3 Days Left to Save $250 on SANS Boston 2009! >> More Info
the most trusted source for computer security training, certification and research
select a course
Global Information Assurance Certification

SANS is the fastest way to go from an Information Security beginner to an Information Security guru.
-Dave Howard, Emerson

AUDIT 521

Meeting the Minimum: PCI/DSS 1.2: Becoming and Staying Compliant

6 CPE Credits Per Day

The payment card industry has been working over the past several years to formalize a standard for security practices that are required for organizations who process or handle payment card transactions. The fruit of this labor is the Payment Card Industry Data Security Standard (currently at version 1.2).

This standard, which started life as the Visa Digital Dozen, is a set of focused comprehensive controls for managing the risks surrounding payment card transactions, particularly over the Internet. Of course, compliance validation is one of the requirements. This course was created to allow organizations to exercise due care by performing internal validations through a repeatable, objective process. While the course will cover all of the requirements of the standard, the primary focus is on the technical controls and how they can be measured. Every student will leave the class with a toolkit that can be used to validate any PCI/DSS environment technically and the knowledge of how to use it.

WebScarab demo by David Hoelzer. Download will take several minutes. http://enclaveforensics.com/page6/files/page6-1000-pop.html

  • Who Should Attend
    • Managers overseeing PCI/DSS compliance
    • External auditors performing PCI/DSS validation
    • Security professionals operating in a PCI/DSS compliant environment
    • Internal auditors desiring to validate interim compliance
  • Sampling of Topics
    • Requirements for compliance
    • Compliance guidance for each control
    • Suite of tools for validating technical compliance
    • Explanation of alternative controls
    • Discussion of determining scope for compliance requirements

The industry knowledge of the SANS instructors is without compare and the free night courses add immeasurable value to the conferences.
-Ken Rode, Unapen, Inc.

Author Statement

This class is a lot of fun. In this short course we have the opportunity to examine a well written security standard and wrap an easy to use tool kit around it, allowing anyone who comes to perform fairly advanced technical validations through an exceedingly simple process. I think that any organization that has to adhere to PCI, any organization that performs external compliance validations and even the people who are maintaining the standard in the payment card industry will see immense value from attending.
- David Hoelzer

AUDIT 521 :: Meeting the Minimum: PCI/DSS 1.2: Becoming and Staying Compliant
Community SANS Dublin 2009 Dublin, Ireland September 07, 2009 - September 15, 2009
SANS Future Visions 2009 Tokyo Tokyo, Japan July 15, 2009 - July 17, 2009
SANS OnDemand Online Training & Assessments Anytime
SANS SelfStudy Books and .MP3s Only Anytime