E-learning Course: GDPR Safeguarding Personal Data with PCI DSS

PCI DSS basics
The PCI ecosystem
Why is PCI DSS important?
Examples: Information security breaches
Consequences of non-compliance
Exercise: Do you know?
You make the call: Fact or fiction?
How PCI DSS works
PCI DSS merchant levels
You make the call: Distinguishing between merchant levels
The goals of PCI DSS
You make the call: PCI DSS goals and requirements
Requirement 12: Maintain an information security policy
You make the call: Developing the security policy
Requirement 1: Install and maintain a firewall
Exercise: Rules for firewalls and router configurations
Requirement 2: Don't use defaults for system passwords and other security parameters
Examples: Malware
Requirement 3: Protect stored cardholder data
Key features of payment cards
You make the call: Rules for storing payment card data
You make the call: Taking action with payment card data
Masking the PAN and other payment card data
When is masking required?
Exercise: Applying the rules
Requirement 4: Encrypting the transmission of cardholder data
Safeguarding cardholder data with encryption

Maintaining a vulnerability management program
Requirement 5: Use and regularly update anti-virus software
Taking preventive action against malware
Scenario: Rajan's systems maintenance 1
Scenario: Rajan's systems maintenance 2
Requirement 6: Develop and maintain secure systems and applications
Exercise: Maintaining secure systems and applications
Exercise: Change control best practice
Access control measures
Requirement 7: Restrict access to cardholder data by business need to know
Exercise: Access control
Requirement 8: Assign a unique ID to each person with computer access
You make the call: Identifying and authenticating access to cardholder data
Exercise: Passwords
You make the call: Authentication
Password Pitfalls
Requirement 9: Restricting physical access to cardholder data
Requirement 9: Restricting physical access to cardholder data
Exercise: Physical access
Exercise: Procedures for visitors
Exercise: Signs of tampering
Recap of the key rules
Monitoring and testing networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Test security systems and processes
You make the call: Penetration testing

Duration	Approximately 30 minutes
Audience	Suitable for all staff - includes examples and interactivities designed for staff at all levels and best practice do's and don'ts for managers
Prerequisites	No previous knowledge or experience required
Design	SHARD-compliant, responsive display on all devices, accessibility on screen readers, visual design controlled via client style sheet
Assessment	Ten-question assessment
Test-out	Ability to offer optional test-out, whereby users can choose to skip the course content and complete the learning assignment simply by passing the assessment
iExpress	Supplementary four-minute iExpress interactive video provided to create awareness and interest about the topic
Deployment	AICC and SCORM 1.2-compliant, suitable for both hosted and deployed SCORM or AICC
Compatibility	All Windows, Mac OSX, iOS, Android (Flash-free for mobile compatibility)
Tailoring	Fully customisable on Skillcast Portal CMS
Translation	Pre-translated versions not available, but all text content can be exported for translation into all languages
Localisation	Based on UK legislation, but suitable for global audiences upon the removal of UK-specific references and translation as necessary

Safeguarding Personal Data with PCI DSS