Fundamentals of PCI-DSS
https://DevCourseWeb.com
Last updated 12/2022
Created by Vasco Patrício,Vasco Patrício Executive Coaching
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz, 2 Ch
Genre: eLearning | Language: English + srt | Duration: 79 Lectures ( 11h 22m ) | Size: 3.76 GB
Learn everything about the Payment Card Industry Data Security Standards, including assessment and the 12 requirements.
What you'll learn
You'll learn about the terminology essential to the PCI-DSS, such as CDE, CHD, SAD, PANs, SAQs, ROCs, QSAs, as well as other payment industry terms
You'll learn about the history of the PCI-DSS and its major revisions
You'll learn about how the assessment process works, with ROCs and SAQs, and a clarification of the 8 types of SAQs
You'll learn everything about Requirement 1, involving having a firewall configuration to isolate your card data, network documentation and more
You'll learn everything about Requirement 2, including changing vendor defaults, isolating server functionality and securing vulnerabilities in devices
You'll learn everything about Requirement 3 in terms of securing stored data, including encryption protocols, key lifecycle, key management and more
You'll learn everything about Requirement 4, protecting data in transit, including masking plaintext PANs and using strong encryption protocols such as WPA/WPA2
You'll learn everything about Requirement 5, in terms of preventing malware through an antivirus solution that is frequently updated and frequently runs scans
You'll learn everything about Requirement 6, in terms of developing securely, doing regular vulnerability assessment and patching
You'll learn everything about Requirement 7, in terms of limiting access to card data by "need-to-know", minimising who accesses it formally
You'll learn everything about Requirement 8, in terms of identifying access through unique user IDs, strong authentication and MFA, password practices and more
You'll learn everything about Requirement 9, in terms of physical security, visitor identification/authorisation, as well as media storage/transport/destruction
You'll learn everything about Requirement 10, in terms of having a logging solution, logging specific required events, specific data points, and log integrity
You'll learn everything about Requirement 11, in terms of doing regular AP (authorised + rogue) and IP audits, vulnerability testing, pentesting, etc
You'll learn everything about Requirement 12, in terms of having a company-wide InfoSec policy, including employee screening, third-party screening, etc
Requirements
You don't need any prior knowledge (knowledge of the payment industry or InfoSec helps, but is NOT required)