Payment Card Industry Data Security Standard (PCI DSS)

Paths

Payment Card Industry Data Security Standard (PCI DSS)

Authors: John Elliott, Jacob Ansari, Aaron Willis, Troy Hunt

This series provides the essential knowledge needed to be able to implement the Payment Card Industry Data Security Standard (PCI DSS) and secure payment card data in your... Read more

What you will learn:

  • The process that occurs for each payment card transaction
  • The purpose of the PCI DSS and how it is used in card scheme compliance programs
  • The intention of each of the 12 PCI DSS requirements and how these requirements will be accessed by a Qualified Security Assessor (QSA)
  • The considerations to be taken when pursuing compliance and how to maintain compliance
  • Common attacks against payment card data and how to defend against these attacks

Pre-requisites

No prerequisite experience or knowledge is necessary.

Beginner

Begin with a primer on the mechanics of secure payment card processing and an overview of the PCI DSS.

Payment Card Security, Processing, and the PCI Standards

by John Elliott

Jan 5, 2017 / 1h 50m

1h 50m

Start Course
Description

There is a reason that criminals steal payment card data. It is because they can turn the stolen data into money. In this course, Payment Card Security, Processing, and the PCI Standards, you'll discover how a payment card transaction gets from the store to your statement and in the process learn about the electronic messages that move between the banks and payment card schemes. First, you'll find out how criminals turn the data into money and how the payment card industry stops them with the security standards that everyone and everything in the process has to follow. Next, you'll learn about which PCI authorized assessors are required for an organization to validate compliance with the various PCI Security Standards. Finally, you'll explore the foundation qualification, the PCI Professional, that you may want to consider. At the end of this course, you'll understand how the payment system works and the PCI Security Standards role in protecting this data.

Table of contents
  1. Course Overview
  2. Discovering How Card Payments Work
  3. Working Out Which PCI Standards Apply
  4. PCI Compliance, Qualified Professionals, and Programs
  5. Becoming a PCI Professional

PCI DSS: The Big Picture

by John Elliott

May 10, 2017 / 1h 22m

1h 22m

Start Course
Description

In an organization that touches payment cards, the information security agenda includes compliance with the Payment Card Industry (PCI) Data Security Standard (DSS). In this course, PCI DSS - The Big Picture, you'll learn the basic requirements of PCI DSS, the language it uses, and how the standard is structured. More importantly, you'll learn how the standard is used in compliance programs and how you'll be expected to validate your compliance. You'll also learn what to do when you can't comply with the standard and discover ten of the most common PCI DSS myths that can lead to expensive mistakes. When you've finished this course, you'll know enough PCI DSS to work in environments where PCI DSS compliance is a requirement.

Table of contents
  1. Course Overview
  2. Introduction
  3. Inside the Standard
  4. What Is PCI DSS Compliance?
  5. Ten PCI DSS Common Myths

Intermediate

Next, take a deep dive into all 12 requirements of the standard and the process of achieving and maintaining PCI DSS compliance.

PCI DSS: Infrastructure Security

by John Elliott

Oct 21, 2019 / 1h 49m

1h 49m

Start Course
Description

The key to achieving PCI DSS compliance is a thorough knowledge of each of the sub-requirements and how they will be assessed. In this course, PCI DSS: Infrastructure Security, you’ll learn how to interpret PCI DSS requirements 1 and 2, and apply them to your organization. First, you’ll learn how PCI DSS wants a firewall configuration to be built and maintained to protect cardholder data. Next, you’ll explore the requirement to not use vendor-supplied defaults for systems passwords and other security parameters. Finally, you’ll discover practical insights about both requirements from experienced PCI assessors. When you’ve finished with this course you will have the skills and knowledge to apply PCI DSS requirements 1 and 2 to any organization’s environment and to determine whether it is compliant with the demands of the standard.

Table of contents
  1. Course Overview
  2. Requirement 1: Install and Maintain a Firewall Configuration
  3. Requirement 1 Continued: Install and Maintain a Personal Firewall
  4. Requirement 2: Do not Use Vendor-supplied Defaults

PCI DSS: Securing Data, Systems, and Applications

by John Elliott

Oct 24, 2019 / 3h 16m

3h 16m

Start Course
Description

The key to achieving PCI DSS compliance is a thorough knowledge of each of the sub-requirements and how they will be assessed. In this course, PCI DSS: Securing Data, Systems, and Applications, you’ll learn how to interpret PCI DSS requirements 3 through 6 and apply them to your organization. First, you’ll learn how PCI DSS wants stored cardholder data to be protected. Next, you’ll explore the requirement to encrypt cardholder data in transit and the requirement to protect systems against malware. Then, you’ll take a look at the largest requirement in PCI DSS which is to develop and maintain secure systems and applications. Finally, you’ll discover practical insights about all four requirements from experienced PCI assessors. When you’ve finished with this course, you'll have the skills and knowledge to apply PCI DSS requirements 3 through 6 to an organization’s environment and to determine whether it is compliant with the demands of the standard.

Table of contents
  1. Course Overview
  2. Requirement 3: Storage of Cardholder Data
  3. Requirement 4: Encryption of Transmitted Cardholder Data
  4. Requirement 5: Anti-virus and Anti-malware
  5. Requirement 6: Vulnerability Management
  6. Requirement 6 Continued: Change Control in the CDE
  7. Requirement 6 Continued: Security in Software Development

PCI DSS: Restricting Access to Cardholder Data

by John Elliott

Dec 16, 2019 / 2h 8m

2h 8m

Start Course
Description

The key to achieving PCI DSS compliance is a thorough knowledge of each of the sub-requirements and how they will be assessed. In this course, PCI DSS: Restricting Access to Cardholder Data, you’ll learn how to interpret PCI DSS requirements 7, 8 & 9, and apply them to your organization. First, you’ll learn how PCI DSS wants role-based access and based on least privilege and need to know. Next, you’ll explore the long and prescriptive requirements about username, passwords and multi-factor authentication. Then you’ll take a look at the requirements related to the protection of cardholder data in physical format – written in paper and saved to electronic media. Finally, you’ll discover practical insights about both requirements from experienced PCI assessors. When you’ve finished with this course you will have the skills and knowledge to apply PCI DSS requirements 7, 8 and 9 to any organization’s environment and to determine whether it is compliant with the demands of the standard.

Table of contents
  1. Course Overview
  2. Requirement 7: Restrict Access to Cardholder Data
  3. Requirement 8: Assign a Unique ID to Each Person with Computer Access
  4. Requirement 9: Restrict Physical Access to Cardholder Data
  5. Requirement 9.9: Security for Point of Sale Devices

PCI DSS: Detection, Assurance, and Management

by John Elliott

Feb 6, 2020 / 3h 34m

3h 34m

Start Course
Description

The key to achieving PCI DSS compliance is a thorough knowledge of each of the sub-requirements and how they'll be assessed. In this course, PCI DSS: Detection, Assurance, and Management, you’ll learn how to interpret PCI DSS requirements 10, 11, & 12, and apply them to your network. First, you’ll learn the how PCI DSS wants access to network resources and cardholder data to be tracked and monitored. Next, you’ll explore the requirement to regularly test security systems and processes. You’ll also see the final requirement in PCI DSS which is to maintain a policy that addresses information security for all personnel. Finally, you’ll discover practical insights about all three requirements from experienced PCI assessors. When you’ve finished with this course you'll have the skills and knowledge to apply PCI DSS requirements 3, 4, 5, & 6 to an organization’s environment and to determine whether they are compliant with the demands of the standard.

Table of contents
  1. Course Overview
  2. Requirement 10: Track and Monitor Access to Resources and Data
  3. Requirement 11: Regularly Test Security Systems and Processes
  4. Requirement 11.3: Penetration Testing
  5. Requirement 12: Maintain a Policy that Addresses Information Security
  6. Requirement 12 Continued: Third-party Service Providers
  7. Requirement 12 Continued: Incident Management

PCI DSS: Achieving and Maintaining Compliance

by Jacob Ansari

May 22, 2020 / 4h 1m

4h 1m

Start Course
Description

It's time to bring together the theoretical knowledge of becoming PCI DSS compliant, and the practical knowledge of how the standard really works! In this course, PCI DSS: Achieving and Maintaining Compliance, you’ll gain the ability to take an organization on a PCI DSS compliance journey and understand the challenges in maintaining PCI DSS compliance. First, you’ll learn about who may ask you to comply with PCI DSS and the different ways that you can demonstrate your compliance. Next you’ll explore how to determine what people, processes and technology that the PCI DSS requirements will apply to, and the ways to minimize these. Then, you'll discover what a Qualified Security Assessor (QSA) will do when they assess your compliance with the standard, and what you can do when your organization cannot comply with certain requirements. Finally, you’ll learn how to prevent control decay, scheduled tasks, and change from destroying your hard-won PCI DSS compliance. When you’ve finished with this course you'll have the skills and knowledge to pilot an organization through a successful PCI DSS compliance journey, and then maintain PCI DSS compliance year after year.

Table of contents
  1. Course Overview
  2. Introduction and Recap
  3. What Does Compliance Mean?
  4. The Journey to Compliance
  5. Scoping, Segmentation, and Scope Reduction
  6. Using and Assessing the Standard
  7. The Assessment Process
  8. Maintaining Compliance

Advanced

Finally, explore the different attack types that are conducted for the purpose of stealing payment card data, how best to defend against these specific attacks, and what to do if your organization suspects a data breach.

PCI DSS: The State of Cardholder Data Attacks

by Aaron Willis

Jan 16, 2019 / 1h 25m

1h 25m

Start Course
Description

In this course, PCI DSS: The State of Cardholder Data Attacks, John Elliott and Aaron Willis dive into data breaches and the development of the PCI DSS. Learn all about the criminals’ ways of working from an experienced PFI, discover the control failures that typically give criminals the opportunity to mount a successful attack, and discover what actually happens in the course of a PCI forensic investigation. By the end of this course, you’ll have a solid understanding of how these criminals operate and an inside glimpse of a PCI forensic investigation.

Table of contents
  1. Course Overview
  2. Understanding the Forensic Collection Process
  3. Understanding the Threat Landscape - Point of Sale (POS) Attacks
  4. Understanding the Threat Landscape - eCommerce Attacks
  5. Understanding the Threat Landscape - Infrastructure Attacks

Defending Against JavaScript Keylogger Attacks on Payment Card Information

by Troy Hunt

Jul 26, 2018 / 1h 2m

1h 2m

Start Course
Description

In this course, Defending Against JavaScript Keylogger Attacks on Payment Card Information, John Elliott and Troy Hunt discuss the most common attack used to steal payment card data and how to defend against it. Learn how security people think about a problem, why criminals attack, how their tools and techniques work, and how you have to adapt as defenders. By the end of this course, you’ll have a better understanding of the NIST model, how thinking about detection is equally important, and response/recovery.

Table of contents
  1. Course Overview
  2. The Evolution of the Crime
  3. PROTECT: Employing JavaScript Security Techniques
  4. PROTECT: Preventing Webserver Compromise
  5. DETECT: ​Detecting Compromised JavaScript
  6. Response and Recovery
Offer Code *
Email * First name * Last name *
Company
Title
Phone
Country *

* Required field

Opt in for the latest promotions and events. You may unsubscribe at any time. Privacy Policy

By providing my phone number to Pluralsight and toggling this feature on, I agree and acknowledge that Pluralsight may use that number to contact me for marketing purposes, including using autodialed or pre-recorded calls and text messages. I understand that consent is not required as a condition of purchase from Pluralsight.

By activating this benefit, you agree to abide by Pluralsight's terms of use and privacy policy.

I agree, activate benefit