PCI DSS: Securing Data, Systems, and Applications
Requirements 3 to 6 of PCI DSS version 3.2.1 are to protect cardholder data and maintain a vulnerability management program. You'll understand what each requirement asks for and discover practical guidance from experienced PCI assessors.
What you'll learn
The key to achieving PCI DSS compliance is a thorough knowledge of each of the sub-requirements and how they will be assessed. In this course, PCI DSS: Securing Data, Systems, and Applications, you’ll learn how to interpret PCI DSS requirements 3 through 6 and apply them to your organization. First, you’ll learn how PCI DSS wants stored cardholder data to be protected. Next, you’ll explore the requirement to encrypt cardholder data in transit and the requirement to protect systems against malware. Then, you’ll take a look at the largest requirement in PCI DSS which is to develop and maintain secure systems and applications. Finally, you’ll discover practical insights about all four requirements from experienced PCI assessors. When you’ve finished with this course, you'll have the skills and knowledge to apply PCI DSS requirements 3 through 6 to an organization’s environment and to determine whether it is compliant with the demands of the standard.
Table of contents
- Navigating the PCI DSS Standards 6m
- Requirement 3.1 3m
- Requirement 3.2 5m
- Requirement 3.3 2m
- Requirement 3.4 8m
- Requirement 3.5 6m
- Requirement 3.6 11m
- Requirement 3.7 1m
- Why Do People Store Cardholder Data? 2m
- Retention Periods and Data Deletion 3m
- Storing Sensitive Authentication Data 1m
- Masking and Truncation of Cardholder Data 5m
- Data Compromises Involving Stored Data 4m
- Compensating Controls for Requirements 3.1 to 3.3 1m
- Protecting Stored PANs – Truncation & Tokenization 12m
- Encrypting Cardholder Data 11m
- Cryptography, Breaches and the Problems with Full Disk Encryption 5m
About the authors
John Elliott is a specialist in regulated security and data protection. His fascination is the way that people engage with security directives: whether that’s a company following external regulation, an information security team developing policies, an IT team following them, or a colleague who is just trying to do their job securely. John has led information security and data protection functions in aviation and financial services. He’s represented both Visa Europe and Mastercard on the PCI S... more