PCI Training and Summit<br />- Training on PCI Compliance - 28-29 SEP<br />- Summit on What Works in PCI - 27 SEP<br />Location:  Cesear's Palace in Las Vegas<br />

Training Roadmap - Best Practices for Payment Application Companies


Visa has outlined security best practices that acquirers, merchants and agents should review and insist their payment application vendors, integrators and resellers fully adopt in order to promote stronger security processes that go beyond Payment Application Data Security Standard (PA-DSS) compliant software. Recent payment card data compromises have demonstrated the critical need for these payment application companies to maintain mature software processes for their customers.

In an effort to help payment application companies safeguard their customers' data through the implementation of Visa's Top 10 Best Practices for Payment Application Companies, Visa has worked with The SANS Institute to deliver the most comprehensive training available at favorable rates. The table below outlines SANS-instructed courses that provide critical knowledge areas for Visa's Top 10 best practices that payment application companies should possess and continue to enhance.

Click on the course numbers at the top of the chart or any of the colored dots to find out more about each of the courses and to register for training.



Click For Upcoming Opportunities For Training

If you have additional questions or would like to discuss training solutions for larger groups, please e-mail: pci@sans.org

Topic Fundamentals - Suggested for developers and security staff who require thorough covereage of secure coding and testing practices
Language/platform specific - Select the language/platforms that match your solution
Deep dive into specific topic/language/platform - Appropriate for principal and senior level developers/security testers
Recommended for anyone implementing, managing or auditing in a PCI environment
At least one Technical program manager, compliance officer or ISO should attend in order to be able to establish internal governance standards and effective control systems to provide long term assurance.
DomainBest Practices DEV
320
SEC
401
MGT
411
DEV
522
SEC
504
SEC
505
AUD
507
AUD
521
DEV
534
DEV
536
DEV
541
SEC
542
DEV
543
DEV
544
DEV
545
SEC
560
Organizational Security1Background Checks
2Software Security Training and Certification
Mature Software Development3Common SDLC
4PA-DSS compliance
Product Vulnerability Management5Application tests and code reviews
6ID applications that store critical data
Secure Implementation7Service Level Agreements for PA-DSS
8Installer / Integrator certification and training
Emerging Payment Technologies9Data encryption and tokenization
10Dynamic data solutions

Click For Upcoming Opportunities For Training