PCI DSS: Restricting Access to Cardholder Data

Focused View

Jacob Ansari

2:06:24

101 View

1 - Course Overview

1. Course Overview.mp4

01:50

2 - Requirement 7

1. Navigating the PCI DSS Standards.mp4

04:33

2. Requirement 7.1.mp4

04:10

3. Requirement 7.2.mp4

01:26

4. Requirement 7.3.mp4

00:41

5. Strategies for Success with Requirement 7.mp4

04:46

6. Where Requirement 7 Goes Wrong.mp4

00:46

7. What Is an Access Control System_.mp4

01:54

8. The Second QSA Assessment, Compromises, and Compensating Controls.mp4

02:28

3 - Requirement 8

1. Requirement 8.1.mp4

08:01

2. Requirement 8.2.mp4

07:05

3. Requirement 8.3.mp4

02:44

4. Requirement 8.4.mp4

01:02

5. Requirement 8.5.mp4

02:05

6. Requirement 8.6.mp4

00:47

7. Requirement 8.7.mp4

01:16

8. Requirement 8.8.mp4

00:57

9. Understanding the User Life Cycle and Service Accounts.mp4

04:31

10. Passwords and Password Managers.mp4

05:10

11. Multi-factor Authentication and Jump Hosts.mp4

04:03

12. SSH Keys and MFA.mp4

01:58

13. Typical Identification and Authentication Failures.mp4

03:10

14. Database Access Restrictions (Requirement 8.7).mp4

02:16

15. Assessment Failures, Crummy MFA, and Data Compromises.mp4

03:47

4 - Requirement 9

1. Requirement 9.1.mp4

08:13

2. Requirement 9.2.mp4

01:13

3. Requirement 9.3.mp4

01:21

4. Requirement 9.4.mp4

02:55

5. Requirement 9.5.mp4

01:35

6. Requirement 9.6.mp4

03:25

7. Requirement 9.7.mp4

01:48

8. Requirement 9.8.mp4

02:52

9. Why QSAs Fixate on Physical Requirements.mp4

02:49

10. The Labelling Media Myth.mp4

01:08

11. CCTV, Legal Constraints, and Outsourced Data Centers.mp4

02:32

12. Physical Security & Data Breaches, and Assessments.mp4

04:29

5 - Requirement 9.9

1. Requirement 9.9.mp4

06:22

2. Requirement 9.10.mp4

01:04

3. The Scope and Challenges of Requirement 9.9.mp4

06:56

4. Risk, Tethering, and Defining Periodic for Different Types of Merchants.mp4

04:48

5. Managing Access to Cardholder Data.mp4

01:28

Description

Requirements 7, 8 & 9 of PCI DSS version 3.2.1 are to Implement Strong Access Control Measures for logical and physical cardholder data. You'll understand what each requirement asks for and discover practical guidance from experienced PCI assessors.

What You'll Learn?

The key to achieving PCI DSS compliance is a thorough knowledge of each of the sub-requirements and how they will be assessed. In this course, PCI DSS: Restricting Access to Cardholder Data, you’ll learn how to interpret PCI DSS requirements 7, 8 & 9, and apply them to your organization. First, you’ll learn how PCI DSS wants role-based access and based on least privilege and need to know. Next, you’ll explore the long and prescriptive requirements about username, passwords and multi-factor authentication. Then you’ll take a look at the requirements related to the protection of cardholder data in physical format – written in paper and saved to electronic media. Finally, you’ll discover practical insights about both requirements from experienced PCI assessors. When you’ve finished with this course you will have the skills and knowledge to apply PCI DSS requirements 7, 8 and 9 to any organization’s environment and to determine whether it is compliant with the demands of the standard.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Cyber Security

Network Security

Information Security

Jacob Ansari

Instructor's Courses

Jacob Ansari worked on Pluralsight courses that cover the topic of PCI DSS Standards.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.