Security awareness training is a critical component of PCI DSS compliance. Ensuring that all employees, including those not directly involved in payment card processing, understand the importance of safeguarding sensitive cardholder data is mandatory for most every organization across the world. Role-based training from SANS keeps all employees up-to-date on the latest security threats and best practices as they relate to each individual’s compliance responsibilities.
What is PCI DSS?
Download our tip sheet to learn more about the PCI Data Security Standard and how you can achieve and maintain compliance while mitigating the human factor.
- Why the standard was created and who it serves
- Which organizations are required to be compliant
- Differences between the technical controls and human controls required
- How security awareness training contributes to compliance
How Role-Based PCI DSS Training Works
Role-based modules include
| Module Name | Description | Typical Roles |
|---|---|---|
| Introduction to PCI DSS | What is PCI DSS, how can organizations demonstrate compliance, and who benefits from this set of standards? | Applies to all roles |
| PCI DSS for Customer-facing Teams | Addressing the specific requirements of customer-facing employees in relation to the objectives of the PCI DSS standard. | customer sales and support, cashier, payment processor, customer service representative. |
| PCI DSS for Back-office Teams | Concentrates on requirements specific to the processing of cardholder data in roles that do not interface directly with customers. | analyst, product manager, customer support, virtual assistant, and marketing specialist |
| PCI DSS for System Administrators | Reviews the PCI DSS objective's requirements as they relate to IT system administrators. | systems administrator, service and repair specialist, computer systems analyst, and IT administrator |
| PCI DSS for Network Administrators | Understand the consequences related to network security in relation to PCI DSS compliance. | network administrator; network architect; and service desk analyst. |
| PCI DSS for Application Development | Maintain the development of software applications in accordance with PCI DSS while incorporating information security throughout development life cycles. | ecommerce web developer, application development team member, and database or enterprise developer. |
| PCI DSS for Managers | Designed to enable management roles to develop best practices by empowering teams to protect cardholder data effectively. | department manager, store manager, vendor manager, customer experience specialist. |
By focusing on job-specific compliance measures, employees are more likely to retain and apply the training knowledge because they are directly applicable to their daily work activities. Role-based PCI DSS compliance training can help organizations reduce the risk of privacy and data breaches and improve compliance more efficiently and effectively.