the course.
PCI DSS Overview
- What is PCI compliance?
- What is PCI validation?
What is required to become PCI compliant?
Security Standards Myths
- PCI DSS development and (its last version 3.2) Changes: What Your Business Needs to Know, What’s New?
Multi-factor authentication required in and out the CDE - Security Beyond Passwords
Clarifying masking criteria
Change management process
Service Provider Written Agreement
New penetration testing requirements
Cryptographic architecture requirements
Establish a PCI DSS program
Quarterly personnel reviews o Timely detection and reporting
- Is Your Business Prepared for the Physical Security Threat?
Recognize Social Engineering Techniques
Social Engineering Training: What Your Employees Should Know
Ways to Social Engineer in Financial Institution
Social Engineering Examples
Fighting Phishing Email Scams
- Getting compliant and PCI DSS Compliance Trends
Pen-testing vs Vulnerability Scanning: What’s the Difference?
Vulnerability Scanners: What, Why, and How to Comply
- Spotting Vulnerabilities – Is Vulnerability Scanning Antiquated?
10 Qualities to Look For When Selecting an Approved Scanning Vendor
About the Presenter
With his 4 years’ experience as an IT Systems Engineer, and 6 years hands-on experience in the field of Information Security, besides CISO’s operations and governance in the Bank, currently working as responsible for PCI DSS implementation and maintenance in the Bank’s Card-Holder-Data-Environment, as well.
Darko’s educational status is Master of Science with Master thesis in the field of Industrial Information Security (SCADA Environment). His professional background is accompanied with several certifications in the field of information security, such as: Certified Ethical Hacker, Certified ISO27001:2013 Lead Auditor, BIA Implementer etc.
His resume includes several publications:
- Assessing Industrial Networks,
- Hacking Techniques performed in Industrial Environment,
- Compensation controls as an alternative method for PAN numbers encryption in MS SQL Database (PCI DSS 3.0 Chapter 3.4),
- Attacking IT-Defense Devices,
- Implementation of „SSL for ADO.Net“ for Encryption of the Data In Transit in the Corporate Network (PCI DSS 3.1 Chapters 2.3, 4.1
The Payment Card Industry Data Security Standard’s requirements are practices performed by many, but mastered by surprisingly few. And yet, the payoff from achieving excellence in these areas is large. This course addresses in detail the specific requirements of the PPCI DSS standard in terms of opening questions revealed from the implementation practice and answers them as effective requirements’ specifications and recommendations.
PCI DSS in Essence is a practical hands-on two-day interactive program involving guidelines, roadmaps, examples, exercises, case studies and discussions. This training program has been developed to transfer the skills and expertise to those involved in maintaining various parts from the security in corporate networks, overviewed through the prism of the PCI DSS requirements.
Who Should Attend This Course? / Audience
The “PCI DSS in Essence” training course is designed for IT/IS Professionals, Security Officers, IT/IS Managers, who, in any capacity, deal with the PCI DSS requirements and tasks related to it.
Training Methods and Course Materials
For each course attended, you will be provided with:
- comprehensive course specifications, writing guidelines and notes;
- workshop model solutions;
- checklists, forms and charts which you can use immediately in your projects;
- a CD-ROM with extensive documents and resources;
- Information regarding access to web-resources and etc.;
- Post access to the presenter via phone and email for up to 3 months after the completion of the course.
PCI DSS Overview
- What is PCI compliance?
- What is PCI validation?
What is required to become PCI compliant?
Security Standards Myths
- PCI DSS development and (its last version 3.2) Changes: What Your Business Needs to Know, What’s New?
Multi-factor authentication required in and out the CDE - Security Beyond Passwords
Clarifying masking criteria
Change management process
Service Provider Written Agreement
New penetration testing requirements
Cryptographic architecture requirements
Establish a PCI DSS program
Quarterly personnel reviews o Timely detection and reporting
- Is Your Business Prepared for the Physical Security Threat?
Recognize Social Engineering Techniques
Social Engineering Training: What Your Employees Should Know
Ways to Social Engineer in Financial Institution
Social Engineering Examples
Fighting Phishing Email Scams
- Getting compliant and PCI DSS Compliance Trends
Pen-testing vs Vulnerability Scanning: What’s the Difference?
Vulnerability Scanners: What, Why, and How to Comply
- Spotting Vulnerabilities – Is Vulnerability Scanning Antiquated?
10 Qualities to Look For When Selecting an Approved Scanning Vendor
About the Presenter
With his 4 years’ experience as an IT Systems Engineer, and 6 years hands-on experience in the field of Information Security, besides CISO’s operations and governance in the Bank, currently working as responsible for PCI DSS implementation and maintenance in the Bank’s Card-Holder-Data-Environment, as well.
Darko’s educational status is Master of Science with Master thesis in the field of Industrial Information Security (SCADA Environment). His professional background is accompanied with several certifications in the field of information security, such as: Certified Ethical Hacker, Certified ISO27001:2013 Lead Auditor, BIA Implementer etc.
His resume includes several publications:
- Assessing Industrial Networks,
- Hacking Techniques performed in Industrial Environment,
- Compensation controls as an alternative method for PAN numbers encryption in MS SQL Database (PCI DSS 3.0 Chapter 3.4),
- Attacking IT-Defense Devices,
- Implementation of „SSL for ADO.Net“ for Encryption of the Data In Transit in the Corporate Network (PCI DSS 3.1 Chapters 2.3, 4.1
Cene
Price 150 EUR.
Early bird discounts: Till on 30th July - 15%
Dokumenti
Izvor: ceib.rs
