Certified Payment Security Practitioner (CPSP v2.0) Training

The PCI Data Security Standard (PCI DSS) is a global standard that provides a baseline of operational & technical requirements designated to protect payment data. PCI DSS v4.0 is the next evolution of the standard. PCI DSS v4.0 replaces version 3.2.1 to address emerging threats and technologies and enable innovative methods to combat new threats. This version associates the protection of payment data with new controls to address sophisticated cyber attacks.

In the past few years, we have seen massive breaches at organizations such as Target and Equifax. In many cases, these organizations were compliant with PCI DSS. Yet, breaches happened, and, in most cases, the breach was notified to the impacted company by an outside agency. Investments in complying with these standards are in addition to technology investments made by companies in anti-viruses, firewalls, security incident and event management systems, etc. The traditional checkbox approach to cybersecurity no longer works. It is important that organizations realize that the cybersecurity journey goes far beyond just compliance with any given standard. Organizations should also recognize that even after significant investments, breaches can still occur.

The CPSP v2.0 training will cover the entire payment ecosystem and the latest PCI DSS v4.0 standard, which will help participants in understanding the intent and objective of each PCI DSS v4.0 requirement. The CPSP v2.0 training will also provide participants with a platform where they can understand a PCI QSA’s (Payment Card Industry Qualified Security Assessor) the perspective of validating a PCI DSS v4.0 requirement.

Training Details:


Americas, Europe & Canada

  • Date: 29thJanuary – 1stFebruary 2024
  • Timing: 2.00 PM to 6.00 PM (GMT)
  • Duration: 4 hours every day for 4 days
  • Mode: Online through Microsoft Teams
  • Region: Americas, Europe & Canada
  • Fees:
    • USD $ 150 (ISACA/ISC2 members)
    • USD $ 200 (Regular Participant)


Asia and Middle East

  • Date: 22nd – 25th January 2024
  • Timing: 6.00 AM to 10.00 AM (GMT)
  • Duration: 4 hours every day for 4 days
  • Mode: Online through Microsoft Teams
  • Region: Asia & Middle East
  • Fees:
    • USD $ 150 (ISACA/ISC2 members)
    • USD $ 200 (Regular Participant)
Register your interest

Objective of the program:
  • Building a framework for securing payment card data
  • Guidance to professionals for protecting customer data
  • Ensuring security and not just compliance
  • Going beyond the traditional checklist-based approach for security
  • Taking a risk-based approach to implement security controls
  • Winning end customer’s trust
Trainer

 

Table of Content:
PART 1:
  • Basics of Payment Ecosystem: Card Data (Track data, EMV Chip),
  • Entities involved
  • Payment Transaction flow: Issuing and Acquiring
  • (Card Present and Card Not Present Transactions)
  • Stages of Payment Processing: Authentication, Authorization, Clearing, Settlement, Chargeback, Refund etc.
  • Various Payment Channels: ATM, POS, Ecom, Mobile App, MOTO, NFC or Contactless
  • PCI Perspective on architecture: Good and Bad: Inhouse Arch.
  • Third party Cloud Architecture, Virtualization
  • What is PCI DSS v4.0 ?
  • Who is PCI SSC?
  • Responsibilities of various entities: PCI SSC, PCI QSAs, PCI ASVs etc.
  • PCI DSS v4.0 Compliance Mandate and Applicability of PCI DSS v4.0
  • Levels of Service Provider and Merchants
  • Various SAQs and Applicability
  • Approach for PCI DSS v4.0 Implementation and Certification: “The Phased Approach”
  • PCI DSS v4.0 and Card Data Storage Mandate: A Glimpse
PART 2:
  • Overview PCI DSS v4.0: 6 objectives and 12 Requirements
  • Overview of PA – DSS, PCI SSF
  • Overview of PCI PTS
  • Overview of PCI P2PE
  • Integration Model for Various PCI Standards
  • PCI DSS v4.0 Scoping and Network Segmentation
  • Scoping vs Sampling: What is what?
  • PCI DSS Risk Assessment Methodology and Approach
  • PCI DSS v4.0 and ISO 27001: A Comparison
  • PCI DSS v 3.2.1 VS v4.0
  • PCI DSS v4.0 timelines
PART 3:
  • Implementing PCI DSS v4.0 Requirements: Detailed discussion on each requirement and sub requirement of PCI DSS v4.0
  • QSA Perspective for each PCI DSS requirement and Best Practices
  • PCI DSS v4.0 Using Open-Source tools: Suggestion on available tools to meet PCI DSS v4.0 requirements
  • Appendix A1 and A2
  • Designated entities supplemental validation (DESV)
  • Overview and implementation practices of Compensating Controls
  • Customized Approach
PART 4:
  • Annual PCI DSS v4.0 Compliance
  • Management: The PCI DSS v4.0 Calendar
  • An Approach to Handle suspected card data breach
  • PCI DSS v4.0 Resources and Knowledge Library
  • What to look for in a PCI QSA ?
Sample Certificate:

 


Terms & Conditions:
  • Fees, speakers and date are subject to change.
  • Any cancellations received within the last ten calendar days would be liable for 50% of the course fees. Cancellations must be received in writing at least one week prior to course commencement. No-shows would be fully charged.
  • Registered attendees who are unable to attend the above course can send replacements subject to one week’s notification. * Membership fee applies.