Sunday, February 17, 2013

PCI Workshop: Something for Everyone

I have received a few questions on the upcoming PCI Workshop, and I wanted to address them to avoid any misunderstanding.  Specifically, the Institute wants everyone to know that:

  • The PCIP education is part of the Workshop 
  • The PCI Workshop is for for business, finance, treasury, and everyone involved in PCI compliance 
  • Attendees do not need to take the PCIP exam; pursuing the credential (at a discount) is a bonus
  • There are parallel sessions for advanced PCI practitioners.  

Everyone in the Higher Ed community should understand what a great program the Treasury Institute has put together for you this year.

The first thing to know is that the PCI Professional (PCIP) education is included as part of the workshop.  There is no extra charge, and you do not have to register separately.  In past years the Institute always provided a half-day update and PCI refresher, which, with the morning PCI 101 session actually stretched to take up most of one full day.  This year we again have a full-day (Monday afternoon plus Tuesday morning) of in-depth PCI education.  The differences are that it will be delivered by the Director of Training for the PCI Security Standards Council (!), and it gives attendees the option (see below) of earning their PCIP credential.  The PCIP education is available to all attendees as part of the PCI Workshop.

I have pointed out that the normal cost of this education alone is more than twice what the Institute charges for the workshop.  It is, therefore, also a pretty great deal for attendees.  One reason for the great value is the fact that the Treasury Institute's not-for-profit status; the other reason is the generous sponsors.  We all need to be thankful for the great support of the PCI Workshop's sponsors listed on the registration page.

Someone saw that we had two tracks this year, and they questioned whether the PCI Workshop was still primarily focused on the Treasury Institute's core audience of finance, treasury, and business professionals.  The clear answer is: yes.  The PCIP education, for example is not exclusively IT-focused.  As the PCI Council states on its website, the training is "for industry professionals who demonstrate their expertise in and understanding of PCI standards."

The agenda (see below) has two tracks this year for the first time.  This change is in response to requests from attendees for separate sessions to address areas of primary interest to them.  The PCIP training is for everyone.  The separate sessions Tuesday afternoon offer one track that is more business process focused, and another that is more IT-focused.  My guess is that some attendees will go back and forth between sessions and tracks (which I plan to do, too!).

Another question I got was whether attendees had to take the PCIP examination.  The answer is a simple: no.  The choice of taking that test after the Workshop is entirely yours.  The PCI Council offers PCI Workshop attendees a discount (making the whole thing an even better deal!).  My guess is that many if not most attendees will want to leverage the opportunity to earn the PCIP credential.  However, if you only want the great education, that is fine and you and your institution are ahead of the game.

Lastly, what if you are already an Internal Security Assessor (ISA) or already have your PCIP?  The PCI Workshop is still for you. You can attend the PCIP education, and use it as a refresher (and get Continuing Education hours).  Or you can choose to attend the parallel, more advanced sessions.  We are having two tracks this year as you can see by the agenda (click here), so there is something for everyone.  I have been working with a number of Higher Ed professionals who have either or both their ISA and PCIP credentials, and they are looking forward to the PCI Workshop as much as anyone.

Bottom line: the Treasury Institute's PCI Workshop remains the premier event for Higher Education institutions to receive PCI DSS education.  I look forward to seeing many of you there.  Click Here to learn more, download the agenda, and register online.  

Wednesday, February 6, 2013

PCI SSC Cloud SIG Report Available February 7

The PCI Security Standards Council (PCI SSC) will release the PCI DSS Cloud Computing Guidelines Information Supplement on Thursday, February 7:
[The Cloud Computing Guidelines] zeroes in on the kinds of questions and considerations you should have in mind when picking a technology or service provider that will help you protect your card data in a cloud environment - and support PCI DSS.
The Guidelines are the result of the Cloud Computing Special Interest Group, and it is the third and final SIG report from the 2012 SIGs to be released.  You will be able to access the report at the PCI SSC's Documents Library when it is released.

BTW, if you are interested in participating in any of the 2013 SIGs, there is still time to learn more and sign up.  You can do that by clicking here to go to the SIG page on the PCI SSC's website.