PCIP (PCI Professional)

Paths

PCIP (PCI Professional)

Authors: John Elliott, Jacob Ansari

The Payment Card Industry Professional qualification is an entry-level qualification in payment security information and provides you with the tools to help your organization... Read more

What you will learn

This course outlines the PCI Standards and provides you with the tools to build a secure payments environment and help your organization achieve PCI compliance. Course highlights include:

  • Principles of PCI DSS, PA-DSS, PCI PTS, and PCI P2PE Standards
  • Understanding of PCI DSS requirements and intent
  • Overview of basic payment industry terminology
  • Understanding the transaction flow
  • Implementing a risk-based prioritized approach
  • Appropriate uses of compensating controls
  • Working with third-parties and service providers
  • How and when to use Self-Assessment Questionnaires (SAQs)
  • Recognizing how new technologies affect the PCI (e.g. virtualization, tokenization, mobile, cloud)

Pre-requisites

No prerequisite experience or knowledge is necessary.

PCI Professional (PCIP)™ Qualification certification preparation courses

The 7 courses in this section of the path can help you to prepare for the PCI Professional qualification.

Payment Card Security, Processing, and the PCI Standards

by John Elliott

Jan 5, 2017 / 1h 50m

1h 50m

Start Course
Description

There is a reason that criminals steal payment card data. It is because they can turn the stolen data into money. In this course, Payment Card Security, Processing, and the PCI Standards, you'll discover how a payment card transaction gets from the store to your statement and in the process learn about the electronic messages that move between the banks and payment card schemes. First, you'll find out how criminals turn the data into money and how the payment card industry stops them with the security standards that everyone and everything in the process has to follow. Next, you'll learn about which PCI authorized assessors are required for an organization to validate compliance with the various PCI Security Standards. Finally, you'll explore the foundation qualification, the PCI Professional, that you may want to consider. At the end of this course, you'll understand how the payment system works and the PCI Security Standards role in protecting this data.

Table of contents
  1. Course Overview
  2. Discovering How Card Payments Work
  3. Working Out Which PCI Standards Apply
  4. PCI Compliance, Qualified Professionals, and Programs
  5. Becoming a PCI Professional

PCI DSS: The Big Picture

by John Elliott

May 10, 2017 / 1h 22m

1h 22m

Start Course
Description

In an organization that touches payment cards, the information security agenda includes compliance with the Payment Card Industry (PCI) Data Security Standard (DSS). In this course, PCI DSS - The Big Picture, you'll learn the basic requirements of PCI DSS, the language it uses, and how the standard is structured. More importantly, you'll learn how the standard is used in compliance programs and how you'll be expected to validate your compliance. You'll also learn what to do when you can't comply with the standard and discover ten of the most common PCI DSS myths that can lead to expensive mistakes. When you've finished this course, you'll know enough PCI DSS to work in environments where PCI DSS compliance is a requirement.

Table of contents
  1. Course Overview
  2. Introduction
  3. Inside the Standard
  4. What Is PCI DSS Compliance?
  5. Ten PCI DSS Common Myths

PCI DSS: Infrastructure Security

by John Elliott

Oct 21, 2019 / 1h 49m

1h 49m

Start Course
Description

The key to achieving PCI DSS compliance is a thorough knowledge of each of the sub-requirements and how they will be assessed. In this course, PCI DSS: Infrastructure Security, you’ll learn how to interpret PCI DSS requirements 1 and 2, and apply them to your organization. First, you’ll learn how PCI DSS wants a firewall configuration to be built and maintained to protect cardholder data. Next, you’ll explore the requirement to not use vendor-supplied defaults for systems passwords and other security parameters. Finally, you’ll discover practical insights about both requirements from experienced PCI assessors. When you’ve finished with this course you will have the skills and knowledge to apply PCI DSS requirements 1 and 2 to any organization’s environment and to determine whether it is compliant with the demands of the standard.

Table of contents
  1. Course Overview
  2. Requirement 1: Install and Maintain a Firewall Configuration
  3. Requirement 1 Continued: Install and Maintain a Personal Firewall
  4. Requirement 2: Do not Use Vendor-supplied Defaults

PCI DSS: Securing Data, Systems, and Applications

by John Elliott

Oct 24, 2019 / 3h 16m

3h 16m

Start Course
Description

The key to achieving PCI DSS compliance is a thorough knowledge of each of the sub-requirements and how they will be assessed. In this course, PCI DSS: Securing Data, Systems, and Applications, you’ll learn how to interpret PCI DSS requirements 3 through 6 and apply them to your organization. First, you’ll learn how PCI DSS wants stored cardholder data to be protected. Next, you’ll explore the requirement to encrypt cardholder data in transit and the requirement to protect systems against malware. Then, you’ll take a look at the largest requirement in PCI DSS which is to develop and maintain secure systems and applications. Finally, you’ll discover practical insights about all four requirements from experienced PCI assessors. When you’ve finished with this course, you'll have the skills and knowledge to apply PCI DSS requirements 3 through 6 to an organization’s environment and to determine whether it is compliant with the demands of the standard.

Table of contents
  1. Course Overview
  2. Requirement 3: Storage of Cardholder Data
  3. Requirement 4: Encryption of Transmitted Cardholder Data
  4. Requirement 5: Anti-virus and Anti-malware
  5. Requirement 6: Vulnerability Management
  6. Requirement 6 Continued: Change Control in the CDE
  7. Requirement 6 Continued: Security in Software Development

PCI DSS: Restricting Access to Cardholder Data

by John Elliott

Dec 16, 2019 / 2h 8m

2h 8m

Start Course
Description

The key to achieving PCI DSS compliance is a thorough knowledge of each of the sub-requirements and how they will be assessed. In this course, PCI DSS: Restricting Access to Cardholder Data, you’ll learn how to interpret PCI DSS requirements 7, 8 & 9, and apply them to your organization. First, you’ll learn how PCI DSS wants role-based access and based on least privilege and need to know. Next, you’ll explore the long and prescriptive requirements about username, passwords and multi-factor authentication. Then you’ll take a look at the requirements related to the protection of cardholder data in physical format – written in paper and saved to electronic media. Finally, you’ll discover practical insights about both requirements from experienced PCI assessors. When you’ve finished with this course you will have the skills and knowledge to apply PCI DSS requirements 7, 8 and 9 to any organization’s environment and to determine whether it is compliant with the demands of the standard.

Table of contents
  1. Course Overview
  2. Requirement 7: Restrict Access to Cardholder Data
  3. Requirement 8: Assign a Unique ID to Each Person with Computer Access
  4. Requirement 9: Restrict Physical Access to Cardholder Data
  5. Requirement 9.9: Security for Point of Sale Devices

PCI DSS: Detection, Assurance, and Management

by John Elliott

Feb 6, 2020 / 3h 34m

3h 34m

Start Course
Description

The key to achieving PCI DSS compliance is a thorough knowledge of each of the sub-requirements and how they'll be assessed. In this course, PCI DSS: Detection, Assurance, and Management, you’ll learn how to interpret PCI DSS requirements 10, 11, & 12, and apply them to your network. First, you’ll learn the how PCI DSS wants access to network resources and cardholder data to be tracked and monitored. Next, you’ll explore the requirement to regularly test security systems and processes. You’ll also see the final requirement in PCI DSS which is to maintain a policy that addresses information security for all personnel. Finally, you’ll discover practical insights about all three requirements from experienced PCI assessors. When you’ve finished with this course you'll have the skills and knowledge to apply PCI DSS requirements 3, 4, 5, & 6 to an organization’s environment and to determine whether they are compliant with the demands of the standard.

Table of contents
  1. Course Overview
  2. Requirement 10: Track and Monitor Access to Resources and Data
  3. Requirement 11: Regularly Test Security Systems and Processes
  4. Requirement 11.3: Penetration Testing
  5. Requirement 12: Maintain a Policy that Addresses Information Security
  6. Requirement 12 Continued: Third-party Service Providers
  7. Requirement 12 Continued: Incident Management

PCI DSS: Achieving and Maintaining Compliance

by Jacob Ansari

May 22, 2020 / 4h 1m

4h 1m

Start Course
Description

It's time to bring together the theoretical knowledge of becoming PCI DSS compliant, and the practical knowledge of how the standard really works! In this course, PCI DSS: Achieving and Maintaining Compliance, you’ll gain the ability to take an organization on a PCI DSS compliance journey and understand the challenges in maintaining PCI DSS compliance. First, you’ll learn about who may ask you to comply with PCI DSS and the different ways that you can demonstrate your compliance. Next you’ll explore how to determine what people, processes and technology that the PCI DSS requirements will apply to, and the ways to minimize these. Then, you'll discover what a Qualified Security Assessor (QSA) will do when they assess your compliance with the standard, and what you can do when your organization cannot comply with certain requirements. Finally, you’ll learn how to prevent control decay, scheduled tasks, and change from destroying your hard-won PCI DSS compliance. When you’ve finished with this course you'll have the skills and knowledge to pilot an organization through a successful PCI DSS compliance journey, and then maintain PCI DSS compliance year after year.

Table of contents
  1. Course Overview
  2. Introduction and Recap
  3. What Does Compliance Mean?
  4. The Journey to Compliance
  5. Scoping, Segmentation, and Scope Reduction
  6. Using and Assessing the Standard
  7. The Assessment Process
  8. Maintaining Compliance