Udemy
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
Development
Web Development Data Science Mobile Development Programming Languages Game Development Database Design & Development Software Testing Software Engineering Software Development Tools No-Code Development
Business
Entrepreneurship Communication Management Sales Business Strategy Operations Project Management Business Law Business Analytics & Intelligence Human Resources Industry E-Commerce Media Real Estate Other Business
Finance & Accounting
Accounting & Bookkeeping Compliance Cryptocurrency & Blockchain Economics Finance Finance Cert & Exam Prep Financial Modeling & Analysis Investing & Trading Money Management Tools Taxes Other Finance & Accounting
IT & Software
IT Certifications Network & Security Hardware Operating Systems & Servers Other IT & Software
Office Productivity
Microsoft Apple Google SAP Oracle Other Office Productivity
Personal Development
Personal Transformation Personal Productivity Leadership Career Development Parenting & Relationships Happiness Esoteric Practices Religion & Spirituality Personal Brand Building Creativity Influence Self Esteem & Confidence Stress Management Memory & Study Skills Motivation Other Personal Development
Design
Web Design Graphic Design & Illustration Design Tools User Experience Design Game Design 3D & Animation Fashion Design Architectural Design Interior Design Other Design
Marketing
Digital Marketing Search Engine Optimization Social Media Marketing Branding Marketing Fundamentals Marketing Analytics & Automation Public Relations Paid Advertising Video & Mobile Marketing Content Marketing Growth Hacking Affiliate Marketing Product Marketing Other Marketing
Lifestyle
Arts & Crafts Beauty & Makeup Esoteric Practices Food & Beverage Gaming Home Improvement & Gardening Pet Care & Training Travel Other Lifestyle
Photography & Video
Digital Photography Photography Portrait Photography Photography Tools Commercial Photography Video Design Other Photography & Video
Health & Fitness
Fitness General Health Sports Nutrition & Diet Yoga Mental Health Martial Arts & Self Defense Safety & First Aid Dance Meditation Other Health & Fitness
Music
Instruments Music Production Music Fundamentals Vocal Music Techniques Music Software Other Music
Teaching & Academics
Engineering Humanities Math Science Online Education Social Science Language Learning Teacher Training Test Prep Other Teaching & Academics
Web Development JavaScript React Angular CSS Node.Js PHP HTML5 Vue JS
AWS Certification Microsoft Certification AWS Certified Solutions Architect - Associate AWS Certified Cloud Practitioner CompTIA A+ Amazon AWS Cisco CCNA Microsoft AZ-900 AWS Certified Developer - Associate
Microsoft Power BI SQL Tableau Data Modeling Business Analysis Business Intelligence MySQL Qlik Sense Blockchain
Unity Unreal Engine Game Development Fundamentals C# 3D Game Development C++ Unreal Engine Blueprints 2D Game Development Virtual Reality
Google Flutter Android Development iOS Development React Native Swift Dart (programming language) Mobile App Development Kotlin SwiftUI
Graphic Design Photoshop Adobe Illustrator Drawing Digital Painting Canva InDesign Character Design Procreate Digital Illustration App
Life Coach Training Neuro-Linguistic Programming Personal Development Personal Transformation Life Purpose Mindfulness Meditation CBT Cognitive Behavioral Therapy Sound Therapy
Entrepreneurship Fundamentals Business Fundamentals Freelancing Business Strategy Startup Business Plan Online Business Blogging Home Business
Digital Marketing Social Media Marketing Marketing Strategy Internet Marketing Google Analytics Copywriting Email Marketing YouTube Marketing Drop Servicing
2022-04-30T19:40:29Z

IT & SoftwareNetwork & SecurityPCI DSS

Fundamentals of PCI-DSS

Learn everything about the Payment Card Industry Data Security Standards, including assessment and the 12 requirements.
Bestseller
Rating: 4.6 out of 54.6 (176 ratings)
2,763 students
Created by Vasco Patrício, Vasco Patrício Executive Coaching
Last updated 11/2021
English
English

What you'll learn

  • You'll learn about the terminology essential to the PCI-DSS, such as CDE, CHD, SAD, PANs, SAQs, ROCs, QSAs, as well as other payment industry terms
  • You'll learn about the history of the PCI-DSS and its major revisions
  • You'll learn about how the assessment process works, with ROCs and SAQs, and a clarification of the 8 types of SAQs
  • You'll learn everything about Requirement 1, involving having a firewall configuration to isolate your card data, network documentation and more
  • You'll learn everything about Requirement 2, including changing vendor defaults, isolating server functionality and securing vulnerabilities in devices
  • You'll learn everything about Requirement 3 in terms of securing stored data, including encryption protocols, key lifecycle, key management and more
  • You'll learn everything about Requirement 4, protecting data in transit, including masking plaintext PANs and using strong encryption protocols such as WPA/WPA2
  • You'll learn everything about Requirement 5, in terms of preventing malware through an antivirus solution that is frequently updated and frequently runs scans
  • You'll learn everything about Requirement 6, in terms of developing securely, doing regular vulnerability assessment and patching
  • You'll learn everything about Requirement 7, in terms of limiting access to card data by "need-to-know", minimising who accesses it formally
  • You'll learn everything about Requirement 8, in terms of identifying access through unique user IDs, strong authentication and MFA, password practices and more
  • You'll learn everything about Requirement 9, in terms of physical security, visitor identification/authorisation, as well as media storage/transport/destruction
  • You'll learn everything about Requirement 10, in terms of having a logging solution, logging specific required events, specific data points, and log integrity
  • You'll learn everything about Requirement 11, in terms of doing regular AP (authorised + rogue) and IP audits, vulnerability testing, pentesting, etc
  • You'll learn everything about Requirement 12, in terms of having a company-wide InfoSec policy, including employee screening, third-party screening, etc

Requirements

  • You don't need any prior knowledge (knowledge of the payment industry or InfoSec helps, but is NOT required)

Description

SECURE YOUR DATA, SECURE YOUR KNOWLEDGE

You may know that payment fraud has risen over time, and unfortunately is not slowing down.

The PCI-DSS, or Payment Card Industry Data Security Standards, are a set of strict standards for any organisation dealing with card data.

They tell you how to store and transmit these data.

However, you'll hardly find a course that both covers the technical knowledge, but also practical applications and examples.

In short, most PCI-DSS courses are either only about the tech, or about the business.

If only you could find a course that combined both...

Well... that's what this course aims to change.




LET ME TELL YOU... EVERYTHING

Some people - including me - love to know what they're getting in a package.

And by this, I mean, EVERYTHING that is in the package.

So, here is a list of everything that this course covers:

  • You'll learn about the clarification of all terms used in the PCI-DSS, including what is the CDE, what is CHD, SAD, whether an organisation must take an ROC or SAQ, as well as some "general" payment industry terms such as what is an issuing bank and an acquiring bank;

  • You'll learn about the history of the PCI-DSS since 2004, with several iterations and its own release lifecycle;

  • You'll learn about the merchant assessment process, based on their classification from Level 1-4, and how both SAQs and ROCs work, as well as the 8 different types of SAQs, and the types of machines/merchants they target, including the SAQ-A and SAQ-A-EP, the SAQ-B and SAQ-B-IP, the SAQ-C and SAQ-C-VT, the SAQ-P2PE-HW, and finally, the most general SAQ-D;

  • You'll learn about the anatomy of a payment process, involving a cardholder and a merchant, from authorisation to authentication, clearing and settlement, and the role of the issuing bak, the acquiring bank and the card company;

  • You'll learn about an overview of all 12 PCI-DSS requirements, as well as their relationship with the 6 goals;

  • You'll learn all about Requirement 1 (Have a Firewall), including firewall configurations and standards, documentation on network topology and card data flows, setting up a DMZ, rejecting unsecured traffic, and more;

  • You'll learn all about Requirement 2 (No Defaults), about removing default passwords/accounts/strings from devices, but also isolating server functionality and removing unnecessary ports/services/apps that may present vulnerabilities;

  • You'll learn all about Requirement 3 (Protect Stored Data), about using strong encryption to protect cardholder data, as well as having proper data retention policies, data purging, as well as masking plaintext PANs, not storing SAD, and using proper key management and key lifecycle procedures;

  • You'll learn all about Requirement 4 (Protect Transmitted Data), about using strong encryption when transmitting CHD across public networks such as cellular or satellite, as well as masking plaintext PANs in transit, especially across IM channels;

  • You'll learn all about Requirement 5 (Prevent Malware), about having an antivirus solution on all commonly affected computers in order to prevent malware, as well as access control policies to prevent disabling AV software;

  • You'll learn all about Requirement 6 (Develop Securely), about doing vulnerability ranking and timely patch installation for both internal and 3rd-party applications, as well as including security requirements in the SDLC, as well as training developers to protect against common exploits such as code injections, buffer overflows and many others;

  • You'll learn all about Requirement 7 (Need-to-Know Access), about limiting access to CHD by personnel as much as possible, defining permissions by role, and having a formal mechanism for access control to consolidate this, such as LDAP, AD or ACLs;

  • You'll learn all about Requirement 8 (Identify Access), about tying each action to a unique user, including forcing unique IDs, automatic logouts on inactivity, lockouts on wrong password attempts, removing inactive accounts, limiting third-party access, forbidding the use of shared IDs, forcing physical security measures to be used only by the intended user, and more;

  • You'll learn all about Requirement 9 (Restrict Physical Access), about authorising and distinguishing visitors, enforcing access control to rooms with CHD, as well as the proper transport, storage and disposal of physical media containing CHD, with different sensitivity levels;

  • You'll learn all about Requirement 10 (Monitor Networks), about logging. Having a logging solution that is operating, logging specific events (such as all failed operations, all admin operations, all operations on CHD, etc), logging specific elements in each event (such as the user ID, the operation status, the affected resource, etc), as well as having a single time synchronisation mechanism for all logs, FIM (File Integrity Monitoring) on logs, frequent log review and proper log retention;

  • You'll learn all about Requirement 11 (Test Regularly), about performing regular scans for Access Points (APs), both authorised and non-authorised ones, as well as regular vulnerability scanning and regular penetration testing (from inside and outside, and multiple layers), as well as having FIM (File Integrity Monitoring) on all critical files, as well as having an IDS/IPS (Intrusion Detection/Prevention System) to prevent attacks;

  • You'll learn all about Requirement 12 (Have an InfoSec Policy), which covers roles, responsibilities and owners at levels of the organisation, including varied topics such as technology usage policies, employee screening, employee awareness, third-party selection criteria, regular risk and vulnerability assessments, among others;

  • You'll learn about a review of all 12 requirements and general patterns among them, such as "denying everything" by default, using common sense for certain parameters, enforcing change management on all changes, and always prioritising security (both logical and physical);




MY INVITATION TO YOU

Remember that you always have a 30-day money-back guarantee, so there is no risk for you.

Also, I suggest you make use of the free preview videos to make sure the course really is a fit. I don't want you to waste your money.

If you think this course is a fit and can take your fraud prevention knowledge to the next level... it would be a pleasure to have you as a student.

See you on the other side!

Who this course is for:

  • You're any payment professional looking to know more about information security of card data
  • You're any InfoSec professional looking to know more about the information security requirements of the PCI-DSS
  • You're any payment professional that wants to better protect card data in their systems

Instructors

Vasco Patrício
The Executive Kingmaker (MIT-Backed Entrepreneur & Coach)
Vasco Patrício
  • 4.5 Instructor Rating
  • 2,521 Reviews
  • 101,373 Students
  • 71 Courses

I have what could be considered an unconventional background as a coach. I don’t come from psychology or medicine. In fact, I come from tech. I created two tech startups that reached million-dollar valuations, backed by the MIT-Portugal IEI startup accelerator, afterwards becoming its Intelligence Lead.


After years of coaching and mentoring startup founders on talent management, emotional management, influence and persuasion, among other topics, I started being requested by executives and investors, like venture capitalists, with more complex, large-scale problems.


After years of doing executive work, I started specializing in coaching asset management professionals. With the signing of my first fund manager/CIO clients, I started adapting my performance and influence techniques for purposes such as talent management for PMs and analysts, fundraising from allocators, effective leading a team, and properly assessing talent for compensation/promotion/allocation increases.


I currently provide performance coaching and influence/persuasion coaching for executives and asset management professionals, mostly but not limited to purposes like managing people, leading and closing sales/capital commitments.

Vasco Patrício Executive Coaching
Founder psychology and startup optimization
Vasco Patrício Executive Coaching
  • 4.5 Instructor Rating
  • 397 Reviews
  • 101,167 Students
  • 2 Courses

Executive coaching for top C-Level excutives, VPs, and senior corporate leaders. Touching on topics ranging from talent management to leadership and others.

We started by coaching startup founders (the project name at the time was The Rewired Founder, involving A-lister Silicon Valley founders and VC investors), and then pivoted to CEOs and executives.

We mostly work with hedge fund managers and medical device CEOs, although we have done work with relevant executives in many other industries.

Top companies choose Udemy Business to build in-demand career skills.
NasdaqVolkswagenBoxNetAppEventbrite
  • Udemy Business
  • Teach on Udemy
  • Get the app
  • About us
  • Contact us
  • Careers
  • Blog
  • Help and Support
  • Affiliate
  • Investors
  • Impressum Kontakt
  • Terms
  • Privacy policy
  • Cookie settings
  • Sitemap
  • Accessibility statement
Udemy
© 2022 Udemy, Inc.