CPSP (Certified Payment Security Practitioner) – Internationally Recognized Certification Training for PCI DSS Implementation.

Looking at the COVID-19 pandemic; with remote work culture in place it is getting difficult for organizations in managing PCI Compliance. According to the APWG 2019 research, 45% of statistics shows Phishing attempts and 40 % of small business were hit by a breach that costed them more than 50 K USD to recover. In many cases, these organizations were compliant to PCI DSS. Yet, breaches happened, and, in most cases, the breach was notified to the impacted company by an outside agency. Investments in complying to these standards are in addition to technology investments made by companies in anti-viruses, firewalls, security incident and event management systems, etc. The traditional checkbox approach to cybersecurity no longer works. It is important that organizations realize that the cybersecurity journey goes far beyond just compliance to any given standard. Organizations should also recognize that even after significant investments breaches can still occur.

At Network Intelligence we are conducting our flagship PCI certification workshop – Certified Payment Security Practitioner (CPSP). The training will cover the entire payment ecosystem and the latest PCI DSS standard which will help participants in understanding the intent and objective of each PCI DSS requirement. The training will also provide participants with a platform where they can understand a PCI QSA’s (Payment Card Industry Qualified Security Assessor) perspective of validating a PCI DSS requirement.

Since most of the companies have moved or shifting to remote working model, the training shall also cover a session on how to manage PCI Compliance with the while in a WFH model. It shall provide participants a hands-on experience of implementing PCI DSS compliance program through case-studies and examples.

Training Details:


Asia and Middle East

  • Date: 9th, 10th & 11th June
  • Timing: 2.00 PM to 6.00 PM (GMT +8)
  • Region: Asia & Middle East
  • Fees:
    • $ 100 (for ISACA members)
    • $ 120 (for non-ISACA members)
Register your interest


Americas & Europe

  • Date: 15th, 16th & 17th June
  • Timings: 2.00 PM to 6.00 PM (GMT +1)
  • Region: Americas & Europe
  • Fees:
    • $ 100 (for ISACA members)
    • $ 120 (for non-ISACA members)
Register your interest

Objective of the program:
  • Building a framework for securing payment card data
  • Ensuring security and not just compliance taking a risk-based approach to implement security controls
  • Winning end customer trust
  • Going beyond the traditional checklist-based approach for security
  • Complying with all the security control in the remote assessment model
Trainers

 

DOWNLOAD CPSP Brochure (PDF)

Who should attend?
  • Chief Information Security/Compliance Officers
  • Information Technology Managers
  • Payment Application Developers
  • Information Systems and Security Implementers
  • Other security professionals
Table of Content:
Session 1:
  • Basics of Payment Ecosystem: Card Data
  • Payment Transaction flow: Issuing and Acquiring
  • Stages of Payment Processing: Authentication, Authorization, Clearing, Settlement, Chargeback, Refund etc.
  • Various Payment Channels: ATM, POS, Ecom, Mobile App, MOTO, NFC or Contactless
Session 2:
  • What is PCI DSS?
  • Who is PCI SSC?
  • Responsibilities of various entities: PCI SSC, PCI QSAs, PCI ASVs etc.
  • PCI DSS Compliance Mandate and applicability of PCI DSS
  • Levels of Service Provider and Merchants
Session 3:
  • Various SAQs and Applicability
  • Approach for PCI DSS Implementation and Certification: “The Phased Approach”
  • PCI DSS and Card Data Storage Mandate: A Glimpse
Session 4:
  • Overview PCI DSS v3.2.1: 6 objectives and 12 Requirements
  • Overview of PA- DSS
  • Overview of PCI PTS
  • Overview of PCI P2PE
  • Integration Model for Various PCI standards
Session 5:
  • PCI DSS Scoping and Network Segmentation
  • PCI Perspective on architecture: Good and Bad: Inhouse Arch., Third party Cloud Architecture, Virtualization
  • Scoping vs Sampling: What is what?
  • PCI DSS Risk Assessment Methodology and Approach
  • PCI DSS and ISO 27001: A Comparison
Session 6:
  • Implementing PCI DSS Requirements: Detailed discussion on each requirement and sub requirement of PCI DSS v3.2.1
  • QSA Perspective for each PCI DSS requirement and Best Practices
  • PCI DSS Using Open Source tools: Suggestion on available tools to meet PCI DSS
Session 7:
  • Appendix A1 and A2
  • Designated entities supplemental validation
  • Compensating Controls
Session 8:
  • Impact of COVID 19 on PCI DSS on-site QSA assessment.
  • Remote Assessment- The way forward for PCI Compliance.
  • Moving your payment infrastructure to remote model.
  • Network Intelligence- Remote Assessment methodology.
Session 9:
  • Annual PCI DSS Compliance management: The PCI DSS Calendar
  • An approach to handle suspected card data breach
  • PCI DSS resources and knowledge library
  • What to look for in a PCI QSAC
Sample Certificate:

 

Terms & Conditions:
  • Fees, speakers and date are subject to change.
  • Any cancellations received within the last ten calendar days would be liable for 50% of the course fees. Cancellations must be received in writing at least one week prior to course commencement. No-shows would be fully charged.
  • Registered attendees who are unable to attend the above course can send replacements subject to one week’s notification. * Membership fee applies.
Privacy Notice:

We are committed to respecting your privacy and we recognize the importance of protecting the information collected about you. All of the personal information that you have submitted during the registration shall only be processed in relation to your attendance to this event (i.e., processing of payments, issuance of certificate, sending of any announcements, future events and activities). All the information that you have provided in relation to this event shall be protected with reasonable and appropriate measures, and shall only be retained as long as necessary in its processing.