Fundamentals of PCI-DSS

Focused View

Vasco Patrício,Vasco Patrício Executive Coaching

11:21:24

56 View

01 - Introduction

001 01-Course-Intro.pdf

001 All-Slides-Fundamentals-of-PCI-DSS.pdf

001 Introduction.mp4

02:44

002 Useful Information.html

02 - PCI-DSS Essentials

001 02-PCI-DSS-Essentials-01-Intro.pdf

001 Module Intro.mp4

03:42

002 02-PCI-DSS-Essentials-02-Terminology-Clarifications.pdf

002 Terminology Clarifications.mp4

18:46

003 02-PCI-DSS-Essentials-03-PCI-DSS-History.pdf

003 PCI-DSS History.mp4

08:01

004 02-PCI-DSS-Essentials-04-Merchant-Assessment.pdf

004 Merchant Assessment.mp4

21:02

005 02-PCI-DSS-Essentials-05-Anatomy-of-a-Payment-Flow.pdf

005 Anatomy of a Payment Flow.mp4

12:38

006 02-PCI-DSS-Essentials-06-Outro.pdf

006 Module Outro.mp4

02:56

03 - The 12 Requirements (v3.2.1)

001 03-The-12-Requirements-01-Intro.pdf

001 Module Intro.mp4

06:44

002 03-The-12-Requirements-02-Overview.pdf

002 Overview.mp4

31:53

003 03-The-12-Requirements-03-Requirement-1-Keep-a-Firewall.pdf

003 Requirement 1 Keep a Firewall.mp4

12:13

004 03-The-12-Requirements-04-Requirement-2-No-Defaults.pdf

004 Requirement 2 No Defaults.mp4

14:50

005 03-The-12-Requirements-05-Requirement-3-Protect-Stored-Data.pdf

005 Requirement 3 Protect Stored Data.mp4

15:24

006 03-The-12-Requirements-06-Requirement-4-Protect-Transmitted-Data.pdf

006 Requirement 4 Protect Transmitted Data.mp4

07:52

007 03-The-12-Requirements-07-Requirement-5-Prevent-Malware.pdf

007 Requirement 5 Prevent Malware.mp4

09:08

008 03-The-12-Requirements-08-Requirement-6-Develop-Securely.pdf

008 Requirement 6 Develop Securely.mp4

15:29

009 03-The-12-Requirements-09-Requirement-7-Need-to-Know-Access.pdf

009 Requirement 7 Need-to-Know Access.mp4

07:43

010 03-The-12-Requirements-10-Requirement-8-Identify-Access.pdf

010 Requirement 8 Identify Access.mp4

15:43

011 03-The-12-Requirements-11-Requirement-9-Restrict-Physical-Access.pdf

011 Requirement 9 Restrict Physical Access.mp4

17:22

012 03-The-12-Requirements-12-Requirement-10-Monitor-Networks.pdf

012 Requirement 10 Monitor Networks.mp4

17:46

013 03-The-12-Requirements-13-Requirement-11-Test-Regularly.pdf

013 Requirement 11 Test Regularly.mp4

11:57

014 03-The-12-Requirements-14-Requirement-12-InfoSec-Policy.pdf

014 Requirement 12 InfoSec Policy.mp4

22:25

015 03-The-12-Requirements-15-General-Patterns-and-Recap.pdf

015 General Patterns and Recap.mp4

33:19

016 03-The-12-Requirements-16-Outro.pdf

016 Module Outro.mp4

05:00

04 - Outro

001 04-Course-Outro.pdf

001 All-Slides-Fundamentals-of-PCI-DSS.pdf

001 Course Outro.mp4

02:28

05 - Additional Module Security Controls

001 Intro.mp4

00:26

002 Acquisition Strategy.mp4

08:35

002 Security-Controls-Acquisition-Strategy.pdf

003 Code Analysis.mp4

07:12

003 Security-Controls-Code-Analysis.pdf

004 Code Signing.mp4

07:31

004 Security-Controls-Code-Signing.pdf

005 Controls by Data Classification.mp4

08:53

005 Security-Controls-Controls-By-Data-Classification.pdf

006 Criticality Analysis.mp4

07:36

006 Security-Controls-Criticality-Analysis.pdf

007 Cryptographic Protection.mp4

07:37

007 Security-Controls-Cryptographic-Protection.pdf

008 Cyber Threat Hunting.mp4

09:02

008 Security-Controls-Cyber-Threat-Hunting.pdf

009 Data De-Identification and Anonymisation.mp4

09:06

009 Security-Controls-Data-De-Identification-Anonymisation.pdf

010 Data Governance Structures.mp4

08:41

010 Security-Controls-Data-Governance-Structures.pdf

011 Data Purpose and Authority.mp4

09:32

011 Security-Controls-Data-Usage-Purpose-Authority.pdf

012 Data Retention and Disposal.mp4

08:33

012 Security-Controls-Data-Retention-Disposal.pdf

013 Defense-In-Depth (DID).mp4

08:14

013 Security-Controls-Defense-In-Depth-DID.pdf

014 Information Tainting.mp4

08:47

014 Security-Controls-Information-Tainting.pdf

015 Locked RoomsDevicesPorts.mp4

06:35

015 Security-Controls-Locked-Rooms-Devices-Ports.pdf

016 Media DowngradingRedacting.mp4

09:46

016 Security-Controls-Media-Downgrading-Redacting.pdf

017 Physical Media Protection.mp4

07:22

017 Security-Controls-Physical-Media-Protection.pdf

018 Provider Assessment and Monitoring.mp4

08:36

018 Security-Controls-Provider-Assessment-Monitoring.pdf

019 SecurityPrivacy Architectures.mp4

08:30

019 Security-Controls-Security-Privacy-Architectures.pdf

020 Security-Controls-System-Safe-Modes.pdf

020 System Safe Modes.mp4

08:35

021 Security-Controls-Thin-Diskless-Devices.pdf

021 ThinDiskless Devices.mp4

08:33

022 Security-Controls-Usage-Agreements.pdf

022 Usage Agreements.mp4

07:38

023 Security-Controls-Visitor-Controls.pdf

023 Visitor Controls.mp4

08:44

024 Outro.mp4

00:13

06 - Additional Module Pitching Technical Projects

001 01-Module-Intro.pdf

001 Introduction.mp4

02:50

002 02-Assembling-01-Intro.pdf

002 Assembling Introduction.mp4

02:15

003 02-Assembling-02-Actions-and-Implementation.pdf

003 Assembling Actions and Implementation.mp4

06:42

004 02-Assembling-03-Roles-and-Responsibilities.pdf

004 Assembling Roles and Responsibilities.mp4

06:02

005 02-Assembling-04-Scope-Framework-Roadmap.pdf

005 Assembling Scope, Framework, Roadmap.mp4

08:39

006 02-Assembling-05-Governance-Structures.pdf

006 Assembling Governance Structures.mp4

06:45

007 02-Assembling-06-Trackable-Metrics.pdf

007 Assembling Trackable Metrics.mp4

06:37

008 03-Presenting-01-Intro.pdf

008 Presenting Introduction.mp4

02:12

009 03-Presenting-02-Recency-and-Primacy.pdf

009 Presenting Recency and Primacy.mp4

07:35

010 03-Presenting-03-Leveraging-Specifics.pdf

010 Presenting Leveraging Specifics.mp4

07:56

011 03-Presenting-04-Displayed-Authority.pdf

011 Presenting Displayed Authority.mp4

07:05

012 03-Presenting-05-The-Heros-Journey.pdf

012 Presenting The Heros Journey.mp4

06:15

013 03-Presenting-06-Tiredness-and-Distraction.pdf

013 Presenting Tiredness and Distraction.mp4

06:06

014 04-Dealing-with-Objections-01-Intro.pdf

014 Dealing with Objections Introduction.mp4

02:28

015 04-Dealing-with-Objections-02-Flipping-and-Diagnosing.pdf

015 Dealing with Objections Flipping and Diagnosing.mp4

07:47

016 04-Dealing-with-Objections-03-UP-Answers.pdf

016 Dealing with Objections UP Answers.mp4

07:22

017 04-Dealing-with-Objections-04-Progress-and-Loss.pdf

017 Dealing with Objections Progress and Loss.mp4

08:05

018 04-Dealing-with-Objections-05-Political-Capital.pdf

018 Dealing with Objections Political Capital.mp4

05:01

019 05-Securing-Buy-In-01-Intro.pdf

019 Securing Buy-In Introduction.mp4

01:52

020 05-Securing-Buy-In-02-Implementation-and-Opinions.pdf

020 Securing Buy-In Implementation and Opinions.mp4

08:23

021 05-Securing-Buy-In-03-Tailored-Benefits.pdf

021 Securing Buy-In Tailored Benefits.mp4

06:10

022 05-Securing-Buy-In-04-Effort-Shaping.pdf

022 Securing Buy-In Effort Shaping.mp4

08:36

023 05-Securing-Buy-In-05-Future-Lock-In.pdf

023 Securing Buy-In Future Lock-In.mp4

06:38

024 06-Full-Run-Throughs-01-Intro.pdf

024 Full Runthroughs Introduction.mp4

02:36

025 06-Full-Run-Throughs-02-Pitching-PCI-DSS.pdf

025 Full Runthroughs Pitching PCI-DSS.mp4

08:39

026 06-Full-Run-Throughs-03-Pitching-Vendor-Assessments.pdf

026 Full Runthroughs Pitching Vendor Assessments.mp4

08:32

027 06-Full-Run-Throughs-05-Pitching-Data-Governance.pdf

027 Full Runthroughs Pitching Data Governance.mp4

08:34

028 06-Full-Run-Throughs-04-Pitching-Data-Management.pdf

028 Full Runthroughs Pitching Data Management.mp4

08:53

029 07-Module-Outro.pdf

029 Module Outro.mp4

02:30

07 - Bonus Lecture

001 Bonus Lecture.mp4

00:57

Description

Learn everything about the Payment Card Industry Data Security Standards, including assessment and the 12 requirements.

What You'll Learn?

You'll learn about the terminology essential to the PCI-DSS, such as CDE, CHD, SAD, PANs, SAQs, ROCs, QSAs, as well as other payment industry terms
You'll learn about the history of the PCI-DSS and its major revisions
You'll learn about how the assessment process works, with ROCs and SAQs, and a clarification of the 8 types of SAQs
You'll learn everything about Requirement 1, involving having a firewall configuration to isolate your card data, network documentation and more
You'll learn everything about Requirement 2, including changing vendor defaults, isolating server functionality and securing vulnerabilities in devices
You'll learn everything about Requirement 3 in terms of securing stored data, including encryption protocols, key lifecycle, key management and more
You'll learn everything about Requirement 4, protecting data in transit, including masking plaintext PANs and using strong encryption protocols such as WPA/WPA2
You'll learn everything about Requirement 5, in terms of preventing malware through an antivirus solution that is frequently updated and frequently runs scans
You'll learn everything about Requirement 6, in terms of developing securely, doing regular vulnerability assessment and patching
You'll learn everything about Requirement 7, in terms of limiting access to card data by "need-to-know", minimising who accesses it formally
You'll learn everything about Requirement 8, in terms of identifying access through unique user IDs, strong authentication and MFA, password practices and more
You'll learn everything about Requirement 9, in terms of physical security, visitor identification/authorisation, as well as media storage/transport/destruction
You'll learn everything about Requirement 10, in terms of having a logging solution, logging specific required events, specific data points, and log integrity
You'll learn everything about Requirement 11, in terms of doing regular AP (authorised + rogue) and IP audits, vulnerability testing, pentesting, etc
You'll learn everything about Requirement 12, in terms of having a company-wide InfoSec policy, including employee screening, third-party screening, etc

Who is this for?

You're any payment professional looking to know more about information security of card data

You're any InfoSec professional looking to know more about the information security requirements of the PCI-DSS

You're any payment professional that wants to better protect card data in their systems

What You Need to Know?

You don't need any prior knowledge (knowledge of the payment industry or InfoSec helps, but is NOT required)

More details

Description
SECUREÂ YOURÂ DATA, SECUREÂ YOURÂ KNOWLEDGE
You may know that payment fraud has risen over time, and unfortunately is not slowing down.
The PCI-DSS, or Payment Card Industry Data Security Standards, are a set of strict standards for any organisation dealing with card data.
They tell you how to store and transmit these data.
However, you'll hardly find a course that both covers the technical knowledge, but also practical applications and examples.
In short, most PCI-DSS courses are either only about the tech, or about the business.
If only you could find a course that combined both...
Well... that's what this course aims to change.

LETÂ MEÂ TELLÂ YOU... EVERYTHING
Some people - including me - love to know what they're getting in a package.
And by this, IÂ mean, EVERYTHING that is in the package.
So, here is a list of everything that this course covers:
You'll learn about the clarification of all terms used in the PCI-DSS, including what is the CDE, what is CHD, SAD, whether an organisation must take an ROC or SAQ, as well as some "general" payment industry terms such as what is an issuing bank and an acquiring bank;
You'll learn about the history of the PCI-DSS since 2004, with several iterations and its own release lifecycle;
You'll learn about the merchant assessment process, based on their classification from Level 1-4, and how both SAQs and ROCs work, as well as the 8 different types of SAQs, and the types of machines/merchants they target, including the SAQ-A and SAQ-A-EP, the SAQ-B and SAQ-B-IP, the SAQ-C and SAQ-C-VT, the SAQ-P2PE-HW, and finally, the most general SAQ-D;
You'll learn about the anatomy of a payment process, involving a cardholder and a merchant, from authorisation to authentication, clearing and settlement, and the role of the issuing bak, the acquiring bank and the card company;
You'll learn about an overview of all 12 PCI-DSS requirements, as well as their relationship with the 6 goals;
You'll learn all about Requirement 1Â (Have a Firewall), including firewall configurations and standards, documentation on network topology and card data flows, setting up a DMZ, rejecting unsecured traffic, and more;
You'll learn all about Requirement 2 (No Defaults), about removing default passwords/accounts/strings from devices, but also isolating server functionality and removing unnecessary ports/services/apps that may present vulnerabilities;
You'll learn all about Requirement 3 (Protect Stored Data), about using strong encryption to protect cardholder data, as well as having proper data retention policies, data purging, as well as masking plaintext PANs, not storing SAD, and using proper key management and key lifecycle procedures;
You'll learn all about Requirement 4 (Protect Transmitted Data), about using strong encryption when transmitting CHDÂ across public networks such as cellular or satellite, as well as masking plaintext PANs in transit, especially across IMÂ channels;
You'll learn all about Requirement 5 (Prevent Malware), about having an antivirus solution on all commonly affected computers in order to prevent malware, as well as access control policies to prevent disabling AV software;
You'll learn all about Requirement 6 (Develop Securely), about doing vulnerability ranking and timely patch installation for both internal and 3rd-party applications, as well as including security requirements in the SDLC, as well as training developers to protect against common exploits such as code injections, buffer overflows and many others;
You'll learn all about Requirement 7 (Need-to-Know Access), about limiting access to CHDÂ by personnel as much as possible, defining permissions by role, and having a formal mechanism for access control to consolidate this, such as LDAP, AD or ACLs;
You'll learn all about Requirement 8 (Identify Access), about tying each action to a unique user, including forcing unique IDs, automatic logouts on inactivity, lockouts on wrong password attempts, removing inactive accounts, limiting third-party access, forbidding the use of shared IDs, forcing physical security measures to be used only by the intended user, and more;
You'll learn all about Requirement 9 (Restrict Physical Access), about authorising and distinguishing visitors, enforcing access control to rooms with CHD, as well as the proper transport, storage and disposal of physical media containing CHD, with different sensitivity levels;
You'll learn all about Requirement 10 (Monitor Networks), about logging. Having a logging solution that is operating, logging specific events (such as all failed operations, all admin operations, all operations on CHD, etc), logging specific elements in each event (such as the user ID, the operation status, the affected resource, etc), as well as having a single time synchronisation mechanism for all logs, FIM (File Integrity Monitoring) on logs, frequent log review and proper log retention;
You'll learn all about Requirement 11 (Test Regularly), about performing regular scans for Access Points (APs), both authorised and non-authorised ones, as well as regular vulnerability scanning and regular penetration testing (from inside and outside, and multiple layers), as well as having FIM (File Integrity Monitoring) on all critical files, as well as having an IDS/IPSÂ (Intrusion Detection/Prevention System)Â to prevent attacks;
You'll learn all about Requirement 12 (Have an InfoSecÂ Policy), which covers roles, responsibilities and owners at levels of the organisation, including varied topics such as technology usage policies, employee screening, employee awareness, third-party selection criteria, regular risk and vulnerability assessments, among others;
You'll learn about a review of all 12 requirements and general patterns among them, such as "denying everything"Â by default, using common sense for certain parameters, enforcing change management on all changes, and always prioritising security (both logical and physical);

MYÂ INVITATIONÂ TOÂ YOU
Remember that you always have a 30-day money-back guarantee, so there is no risk for you.
Also, I suggest you make use of the free preview videos to make sure the course really is a fit. I don't want you to waste your money.
If you think this course is a fit and can take your fraud prevention knowledge to the next level... it would be a pleasure to have you as a student.
See you on the other side!
Who this course is for:
You're any payment professional looking to know more about information security of card data
You're any InfoSec professional looking to know more about the information security requirements of the PCI-DSS
You're any payment professional that wants to better protect card data in their systems

User Reviews

Rating

average 0

Total votes0

Focused display

I have what could be considered an unconventional background as a coach. I don’t come from psychology or medicine. In fact, I come from tech. I created two tech startups that reached million-dollar valuations, backed by the MIT-Portugal IEI startup accelerator, afterwards becoming its Intelligence Lead.After years of coaching and mentoring startup founders on talent management, emotional management, influence and persuasion, among other topics, I started being requested by executives and investors, like venture capitalists, with more complex, large-scale problems.After years of doing executive work, I started specializing in coaching asset management professionals. With the signing of my first fund manager/CIO clients, I started adapting my performance and influence techniques for purposes such as talent management for PMs and analysts, fundraising from allocators, effective leading a team, and properly assessing talent for compensation/promotion/allocation increases.I currently provide performance coaching and influence/persuasion coaching for executives and asset management professionals, mostly but not limited to purposes like managing people, leading and closing sales/capital commitments.

Vasco Patrício Executive Coaching

Instructor's Courses

Executive coaching for top C-Level excutives, VPs, and senior corporate leaders. Touching on topics ranging from talent management to leadership and others.We started by coaching startup founders (the project name at the time was The Rewired Founder, involving A-lister Silicon Valley founders and VC investors), and then pivoted to CEOs and executives.We mostly work with hedge fund managers and medical device CEOs, although we have done work with relevant executives in many other industries.

Udemy

View courses Udemy

Students take courses primarily to improve job-related skills.Some courses generate credit toward technical certification. Udemy has made a special effort to attract corporate trainers seeking to create coursework for employees of their company.