PCI DSS Training Courses

Our 2 day Advanced PCI DSS Training Course targets security professionals with business or technical background responsibilities for managing the project aspect of a compliance program or the implementation of the technical elements contained within the PCI DSS (and related standards such as PA DSS and PTS). The course’s Training Manual was developed upon the Visa PCI DSS manual which served as the basis for the QSA (Qualified Security Assessor) Training Course Material developed by the PCI SSC and fully covers all topics included on the QSA and ISA certification exams.

“Presenters very knowledgable and experienced, were able to provide real world experience” – The Royal Bank of Scotland

The aim of the 2-sec course is to bridge the gap between formal PCI SSC training and t

he real world, with focus on practical, hands-on exercises and case studies that delegates can take away and use in their day-to-day roles.

The course encompasses both business and technical aspects of PCI DSS, aiming to provide a solid foundation upon which further skills can be developed.

We welcomed delegates from NTT Europe, The Royal Bank of Scotland and The MoBank Group at our last course, with excellent feedback, including “Excellent overall coverage”, “Excellent general overview”, “Loved the course!”.  All delegates said it was relevant to their day to day jobs and would recommend the course to others.

Our next course is being held in London on June 21st and June 22nd 2012 – taking bookings now – earlybird price £850 per delegate up to May 25 2012!  Please contact training@2-sec.com or purchase your place online.

What the course covers

The PCI Industry
What is PCI and its applicability to industry players that must meet compliance with the DSS. Brief overview of the industry, the terminology, the flow of transaction data through the various stakeholders, and the relationships between the various stakeholders. Deep dive into compliance drivers – breaches resulting in data compromise leading to fraud.

Card Brands, Validation, Reporting
Detailed coverage of the classifications and compliance requirements for issuers, acquirers, merchants and service providers and details about the various card brands’ compliance programs.

Roles and Responsibilities
Descriptions of the key actors in the compliance process including high-level overviews of the Security Standards Council (SSC), Qualified Security Assessor (QSA), Internal Security Assessor (ISA), Payment Application Qualified Security Assessor (PA-QSA), Pin Transaction Security (PTS), Point to Point Encryption (PTPE) and Approved Scanning Vendor (ASV) programs.

Applicability, Scoping & Segmentation
Understanding the applicability of rules, “store, process, transmit” as well as exceptions is critical. Defining current scope, determining optimal scope, scope reduction techniques including adequate segmentation are key cost & time savers.

Understanding Card Data & Handling Sensitive Elements
Understand cardholder data and how its elements are used, what conditions prohibit storage as well as protective measures warranting retention.

Emerging and Established Technologies for Securing Card Data
How to successfully implement new technologies or apply existing ones innovatively to protect and secure to cardholder data. Using cloud computing, virtualisation, tokenisation and point to point encryption come with a handful of benefits, but present their own set of challenges, which if misunderstood can weaken the security of data or cause budget overruns.

Technical Deep Dive
An overview of the testing procedures for validating compliance and what constitutes compliance with the requirements.

For a detailed schedule, sample slides and references, please contact training@2-sec.com and we would be very happy to discuss your requirement.

Martin Petrov – PCI DSS Trainer, Consultant, Subject Matter Expert Martin Petrov is an experienced information systems audit and security professional who is a Certified Information Systems Security Professional (CISSP), Certified Information System Auditor (CISA) and a former Qualified Security Assessor (QSA). Martin has worked as an Information Security Consultant on various enterprise scale projects for customers such as government agencies, ministries, banks, international corporations, blue chip service providers as well as a number of small and middle sized companies.  Martin has over 10 years experience within the information security arena of which 5 years as a full time PCI DSS auditor having executed over 75 compliance audits for a significant number of European processors, acquiring banks, payment service providers and large merchants. As a subject matter expert Martin has lead over 15 PCI DSS training seminars for Visa International and Visa Europe across the EMEA region.

Tim Holman – QSA and PA-QSA, ISSA Senior Member Tim brings a vast experience of working with PCI DSS over the past 6 years in Europe and has helped hundreds of Merchants, Service Providers and Banks attain PCI DSS Compliance in his capacity as QSA and PA-QSA.His focus is very much hands on, using real life case studies and teaching you to work with what the PCI SSC provide, rather than obscure sets of course notes you wouldprobably never read again. Tim is also President of the ISSA-UK, a 1,700 strong membership association of security professionals and is well known on the speaking circuit, featuring sessions at RSA Europe 2011 and Infosec Europe 2011. His PCI DSS training style is best described as lively and invigorating, well paced and he has delivered training courses as far as Kuala Lumpur to the East and Seattle to the West! He is familiar with a wide range of educational cultures and training techniques and focuses on each of his class delegates as individuals.