On the 7th November, the Payment Card Industry Security Standards Council (PCI SCC) published version 3.0 of the PCI Data Security Standard. For the seasoned IS veterans out there, you may have noticed that on first inspection, there appears to be little difference between the v2.0 version and the new new improved PCI DSS v3.0.
We have of course been spending time upgrading our PCI Training courses and if you scratch the surface of PCI DSS v3.0, you will see there are some significant new requirements that will particularly affect larger merchant retailers and service providers (always!). This includes those with a large estate of PIN entry devices who are required to periodically inspect all devices for tampering or substitution by criminals. Other significant requirements include the need to maintain more accurate information on the PCI – compliant services supplied by 3rd Parties and the need to implement a more effective penetration testing methodology. Clarification on internal and external testing is particularly welcome, as I have always been confused about the scale and scope of the these requirements.
The updated PCI Foundation and PCI Implementation & Maintenance classroom training courses are scheduled to first run in London on 14-16th of January. Delivered by an experienced PCI Qualified Security Assessor (QSA), they provide the knowledge needed to plan and implement a complete programme of activities that fully satisfy the requirements of PCI DSS. They also provide a structured learning path from Foundation to Advanced level and award qualifications from the International Board for IT Governance Qualifications (IBITGQ).