Training Roadmap - Best Practices for Payment Application Companies
Visa has outlined security best practices that acquirers, merchants and agents should review and insist their payment application vendors, integrators and resellers fully adopt in order to promote stronger security processes that go beyond Payment Application Data Security Standard (PA-DSS) compliant software. Recent payment card data compromises have demonstrated the critical need for these payment application companies to maintain mature software processes for their customers.
In an effort to help payment application companies safeguard their customers' data through the implementation of Visa's Top 10 Best Practices for Payment Application Companies, Visa has worked with The SANS Institute to deliver the most comprehensive training available at favorable rates. The table below outlines SANS-instructed courses that provide critical knowledge areas for Visa's Top 10 best practices that payment application companies should possess and continue to enhance.
Click on the course numbers at the top of the chart or any of the colored dots to find out more about each of the courses and to register for training.
If you have additional questions or would like to discuss training solutions for larger groups, please e-mail: firstname.lastname@example.org
|•||Topic Fundamentals - Suggested for developers and security staff who require thorough covereage of secure coding and testing practices|
|•||Language/platform specific - Select the language/platforms that match your solution|
|•||Deep dive into specific topic/language/platform - Appropriate for principal and senior level developers/security testers|
|•||Recommended for anyone implementing, managing or auditing in a PCI environment|
|•||At least one Technical program manager, compliance officer or ISO should attend in order to be able to establish internal governance standards and effective control systems to provide long term assurance.|
|Domain||Best Practices||DEV |
|Organizational Security||1||Background Checks||•|
|2||Software Security Training and Certification||•||•||•||•||•||•|
|Mature Software Development||3||Common SDLC||•||•||•||•||•||•|
|Product Vulnerability Management||5||Application tests and code reviews||•||•||•||•||•||•||•||•||•||•||•|
|6||ID applications that store critical data||•||•||•|
|Secure Implementation||7||Service Level Agreements for PA-DSS|
|8||Installer / Integrator certification and training||•||•||•||•||•|
|Emerging Payment Technologies||9||Data encryption and tokenization||•||•||•|
|10||Dynamic data solutions||•||•|