Due to it’s inherent complexity and highly interpretable requirements, understanding PCI compliance and your responsibilities therein is a fulltime job. Provisions for reporting compliance can vary from card brand to card brand and from bank to bank. Worse, your audit results may vary from year to year of you have recently switched assessors. Understanding PCI, your obligations, and how to fulfill them is critical to the payment ecosystem in your company.
Available Courses Include:
Introduction to PCI
The Introduction to PCI course gives employees of in various departments the requisite knowledge of PCI and what responsibilities they have to protect cardholder data. This training ensures that PCI information is protected from the point of acquisition, during processing, and while the data is at-rest.
Applicable departments include, but are not limited to:
- Call Center Management and Operations (where data may be acquired over the phone, or may be recalled from systems wherein it is stored).
- IT Engineering (where support personnel may have access to network infrastructure or resources that touch or transport cardholder data).
- Database Engineering (where engineers may have access to cardholder data at rest)
- Application Support (where technicians or engineers may have direct access to data ingress and egress from cardholding applications).
PCI Scope Reduction 101
As the manager in charge of managing the PCI compliance effort, your life gets easier as your scope gets smaller. Our scope reduction course is designed for IT managers and engineers, ISOs, and other employees who need to understand how to reduce the scope of their PCI audit by identifying the correct perimeter demarcations for your cardholder environment and being able to correctly evidence them at the time of audit.
OWASP Web Application Security Developer Training
Vulnerabilities in web applications represent one of the most common threats to the sanctity and security of your customer data. Training your development team to recognize and avoid the most common application level security vulnerabilities will greatly reduce the odds that your organization experiences a breach due to the most commonly exploited issues. Our training covers vulnerability types such as command injection, cross-site scripting (XSS), insecure direct object references, and insecure storage. We provide real-examples in a hands-on environment where developers can:
- See the vulnerability
- Read the code that caused the vulnerability.
- Exploit the vulnerability.
- Apply a patch that remediates the vulnerability.
Certain parts of PCI-DSS are more challenging or more important to the nature of your business than others. Section Training provides you the ability to focus only on the sections of PCI that you feel are paramount to your organization, customizing the training specifically for your employees in the areas you care about. Topics can cover entire control objectives such as “Build and Maintain a Secure Network (Sections 1-4 in PCI-DSS),” or can be added to training a la carte – i.e. a “firewalls and logging” training package (Sections 1 and 10).
eLearning for Remote Offices
All of our PCI Compliance training courses are available with an eLearning component as an option, which enables you to facilitate the education of teams that may be split geographically (physical security personnel in two different facilities or developers in other countries.)