Requirements 3 to 6 of PCI DSS version 3.2.1 are to protect cardholder data and maintain a vulnerability management program. You'll understand what each requirement asks for and discover practical guidance from experienced PCI assessors.
The key to achieving PCI DSS compliance is a thorough knowledge of each of the sub-requirements and how they will be assessed. In this course, PCI DSS: Securing Data, Systems, and Applications, you’ll learn how to interpret PCI DSS requirements 3 through 6 and apply them to your organization. First, you’ll learn how PCI DSS wants stored cardholder data to be protected. Next, you’ll explore the requirement to encrypt cardholder data in transit and the requirement to protect systems against malware. Then, you’ll take a look at the largest requirement in PCI DSS which is to develop and maintain secure systems and applications. Finally, you’ll discover practical insights about all four requirements from experienced PCI assessors.
When you’ve finished with this course, you'll have the skills and knowledge to apply PCI DSS requirements 3 through 6 to an organization’s environment and to determine whether it is compliant with the demands of the standard.
Course Overview (Music) Hello. My name is John Elliott. Welcome to the course, PCI DSS: Securing Data, Systems, and Applications. In this course, I bring together the theoretical knowledge of PCI DSS requirements 5 and 6, along with the practical experience of how the standard really works. And I'm Jacob Ansari. I'm a Qualified Security Assessor or QSA with Schellman and Company, and I'm qualified to assess many of the PCI standards including PCI DSS, PA DSS, and PDPD. I've been an assessor for 14 years and have been doing this since the predecessor standards to PCI DSS. In this course we will firstly look at the DSS requirement to have antivirus or antimalware software installed on any system that can affect the security of cardholder data. And then we're going to talk about three of the most important security needs; vulnerability management, change control, and application security. This is the area where organizations most often fail and therefore how criminals break in to steal cardholder data. For each PCI DSS requirement, I'm going to cover what the standard says, what it means, and what will be assessed by a QSA. Then Jacob and I will discuss some of the key practical aspects of getting compliant and being assessed. Ideally, you'll already understand the basics of payment card processing and PCI DSS, but if you just want to get to grips with the requirement, you'll be able to jump straight in with no problems. By the end of this course, you'll have a great understanding of both the theory and the practice to help you implement the PCI DSS requirements that apply to securing logical assets. We do hope you will join us to learn the theory and practice behind PCI DSS requirements 5 and 6 with the Securing Data: Systems and Applications course here at Pluralsight.