There are currently no vacancies.
Cyber fraud and online crime are unfortunately continuing to rise significantly year after year. This has led to fresh new challenges to those providing payment cards, such as credit cards and debit cards, to us all. PCI DSS (Payment Card Industry Data Security Standard) was created to address the information security needs of organisations processing payments by transmitting, processing or storing payment card data. As a result of PCI DSS implementation, education of staff working on it has come to the fore, and a number of PCI DSS courses have ben created specifically to meet this new training need.
In particular, information security professionals, often working in roles within the payments industry, need to be kept up to date with all the requirements of the current PCI DSS standards. Whilst these standards were originally created with the aim of reducing cardholder’s data and credit card fraud, PCI DSS is not actually a law. These are compliance standards that are both applied and directly enforced by the payment providers themselves, so basically these standards are policed by the payment providers too. There are fines and other sanctions, including removal and revoking access, for non-compliance.
Students attending courses in PCI DSS will be educated to the level necessary for them to be able to then implement a PCI DSS compliant program within their workplace. The over-arching aim of these standards is to force users into action, increasing information security wherever payments card data is used out in the field.
Training in PCI DSS is available at foundation level, technical and commercial implementation levels, depending on individual students requirements. There are also many real world based training modules offering series of workshops providing practical PCI DSS implementation knowledge to course students. Many of these standards pertain to WLAN configuration, passwords, wireless access, Wireless Intrusion Prevention Systems (WIPS) and activity logging within what are termed CDE’s (Cardholder Data Environments).
There are courses at many levels relating to PCI DSS form introductory foundation modules up to practical classes in its implementation and monitoring. Each student of information security will have different needs, so they must attend the courses that are best suited to them.
Lets next take a look at some of the course options available in PCI DSS.
1) PCI DSS Foundation level training
Foundation level courses in PCI DSS will provide an introduction to the Payment Card Industry Security Standards (PCI DSS). Practical guidance and real world examples will be taught, providing students with a basic understanding of what this standard is all about.
It should be taught at the latest level of the standard, which at the time of writing is currently PCI DSS v3.2.
2) PCI DSS Implementation level training
An implementation level course will provide students with a practical and comprehensive knowledge of all aspects necessary to successfully implement a PCI DSS compliance programme into their organisation. Successful completion can lead to an industry-recognised PCI DSS Implementation (PCI IM) certification.
3) PCI DSS Self Assessment Questionnaires (SAQ) training
For those implementing PCI DSS compliance within their enterprise, SAQ (Self-Assessment Questionnaires) must be completed. This may sound like a simple form-filling exercise but it is not! Training in this usually takes place in short workshops on the subject. The original SAQ had 13 questions, for v3.0 versions of PCI DSS onwards; there are 139 probing questions that must be accurately answered to ensure full compliance! Furthermore, larger merchants with more than one payment system will need to submit more than one SAQ to satisfy new requirements, such as penetration testing.
In short, the following course content should be covered: