• Classroom
Course Description

This session will give the attendee an overview into conducting technology based Information Security Risk Assessments which aides in meeting PCI guidelines and that provide benefit to| the enterprise. This course is designed to provide insight for anyone participating in their company's risk assessment process.

During the next three days we will explore and talk about the vulnerabilities and controls associated to various topics focusing on those items related to the protection of credit card related data. The session will discuss conducting the annual review of the risk universe, how to create the risk scenario for unknown risks, best places to inject risk assessments into existing IT processes for maximum benefits, vulnerabilities and controls for various emerging topics and how to write/rewrite policies to compensate for emerging technologies.

There will be a series of breakout sessions throughout the course to reinforce key concepts and share ideas.

After completing this session, the participants will be able to:

  1. Describe the importance of Risk Governance and the Information Security Risk Management Program
  2. Identify changes to the organization's Risk Universe
  3. Develop Risk Scenarios
  4. Conduct Risk Identification, Analysis and Evaluations
  5. Track and Report on Risk
  6. Monitor the Information Security Risk Management Program

This course is only available on-site at your location.

Learning Objectives

  • Day 1:
    1. Introduction to Risk Management and Assessment Considerations for PCI:
    2. Considerations for accepting payments from Agents, Employees and Clients
    3. Risk Identification and Risk Universe from the PCI Perspective:, Internal Network, Infrastructure as a Service, Voicemail, Call Recording/CTI,
    4. Document Repositories and Collaboration Tools, Messaging/Chats, Email, etc.
    5. Risk Identification Exercise ? Discover Your Risk Universe
    6. Risk Scenario Development
    7. Scenario Exercise ? Developing Scenarios for PCI Vulnerabilities
    8. Risk Analysis
  • Day 2:
    1. Risk Analysis Exercise, PCI Data in Non-PCI Network Segments
    2. Risk Evaluation
    3. Risk Evaluation Exercise, Scenario Continued
    4. Business Impact Analysis Overview
    5. BIA Exercise, Determine Impact of Evaluation Results
    6. CBA and Business Case and Action Plans
    7. Building a Business Case Exercise, Resolving PCI Gaps
  • Day 3:
    1. PCI Requirements 1-6 Review and Associated Control Development
    2. PCI Requirements 7-12 Review and Associated Control Development
    3. Control Exercise
    4. Risk Monitoring and Reporting
    5. Risk Monitoring and Reporting Exercise , Maintaining PCI Compliance
    6. Course Review and Q&A

Framework Connections