Kontakt mail office@ceib.rs / mobile +381 65 940 2010
Zlatibor - hotel Mona
08. December 2017. Price 200 Eur / per participant Accommodation 70 Euro FB *VAT is not included in price |
![]()
|
Introduction
The Payment Card Industry Data Security Standard’s requirements are practices performed by many, but mastered by surprisingly few. And yet, the payoff from achieving excellence in these areas is large. This course addresses in detail the specific requirements of the PPCI DSS standard in terms of opening questions revealed from the implementation practice and answers them as effective requirements’ specifications and recommendations.
PCI DSS in Essence is a practical hands-on one-day interactive program involving guidelines, roadmaps, examples, exercises, case studies and discussions. This training program has been developed to transfer the skills and expertise to those involved in maintaining various parts from the security in corporate networks, overviewed through the prism of the PCI DSS requirements.
The Payment Card Industry Data Security Standard’s requirements are practices performed by many, but mastered by surprisingly few. And yet, the payoff from achieving excellence in these areas is large. This course addresses in detail the specific requirements of the PPCI DSS standard in terms of opening questions revealed from the implementation practice and answers them as effective requirements’ specifications and recommendations.
PCI DSS in Essence is a practical hands-on one-day interactive program involving guidelines, roadmaps, examples, exercises, case studies and discussions. This training program has been developed to transfer the skills and expertise to those involved in maintaining various parts from the security in corporate networks, overviewed through the prism of the PCI DSS requirements.
Who Should Attend This Course? / Audience
The “PCI DSS in Essence” training course is designed for IT/IS Professionals, Security Officers, IT/IS Managers, who, in any capacity, deal with the PCI DSS requirements and tasks related to it.
The “PCI DSS in Essence” training course is designed for IT/IS Professionals, Security Officers, IT/IS Managers, who, in any capacity, deal with the PCI DSS requirements and tasks related to it.
Training Methods and Course Materials
For each course attended, you will be provided with:
For each course attended, you will be provided with:
- comprehensive course specifications, writing guidelines and notes;
- workshop model solutions;
- checklists, forms and charts which you can use immediately in your projects;
- a CD-ROM with extensive documents and resources;
- Information regarding access to web-resources and etc.;
- Post access to the presenter via phone and email for up to 3 months after the completion of the course.
PCI DSS Overview
What is PCI compliance?
Is Your Business Prepared for the Physical Security Threat?
What is PCI compliance?
- What is PCI validation?
- o What is required to become PCI compliant?
- o Security Standards Myths
- o Multi-factor authentication required in and out the CDE - Security Beyond Passwords
- o Clarifying masking criteria
- o Change management process
- o Service Provider Written Agreement
- o New penetration testing requirements
- o Cryptographic architecture requirements
- o Establish a PCI DSS program
- o Quarterly personnel reviews o Timely detection and reporting
Is Your Business Prepared for the Physical Security Threat?
- o Recognize Social Engineering Techniques
- o Social Engineering Training: What Your Employees Should Know
- o Ways to Social Engineer in Financial Institution
- o Social Engineering Examples
- o Fighting Phishing Email Scams
Getting compliant and PCI DSS Compliance Trends
- o Pen-testing vs Vulnerability Scanning: What’s the Difference?
- o Vulnerability Scanners: What, Why, and How to Comply
Spotting Vulnerabilities – Is Vulnerability Scanning Antiquated?
- o 10 Qualities to Look For When Selecting an Approved Scanning Vendor
How to Prepare for a PCI DSS Audit
- o Reduce PCI DSS Scope
- o PCI DSS Risk Assessment Guidelines
- o Implement Data Security Best Practices
- o Role Based Access Control
- o Typical Anti-Virus for True PCI Requirement 5 Compliance
- o Firewalls, IPSs, SIEMs: Things You Should Know
- o PCI Council Security Awareness Guidance
- o Internal Regulations and Records
- o Which PCI SAQ is Right for My Business?
- o PCI Compliance Scanning Requirements
- o How Much Does a Pen-test Cost?
- o Understanding PCI DSS Prioritized Approach
- o Exam Exercise
About the Presenter
With his 4 years’ experience as an IT Systems Engineer, and 6 years hands-on experience in the field of Information Security, besides CISO’s operations and governance in the Bank, currently working as responsible for PCI DSS implementation and maintenance in the Bank’s Card-Holder-Data-Environment, as well.
Darko’s educational status is Master of Science with Master thesis in the field of Industrial Information Security (SCADA Environment). His professional background is accompanied with several certifications in the field of information security, such as: Certified Ethical Hacker, Certified ISO27001:2013 Lead Auditor, BIA Implementer etc.
His resume includes several publications:
With his 4 years’ experience as an IT Systems Engineer, and 6 years hands-on experience in the field of Information Security, besides CISO’s operations and governance in the Bank, currently working as responsible for PCI DSS implementation and maintenance in the Bank’s Card-Holder-Data-Environment, as well.
Darko’s educational status is Master of Science with Master thesis in the field of Industrial Information Security (SCADA Environment). His professional background is accompanied with several certifications in the field of information security, such as: Certified Ethical Hacker, Certified ISO27001:2013 Lead Auditor, BIA Implementer etc.
His resume includes several publications:
- Assessing Industrial Networks,
- Hacking Techniques performed in Industrial Environment,
- Compensation controls as an alternative method for PAN numbers encryption in MS SQL Database (PCI DSS 3.0 Chapter 3.4),
- Attacking IT-Defense Devices,
- Implementation of „SSL for ADO.Net“ for Encryption of the Data In Transit in the Corporate Network (PCI DSS 3.1 Chapters 2.3, 4.1