5 Days Left to Save $400 on SANS Security East 2015, New Orleans

Security West 2013

San Diego, CA | Tue, May 7 - Thu, May 16, 2013

AUD521: Meeting the Minimum: PCI/DSS 2.0: Becoming and Staying Compliant

The payment card industry has been working over the past several years to formalize a standard for security practices that are required for organizations that process or handle payment card transactions. The fruit of this labor is the Payment Card Industry Data Security Standard (currently at version 2.0).

This standard, which started life as the Visa Digital Dozen, is a set of focused comprehensive controls for managing the risks surrounding payment card transactions, particularly over the Internet. Of course, compliance validation is one of the requirements. This course was created to allow organizations to exercise due care by performing internal validations through a repeatable, objective process. While the course will cover all of the requirements of the standard, the primary focus is on the technical controls and how they can be measured. Every student will leave the class with a toolkit that can be used to validate any PCI/DSS environment technically and the knowledge of how to use it.

Course Syllabus
Course Contents InstructorsSchedule
  AUD521.1: Meeting the Minimum: PCI/DSS 2.0: Becoming and Staying Compliant David Hoelzer Wed May 15th, 2013
9:00 AM - 5:00 PM
Overview

On the first day of this class we will cover some of the history of the PCI and discuss the various compliance tiers that the standard defines. Time will also be spent covering some of the items that your organization should take care of before attempting to implement or comply with PCI. Following these discussions, detailed discussion of the PCI requirements will follow with a particular focus on measurable technical controls.

CPE/CMU Credits: 6

 
  AUD521.2: Meeting the Minimum: PCI/DSS 2.0: Becoming and Staying Compliant David Hoelzer Thu May 16th, 2013
9:00 AM - 5:00 PM
Overview

Day two of the PCI/DSS course picks up with requirement four of the PCI/DSS standard. Some of the major highlights for this day include a testing system for SSL configuration and certificates within our environment, validating protection of cardholder information in web transactions, and web application analysis. Students will have the opportunity to perform hands on testing of a live web environment using a set of specially developed tools and methods. By the end of this day, those attending will be prepared to perform technical validations of the most important technical requirements in the standard.

CPE/CMU Credits: 6

 
Additional Information
 
  Laptop Required

Audit 521 requires that you bring a laptop that meets the following minimum requirements. If your system does not meet these minimum requirements it is likely that you will have difficulty completing the hands on portion of the course.

  • DVD drive
  • 10 Gigabytes of free hard disk space
  • 2 Gigabytes of RAM
  • Processor running at 2 Gigahertz or higher
  • Windows XP, Vista, 7, or 8
  • Local administrator rights on the operating system

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

 

Author Statement

This class is a lot of fun. In this short course we have the opportunity to examine a well written security standard and wrap an easy to use tool kit around it, allowing anyone who comes to perform fairly advanced technical validations through an exceedingly simple process. I think that any organization that has to adhere to PCI, any organization that performs external compliance validations and even the people who are maintaining the standard in the payment card industry will see immense value from attending.

- David Hoelzer