by Kelly Handerhan

PCI/DSS

 
0% Completed

This series covers the framework governing the self-regulated payment processing industry. Compliance with these standards is critical. Learn the 12 elements of the framework and how they pertain to risk management in relation to cardholder data.

Time
1:16 hours
CEU/CPE
1 hours
Difficulty
Beginner
Share this course and earn Cybytes
FacebookTwitterGoogle+LinkedInEmail
Lessons
Description
Course Material
Certificate
Skills New
 
Course Description

About the PCI/DSS Training Class

Payment Card Industry Data Security Standards

You probably don’t need to be sold on the importance of securing financial information, particularly credit card information. There have been several high-profile data breaches of credit card information in recent years with the most prominent being the theft of more than 40 million numbers of Target’s customer data. The payment card industry is a self-regulated industry and as such, the burden of defining and enforcing data security standards falls upon its members. The data security guidelines for the payment card industry are governed by the Payment Card Industry Data Security Standards or PCI DSS.

The topics covered in this series of training videos revolve around the essential elements of PCI DSS. These are basically the why, what, how, and who and consist of 12 essential requirements or elements. Securing cardholder data requires strong enforcement and begins at the top of the organization. This requires buy-in by senior management in order to have any hope of succeeding.

We’ll examine the various sources and types of attacks targeting cardholder data along with the policies and procedures used to thwart them. Attacks can originate either internally or externally and can be both intentional (malicious) or unintentional. Many internal threats posed by employees are unintentional such as lost laptops or falling victim to scams and phishing exploits.

Securing cardholder data falls under the umbrella of risk management, which consists of risk assessment, risk analysis, and risk mitigation. These methods are part and parcel of the 12 elements of the PCI DSS framework and are discussed in detail in the last two videos of this series. In essence, these elements are basic, common sense best practices of network security and secure data handling.

One of the fundamental requirements of the PIC DSS framework is to build and maintain a secure network. This consists of utilizing firewalls, routers, and other devices to protect the network and its resources such as cardholder data. And it’s not sufficient to simply deploy these devices directly out-of-the-box as easy and tempting as that may seem. Default settings on these devices must be reconfigured to something much more secure.

Best practices regarding securing data both at rest as well as in transmit must be followed. The rules of data security that follow the IAAA principles of identification, authentication, authorization, and access control must also be followed. This leads to maintaining an audit trail of data access and controlling who (the subject) has access to what resources (the objects) and what they are permitted to do with them once they have acquired access.

An organization is only as secure as its weakest links and in most situations these links are software and people. This requires instituting secure development standards and enforcing best practices for coding. The education of employees regarding proper data handling procedures as well as ensuring that they are cognizant of the social engineering threats aimed at them is critical.

Finally, all of these standards, internal policies, and procedures must be monitored on an on-going basis to ensure that vulnerabilities and risks are identified and then mitigated. The bad guys don’t rest and it’s essential that organizations remain ever vigilant in such a hostile environment. The costs are too high both financially as well as in terms of lost trust and reputation to ever become complacent.

Related End User Compliance and Awareness Training on Cybrary
You may also benefit from the Security Awareness course and the HIPAA training course.

 
Course Badge
What is a Course Badge? Whenever you feel that you have mastered the content of a course, get yourself a nifty course badge to show off your profile.
Current Cybyte Count:
Course Badge: 15 Cybytes
Buy Badge
You need more Cybytes to earn this Course Badge
$ = 25 Cybytes

PCI/DSS PowerPoint notes & PDF version

How do I earn my Certificate of Completion?

1. Complete PCI/DSS on Cybrary

2. Earn 25 Cybytes by logging in, completing lessons and sharing courses and other content

3. Use your Cybytes to earn your Cybrary verified Certificate of Completion

Have questions? Visit our FAQ page to learn more.

Cybrarys Award Winning Cyber Security Training offers innovative Cyber Security Skill Certifications

The PCI/DSS training will prepare you to master these job-ready skills and earn Skill Certifications to prove your knowledge and jumpstart your career.

Payment Card Industry Data Security Standard PCI/DSS

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

Watering Hole Attack
Views: 126 / February 27, 2017
Ethical Hacking – Kali Linux 2.0 Tutorials
Views: 158 / February 27, 2017
Raw Log Anatomy: Understanding my SIEM System
Views: 2446 / February 26, 2017
Kali Linux – Hacking OS Tutorial Series
Views: 4714 / February 25, 2017
Skip to toolbar
Cybrary works best if you switch to our Android-friendly app
Continue

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel