PCI Implementation Workshop [CPISI] PCI Version 3.2

Transcription

1 PCI Implementation Workshop [CPISI] PCI Version 3.2 SISA, a Global Payment Security Specialist company and a certification body recognized PCI Security Standards Council (PCI SSC). With a large pool of PCI QSA, PCI PFI, PCI ASV, PA QSA and P2PE specialists, SISA conducts the following trainings:- a. PCI Awareness Session (1 Day) b. CPISI A hands-on PCI DSS Implementation Workshop (2 Days) c. CPISI-D A hands-on Payment Security Implementation Workshop for Developers (2 Days) d. CISRA-Formal Risk Assessment Workshop based on OCTAVE, NIST and ISO (2 Days) CPISI has over 5,000 certified professionals across the globe delivered through: Public workshops In-house workshops Virtual workshops [using gototraining]

2 CPISI Mumbai Workshop PCI Implementation Workshop v3.2, Mumbai Date July 15, 2016 to July 16, 2016 Timing am 05.00pm (Both Days) Certification CPISI Venue Hilton International, Sahar Airport Rd Andheri East, Mumbai, CPE 14 HRS. Fees INR 22,499+S.T. Fees Includes 2 days of training, Examination, Certification, Courseware, Refreshments at the venue Details

3 CPISI Workshop Workshop Title: Payment Security Implementation Workshop (CPISI Certification) PCI DSS Version 3.2 Objective The objective of this workshop is to give the participants necessary knowledge for implementing PCI DSS (latest version 3.2) requirements in an organization. The workshop with case studies will cover the intent of each requirement and will give practical examples on how to implement the same in different environments. Course Content The course is highly participative and follows a tried and tested format with alternates of lecture sessions and case study exercises in breakout groups. The content of the course are: PCI-DSS Background and consequences of non-compliance Scoping and Overview of 12 Requirements Relationship between PCI and PA-DSS, P2PE, PCI PTS and PCI PIN. PCI compliance for e-commerce, virtualization and mobile payment acceptance Case Study with detailed discussion on each requirement Closing Discussion ( Experiences, Information sharing, Q & A) CPISI Certification Test- Online (Links for the examination will be given after the workshop and participants needs to attend the test in limited time period. On successful completion-60% as the passing score; participants will be awarded with CPISI certificates.) Each topic is presented and is followed by exercises to ensure that the participants fully understood the intent of the requirements and to consolidate the key points. Duration 2 (Two) Days. A detailed agenda for the training program will be issued before commencement. Courseware Each participant will be given complete courseware for the workshop. And 14 hrs. of CPE credits.

4 CPISI - Agenda Time Particulars Duration Day 1: 9:00 am 10:15 am Introduction to Payment Ecosystem Basic Concepts, Background and Recent Events, PCI Security Standards Council 1 hour 15 minutes 10:15 am 10:30 am Break 15 minutes 10:30 am 12:30 pm Route to Compliance 2 hours Compliance Validation, Requirements and Process, PCI DSS, PA DSS and PCI Risk Assessment Overview, Finding PAN and Track Data 12:30 pm 1:30 pm Lunch 1 hour 1:30 pm 3:15 pm PCI DSS Risk Assessment and Scoping 1hour 45 minutes 3:15 pm 3:30 pm Break 15 minutes 3:30 pm 5:00 pm Build and maintain a Secure Network, Installing and Maintaining a Firewall Configuration, Network Segmentation, Secure Device Configurations 1 hour 30 minutes Time Particulars Duration Day 2: 9:00 am 10:15 am Protect Stored Cardholder Data, Encrypt Transmission of Cardholder Data across open, public network 1 hour 15 minutes 10:15 am 10:30 am Break 15 minutes 10:30 am 12:30 pm Secure Payment Application Development 2 hours Payment industry accepted access control practices Restrict physical access to cardholder data 12:30 pm 1:30 pm Lunch 1 hour 1:30 pm 3:15 pm Logging in PCI requirement 10, Tools for Logging in PCI, Auditing network and data access, SIEM and Log Management Testing your monitoring systems and processes, Maintain information security policy, Policies and procedures, Whose responsibility is it?, Incident response, Mobile, Tokenization, Virtualization and Cloud and their impact on Payment Security 1 hour 45 minutes 3:15 pm 3:30 pm Break 15 minutes 3:30 pm- 4:30 pm Group Activity & Exercise 1 hour 4:30 pm - 5:00 pm Closing Discussion 30 minutes

5 CPISI - Benefits CPISI is a 2 days hands-on workshop aimed primarily at enabling participants to get hands on knowledge on how to implement PCI Standards effectively in your organization. Guidance from SISA s PCI QSA which have conducted more than 500 PCI engagements and trainings. You will gain a clear understanding of the various requirements of the Payment Card Industry Standards, and learn the intent behind each of its requirements. The workshop is intended to provide practical solutions that have been used to adhere to the PCI requirements in a cost effective and sustainable manner. If your organization is already PCI compliant, this PCI implementation workshop will help you learn how to maintain your PCI compliant status effectively and resulting in a secure PCI environment. CPISI Certified professionals provide the enterprise with a certification for payment assurance that is recognized by multinational clients; lending credibility to the enterprise. CPISI Certified professionals Demonstrate competence in payment security domains, including standards and industry best practices for payment assurance. Please Note: Certified Payment-Card Industry Security Implementer (CPISI) is an independent payments industry certification offered by SISA for payment security professionals, relating to the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS is managed and developed by the PCI Security Standards Council (PCI SSC), which provides its own PCI DSS training and certification programs. SISA is not affiliated with or endorsed by PCI SSC. For more information about PCI SSC and the PCI DSS see

6 Trainer s Profile Dharshan Shanthamurthy CISA, CISSP, CEH, FCA, ISA, PCI-QSA, PA QSA, P2PE QSA, OCTAVE Authorized Trainer/Advisor, ISO Implementer, MSP Dharshan Shanthamurthy is an information security professional with over 20 years of experience in payment security. He holds number of security certifications. He was trained at CERT Coordination center, Software Engineering Institute on OCTAVE risk assessment methodology and was certified as OCTAVE Authorized Trainer/Adviser for Carnegie Mellon University. He was amongst the first PCI QSA of the PCI Standards Council. He is closely associated with the Payment Card Industry, and has a host of achievements to his name. He is also the first PCI QSA to have conducted PCI-DSS workshops which was attended by delegates from all the business verticals, including representatives from payment brands such as VISA and MasterCard. He has successfully conducted assessments for PCI Compliance Program at leading payment gateways, merchants, banks, third party processors, IT companies around the world. He is also the lead proposer and contributor of PCI DSS risk assessment guidance document which is now an official document referred under Requirement 12.2 of the PCI DSS Standard. Being the first PCI QSA, he is the one of the most sought after speaker on payment security. Payment Card Industry Community Meeting - North America, Middle East, Europe and Asia Pacific Speaker in ISACA San Francisco, ISACA Silicon Valley, OWASP Cincinatti, etc. Speaker in ASSOCHAM conference on Payment Card Security. ISACA Global Information Security Conference in Las Vegas, USA Co-Author of Information Security in Banks for CeBIT (Centre for Banking and Technology) Payment Card Industry-Data Security Seminar conducted Government of Sabah, Malaysia SEI Conferences, CeBIT, VISA and MasterCard global security conferences

7 About SISA Payment Security Specialists PCI Certification Body (PCI Qualified Security Assessor) Payment Application Security Assessor (PA QSA) Point to Point Encryption Qualified Security Assessor (P2PE QSA) VISA Approved Security Assessor (PCI PIN) PCI Approved Scanning Vendor (PCI ASV) Securing payments for over 1,000 organizations in over 32 Countries SISA CPISI Certification has over 5,000 professionals and is the one of the most coveted certifications for payment security professionals in the marketplace. SISA has conducted more than 300 workshops in 15 countries.

8 SISA Training Clientele Amadeus VISA MasterCard American Express Accenture Marriott Wells Fargo IBM Dell Microsoft Air Liquide Woodforest National Bank Milesbreed Technologies Kyawa Communications AT&T Microland Limited Target Corporation HP Ericsson Fidelity Tesco JP Morgan Chase Sapient Xerox EY PwC Deloitte Grant Thornton KPMG Thomson Reuters igate Mphasis JDA Sony Goldman Sachs CA Technology Allianz CSC CGI Tieto Paypal First Advantage 24-7 Inc. Polaris Qualys Siemens Target RHB Bank Welcome RT MEPS Xchanging Citi Bank Marina Bay Sands And many more

9 Few of SISA s CPISI Workshops

10 Thank You! Reach us at