Security awareness training is a critical component of PCI DSS compliance. Ensuring that all employees, including those not directly involved in payment card processing, understand the importance of safeguarding sensitive cardholder data is mandatory for most every organization across the world. Role-based training from SANS keeps all employees up-to-date on the latest security threats and best practices as they relate to each individual’s compliance responsibilities.
What is PCI DSS?
Download our tip sheet to learn more about the PCI Data Security Standard and how you can achieve and maintain compliance while mitigating the human factor.
- Why the standard was created and who it serves
- Which organizations are required to be compliant
- Differences between the technical controls and human controls required
- How security awareness training contributes to compliance
Tailored PCI DSS Training for Every Role
In this course, a selection of up to seven animated modules can be assigned based on the unique roles and responsibilities of the members of your organization. As you choose the training that's right for each person, you can be confident that employees will not be over trained, and the curriculum will relate appropriately to each learner's responsibilities. Each module in the course is authored by SANS subject-matter experts and leverage the engaging and effective learning format users expect from SANS Security Awareness.
Role-based modules include
| Module Name | Description | Typical Roles |
|---|---|---|
| PCI DSS Introduction | Introduces PCI DSS, a set of standards for protecting cardholder data. Covers the definition of cardholder data, technical and operational requirements, and best practices for compliance. | All employees. |
| PCI DSS for Application Development Teams | Equips development teams with PCI DSS compliance skills focused on network security, secure software practices, and regular monitoring. | E-commerce web developers, application development team members, and database or enterprise developers. |
| PCI DSS for Customer-Facing Employees | Empowers frontline staff to protect cardholder data during transactions and highlights the importance of reporting unusual activities. | Customer sales and support staff, cashiers, payment processors, and customer service representatives. |
| PCI DSS for Managers | Provides managers with tools to enforce PCI DSS compliance. such as limiting data access, secure access approvals and compliance collaboration. | Team leads, executives, department managers, directors, store managers, vendor managers, and customer experience specialists. |
| PCI DSS for Back-Office Employees | Empowers back-office staff to protect cardholder information with emphasis on error reporting and maintaining a secure environment. | Accounting and finance staff, customer service representatives, and research analysts. |
| PCI DSS for IT System Administrators | Details PCI DSS compliance for system administrators, covering security control implementation and compliance monitoring. | Systems administrators, service and repair specialists, computer systems analysts, and IT administrators. |
| PCI DSS for IT Network Administrators | Guides network administrators on PCI DSS compliance, focusing on network security, system configurations, and encryption protocols. | Network administrators, network engineers, and IT support staff. |
By focusing on job-specific compliance measures, employees are more likely to retain and apply the training knowledge because they are directly applicable to their daily work activities. Role-based PCI DSS compliance training can help organizations reduce the risk of privacy and data breaches and improve compliance more efficiently and effectively.