Introduction: PCI DSS, the results of the convergence of Visa, Master Card, American Express and other payment brands respective security standards, is here to stay. More so, Visa and Mater Card are fining institutions that process/store/transmit payment data for lack of compliance. PCI DSS impacts all companies that process/store/transmit payment card information.
Any entity that processes Visa card data is required to comply with PCI DSS - this includes banks companies. Measures taken against banks/ companies that do not comply are confidential - but can include both fines and in extreme situations disconnection by Visa, Master Card and American Express.
This A-Z training on PCI DSS is based on PCI Internal Security Assessor (ISA) methodology and attendees are equipped with similar knowledge as an ISA. As a result, attendees are able to maintain and facilitate PCI DSS corporate implementation. It is a 3 day intense training with an exam on the last day; attendees should have an ICT or audit/control or project management background.
Course Content: The training is rich in knowledge and techniques and includes:
· Information Systems Security overview, modern security threats and attacks, technologies, techniques and best practices
· PCI Security Council objectives and documentation
· Specific terminology and its application to existing situations
· How the Standard applies to everyone involved with cardholder information
· How the implementation of the Standard is validated, dependent on levels of activity
· Cardholder data that can/cannot be held
· The relevance of different system components
· Detailed requirements of the Standard
· How compliance is assessed and whether compensating controls are acceptable
· Compilation of the Report on Compliance (ROC)
· Special considerations for hosting providers
· An action plan to achieve compliance
Who Should Attend: The certification will be beneficial to
· Card issuers and processors
· Top and middle management from the banking and financial system
· Heads of Operations
· Heads of Internal and External Audit
· Compliance Managers
· Compliance Officers
· Head of IT & Security
· Staff from Operations Department, Compliance Department, IT & Security Department, Internal and External Audit Department
Highlights: Participants will
· Understand the overview of Information Systems Security
· Gain an understanding of the importance of the Standard to all organisations using, processing or transmitting credit card information
· An appreciation of the controls necessary to be able to continue dealing with cardholder data
· The history of the PCI DSS standard
· Key principles and requirements of the standard
· Compliance with the standard - who does it relate to & at what level?
· The route to compliance - self assessment & audit
· Preparing an implementation plan
Facilitated by: NetHost Legislation (UK), PCI DSS Qualified Security Assessor Company
Instructors: Dr. Abiola Abimbola MPhil, MSc, PCI & PA QSA (See Instuctor Profile)
Dr. Supakorn Kungpisdan C|CISO, CISA, IRCA ISO27001, ITIL-F, C|EI, E|CSA, C|EH, C|HFI, E|CES (See Instuctor Profile)
Certification: On successful completion of the programme participants will be awarded: International Certificate issued by NetHost Legislation (UK) Ltd.
Method: Lecture and Certification Exam
Training Exam Structure
· Open Book
· 20 Questions- multiple choice and essay
· Time Duration- 1 hour 30 minutes
· Certificates will be issued for exam grade over 69% ONLY
· All Certificates will be emailed
Training Fee: 49,500 baht/delegate
Date: 5-7 March 2014
Duration: 3 days (18 hours), 09:00 – 16:30
Language: English
Venue: Jasmine Executive Suites Hotel, Soi Sukhumvit 23, Klongtoey-Nua, Wattana, Bangkok Tel. 02 204-5888, 204-5885 (See Map)
Course Description:
· Introduction to Information Systems Security - overview, modern security threats and attacks, technologies, techniques and best practices
· PCI Industry Overview – In depth coverage of the payment card industry, the terminology used to describe its key aspects, the flow of data through the various payment card mechanisms and the relationships between the various actors in the process
· What is PCI and what does it mean to companies that must meet compliance with the DSS? – An overview of the payment card industry, the terminology used within the industry, the flow of transaction data through the various components that make up the payment card industry, and the relationships between the various organizations in the process.
· How the credit card brands differ in their validation and reporting requirements – Detailed coverage of the classifications and compliance requirements for merchants and service providers and details about the various card brands’ compliance programs.
· Roles and Responsibilities – Descriptions of the key actors in the compliance process including high-level overviews of the Qualified Security Assessor (QSA), Internal Security Assessor (ISA), Payment Application Qualified Security Assessor (PA-QSA) and Approved Scanning Vendor (ASV) programs.
· PCI Data Security Standard (DSS) – An overview of the current DSS (version 2.0), the testing procedures for validating compliance, and what constitutes compliance with the requirements.
· PCI Hardware and Communications Infrastructure – Generalized overview of the types of devices used by organizations to accept payment cards and communicate with the verification and payment facilities.
· PCI Reporting – An overview of the different types of reports that must be submitted to the card brands or their designated agents to demonstrate compliance (or non-compliance) of the organizations filing the reports.
· Real world examples – An overview of compliance issues and mitigation strategies including defining compensating controls, creating policies and modifying the cardholder data environment.
· PCI Thresholds and Brand Specific Requirements – Detailed coverage of the classifications and compliance requirements for merchants, service providers and vendors and the various specific requirements imposed by the various card brands
· PCI –Data Security Specification (DSS) - In-depth training an every aspect of the current DSS including requirements, reasoning and what constitutes compliance with the requirement
· PCI Code Review and Analysis – In-depth training on executing code reviews and locating non PCI compliant constructs and procedures in applications that implement payment card processing systems
· PCI Hardware and Communications Infrastructure – In-depth training on the current state of typical devices and connectivity used by organizations to accept payment cards, and communicate with the verification and payment facilities
· PCI Reporting – In depth training on constructing and filing the necessary compliance reports and techniques for communicating results to those being audited
Registration: Kindly provide company name, address, Tax ID and names of delegates attending to the contact below. All invoices must be paid before 19 February 2014.
Contact Person: Jaratwan Laoharatchapruek
Mobile: 084-641-0275, 081-583-8805, Email: info@knowledgertraining.com
line ID :