Certified Payment Security Practitioner – Internationally Recognized Certification Training for PCI DSS Implementation.

In the past few years, we have seen massive breaches at organizations such as Target and Equifax. In many cases, these organizations were compliant to PCI DSS. Yet, breaches happened, and, in most cases, the breach was notified to the impacted company by an outside agency. Investments in complying to these standards are in addition to technology investments made by companies in anti-viruses, firewalls, security incident and event management systems, etc. The traditional checkbox approach to cybersecurity no longer works. It is important that organizations realize that the cybersecurity journey goes far beyond just compliance to any given standard. Organizations should also recognize that even after significant investments breaches can still occur. The training will cover the entire payment ecosystem and the latest PCI DSS standard which will help participants in understanding the intent and objective of each PCI DSS requirement. The training will also provide participants with a platform where they can understand a PCI QSA’s (Payment Card Industry Qualified Security Assessor) perspective of validating a PCI DSS requirement. The training will provide participants a hands-on experience of implementing PCI DSS compliance program through case-studies and examples.

Training Details:
Date: 26th & 27th September 2019
Fees: LKR 47,700/- (for ISACA members)
          LKR 53,000/- (for non-ISACA members)
Venue: SriLanka

Register your interest

Objective of the program:
  • Building a framework for securing payment card data
  • Ensuring security and not just compliance Taking a risk-based approach to implement security controls
  • Winning end customer trust
  • Going beyond the traditional checklist-based approach for security



Who should attend?
  • Chief Information Security Officers Compliance Officers
  • Information Technology Managers Developers
  • Information Systems and Security Implementers
  • Other security professionals
Table of Content:
Session 1:
  • Basics of Payment Ecosystem: Card Data
  • Payment Transaction flow: Issuing and Acquiring
  • Stages of Payment Processing: Authentication, Authorization, Clearing, Settlement, Chargeback, Refund etc.
  • Various Payment Channels: ATM, POS, Ecom, Mobile App, MOTO, NFC or Contactless
Session 2:
  • What is PCI DSS
  • Who is PCI SSC
  • Responsibilities of various entities: PCI SSC, PCI QSAs, PCI ASVs etc.
  • PCI DSS Compliance Mandate and Applicability of PCI DSS
  • Levels of Service Provider and Merchants
Session 3:
  • Various SAQs and Applicability
  • Approach for PCI DSS Implementation and Certification: “The Phased Approach”
  • PCI DSS and Card Data Storage Mandate: A Glimpse
Session 4:
  • Overview PCI DSS v3.2.1: 6 objectives and 12 Requirements
  • Overview of PA- DSS
  • Overview of PCI PTS
  • Overview of PCI P2PE
  • Integration Model for Various PCI standards
Session 5:
  • PCI DSS Scoping and Network Segmentation
  • PCI Perspective on architecture: Good and Bad: Inhouse Arch., Third party Cloud Architecture, Virtualization
  • Scoping vs Sampling: What is what?
  • PCI DSS Risk Assessment Methodology and Approach
  • PCI DSS and ISO 27001: A Comparison
Session 6:
  • Implementing PCI DSS Requirements: Detailed discussion on each requirement and sub requirement of PCI DSS v3.2.1
  • QSA Perspective for each PCI DSS requirement and Best Practices
  • PCI DSS Using Open Source tools: Suggestion on available tools to meet PCI DSS
Session 7:
  • Appendix A1 and A2
  • Designated entities supplemental validation
  • Compensating Controls
Session 8:
  • Annual PCI DSS Compliance Management: The PCI DSS Calendar
  • An Approach to Handle suspected card data breach
  • PCI DSS Resources and Knowledge Library
  • What to look for in a PCI QSAC
Sample Certificate:


Terms & Conditions:
  • Fees, speakers and date are subject to change.
  • Training Fee is inclusive of Training Kit, Refreshments and Training certificate.
  • Any cancellations received within the last ten calendar days would be liable for 50% of the course fees. Cancellations must be received in writing at least one week prior to course commencement. No-shows would be fully charged.
  • Registered attendees who are unable to attend the above course can send replacements subject to one week’s notification. * Membership fee applies.
Privacy Notice:

We are committed to respecting your privacy and we recognize the importance of protecting the information collected about you. All of the personal information that you have submitted during the registration shall only be processed in relation to your attendance to this event (i.e., processing of payments, issuance of certificate, sending of any announcements, future events and activities). Photos and videos will be taken during the event and ISACA will use it for documentary, evidentiary and marketing purpose.The photos and videos may be posted on ISACA Sri Lanka’s website and social media sites All the information that you have provided in relation to this event shall be protected with reasonable and appropriate measures, and shall only be retained as long as necessary in its processing.