PROGRAM DESCRIPTION
Every organization storing, transmitting or processing cardholder data must comply with Payment Card Industry – Data Security Standard (PCI-DSS) standard. This compliance to the standard is required, regulated and enforced by payment service corporations, such as VISA, MasterCard and American Express, both directly and through their partnershipswith acquirer banks.
The standard itself is administered by PCI Security Standards Council (PCI SCC) aiming to decrease payment card fraud across the Internet and increase the security of confidential payment card information.
This two-day training course builds a clear understanding of the PCI-DSS and empowers attendees to plan and deploy a cost-effective, time-efficient compliance project.
PROGRAM OBJECTIVES
When the training ends, the participants are expected to:
- Understand PCI-DSS requirements
- Recognize how to protect cardholder data at work
- Familiarize with common back office scenarios
- Securely work with vendors
- Securely process payment card transactions on the phone and online
- Value best practices for handling payment card information
- Comprehend how to report an incident
- Know how to securely process payment card in person
- Understand how to respond to payment card fraud
PROGRAM CONTENT
NO |
TOPICS |
HOURS |
1 |
Understanding PCI-DSS Requirements, Objectives and Goals |
1 |
2 |
Comprehending Other PCI Standards and Programs |
1 |
3 |
Valuing Different Level of Compliance Needs for Merchants and Service Providers |
1 |
4 |
Identifying Common Fraudulent Practices |
1.5 |
5 |
Assessing Payment Card Security Features |
1.5 |
6 |
Identifying Card Security Features |
1.5 |
7 |
Identifying Payment Card Transaction Processes |
2 |
8 |
Knowing How to Protect Cardholder Data at Work and Point-of-Sale |
1 |
9 |
Knowing How Compliance and Incident Shall be Reported |
1 |
10 |
Identifying Retention, Access, and Distribution |
1.5 |
11 |
Valuing Work with Vendors |
1 |
12 |
Mastering 12 Standard Requirements |
2 |
TOTAL HOURS |
16 |
TRAINING METHODOLOGY
The course will be delivered with 30% of the time devoted to important concepts and other theory topics and 70% allotted for case studies, role-playing, and group discussion. Training lead will be assisted by presentation slides and actual demonstrations for clear understanding and smooth follow-through during the sessions.
TARGETED PARTICIPANTS
Individuals, professionals and organizations who are interested, involved or responsible for ensuring their organisations deployment and compliance to PCI-DSS standard technical and business requirements.
WORKSHOP LEADER :
Goutama Bachtiar
Goutama Bachtiar adalah : Advisor, Auditor, Konsultan, Trainer, Courseware Designer dan Penulis bidang Teknologi dan Sistem Informasi selama 17 tahun terakhir dengan spesialisasi di ranah IT Governance, Risk, Security, Assurance, Audit dan IT Management.
Saat ini beliau menjabat sebagai advisor beberapa perusahaan dan organisasi, Subject Matter Expert, Program Mentor, Editorial Journal Reviewer, Certification Exam (CISA, CGEIT, CISM, CRISC) dan Study Materials Developer di ISACA International Chapter, Subject Matter Expert dan Program Evaluator di PMI International Chapter, IASA, SABSA dan Open Group Global Working Group Member, Reviewer Panel di International Institute of Business Analysis (IIBA), Dosen Tamu di program pasca sarjana beberapa universitas di AS dan Indonesia (UTB, UI, IPB dan Binus), serta moderator, panelis dan pembicara di sejumlah konferensi, workshop dan seminar.
Sebagai auditor dan konsultan, telah memberikan layanan tersebut kepada 35 perusahaan dan organisasi. Puluhan sertifikasi internasional sudah diperolehnya sampai dengan saat ini.
Selain itu, beliau juga telah mengadakan dan memberikan pelatihan, perkuliahan, seminar, konferensi dan workshop sebanyak lebih dari 230 sesi dan 5500 jam lebih kepada sekitar 7500 peserta di Indonesia maupun luar negeri kepada lebih dari 70 perusahaan dan organisasi.
Sebagai penulis, sudah mengarang 2 buku dan 22 courseware serta sudah menulis, melakukan review dan editing atas 300 artikel, manuskrip, paper dan white paper seputar Telematika dan Manajemen di lebih dari 20 media, publikasi, organisasi, jurnal dan konferensi.