PCI DSS: Infrastructure Security
The first two requirements of PCI DSS version 3.2.1 are to build and maintain secure networks and systems. You'll learn to understand what each requirement asks for and discover practical guidance from experienced PCI assessors.
What you'll learn
The key to achieving PCI DSS compliance is a thorough knowledge of each of the sub-requirements and how they will be assessed. In this course, PCI DSS: Infrastructure Security, you’ll learn how to interpret PCI DSS requirements 1 and 2, and apply them to your organization. First, you’ll learn how PCI DSS wants a firewall configuration to be built and maintained to protect cardholder data. Next, you’ll explore the requirement to not use vendor-supplied defaults for systems passwords and other security parameters. Finally, you’ll discover practical insights about both requirements from experienced PCI assessors. When you’ve finished with this course you will have the skills and knowledge to apply PCI DSS requirements 1 and 2 to any organization’s environment and to determine whether it is compliant with the demands of the standard.
Table of contents
- Navigating the PCI DSS Standards 6m
- 1.1 Have and Implement Configuration and Management Standards 12m
- 1.2 Build and Configure Firewalls Properly 4m
- 1.3 Make All Traffic Go through a Firewall 10m
- How Assessor Starts an Assessment of Firewalls and Network Devices 4m
- Documenting the Business Justification for Firewall Rules 1m
- Six Monthly Firewall Reviews 5m
- Barriers to Achieving Compliance in Requirement 1 2m
- Maintain the Network Diagram 3m
- Using Firewall Management Tools 2m
- Typical Areas of Non-compliance and Data Compromises 2m
- Virtual Firewalls and Firewalls in the Cloud 3m
- What About Routers? 2m
- 1.4 Personal Firewalls 2m
- 1.5 Policies and Procedures 3m
- Key Tips About the Personal Firewall Requirement 4m
- Personal Firewalls and Corporate VPNs 3m
- Where Requirement 1.4 Goes Wrong 2m
- Policies and Procedures – Why They Are Actually Important 5m
- Policies, Data Breaches, and How to Manage Policies 2m
- 2.1 Remove or Disable Default Passwords and Accounts 3m
- 2.2 Develop Secure Configuration Standards 7m
- 2.3 Encrypt Non-console Administration Access 2m
- 2.4 Maintain an Inventory 2m
- 2.5 Policies and Procedures 2m
- Default Credentials 2m
- System Hardening 6m
- Assessing Compliance and Hidden Resources 3m
- Encrypting Administration Access Over a Network 4m
About the authors
John Elliott is a specialist in regulated security and data protection. His fascination is the way that people engage with security directives: whether that’s a company following external regulation, an information security team developing policies, an IT team following them, or a colleague who is just trying to do their job securely. John has led information security and data protection functions in aviation and financial services. He’s represented both Visa Europe and Mastercard on the PCI S... more