Tuesday, February 16, 2010

PCI Training

Getting good PCI training is critical for anyone involved in getting their campus(es) compliant with PCI DSS. As most of you know (I hope!) the Treasury Institute offers a 3-day PCI Workshop annually. The next one will be May 3-5 this year in Indianapolis (click here to learn more). The Institute has also offered a 1-day PCI Workshop twice.

The PCI Council offers 2-day PCI training based on the course required for each Qualified Security Assessor (QSA). According to the Council:
This is a 2-day training course based directly on the PCI SSC Qualified Security Assessor (QSA) training program. Attendees will learn what the QSAs learn so they can better prepare for an on-site PCI DSS assessment or perform the assessment internally. This is not a certification course.

The course will cover: PCI Program, Scoping a PCI DSS Assessment, PCI DSS v1.2 Requirements and Compensating Controls
You can learn more and get the current schedule here on the Council's website.

The two programs are different. The Institute's workshop is focused on the unique needs of Higher Education and it features case studies and great networking with other schools. The Council's training is very technical in nature and provides a wider perspective on issues across industries and possible approaches.

Visa used to offer a 2-day course also modeled on QSA training, but I don't see that on their website currently. If you are interested in this, check with your acquiring bank. They have to register you anyway.

You could arrange for a PCI trainer to come to your campus and conduct customized training for you. This can have cost advantages since it minimizes travel and registration costs. You also can have different staff attend those parts more appropriate to their jobs. I've seen great examples at individual schools who make it part of a "security day." It can also work well for groups of schools that are part of a common university system.

Whatever way - or ways - you choose, compare costs, compare approaches, and get yourself trained. It pays great dividends.

No comments:

Post a Comment