Main Nav

Hey all, Curious what others are currently doing for PCI DSS training. Did you purchase something or are did you build your own? If home grown, is your training online or in-person taining? If purchased, what solution did you go with and are you happy with it? Thanks, Doug

Comments

Doug, we bought training from Vigitrust for PCIDSS and then also required a very basic security awareness training that we generated in house - both modules are online. Please feel free to contact me off-list with questions about the Vigitrust training. - Eva Eva Lorenz, Ph.D., J.D., ITILv3F ITS Security UNC Chapel Hill ________________________________________
Message from dcochran@scippinternational.org

That depends on which PCI-DSS training you are inquiring about.  Training on PCI-DSS itself, training on secure web-application development (section 6) and / or security awareness training for those folks who are charged with protecting, processing, storing or transmitting the credit card data (section 12).

 

Which one(s) are you interested in hearing about?

 

Don Cochran | Vice President

SCIPP International | 1964 Gallows Road, Suite 320 | Vienna, Virginia 22182

+1 703.637.4422 (Direct) | +1 703.599-0666 (Cell) | +1 703. 637-4371 (Fax)

www.SCIPPinternational.org

 

           SCIPP International

"The Security Awareness Certification Company"

 

 

 

We are using Trustwave Joel --On Friday, March 30, 2012 12:28 PM +0000 Doug Markiewicz wrote: > Hey all, > > Curious what others are currently doing for PCI DSS training. Did you purchase something or are did you build your own? > > If home grown, is your training online or in-person taining? > > If purchased, what solution did you go with and are you happy with it? > > Thanks, > Doug > Joel Rosenblatt, Director Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel Public PGP key http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3
Message from aperry@murraystate.edu

We purchased AUDIT 521:(PCI-DSS Compliance) from SANS, which was listed as updated for PCI-DSS 2.0. However, on closer inspection of the material it didn't feel as though it was completely updated. SANS confirmed this and has since, I believe, removed it from the catalog.

The PCI council has a session coming up in Las Vegas in April that includes the QSA certification exam at the end. https://www.pcisecuritystandards.org/training/non_certification_training.php However, we've heard from some folks that it may not be as in depth as is needed.

Also, we are attending a PCI-DSS workshop in Indianapolis April 23-25 by the Treasury Institute for Higher Education. http://www.treasuryinstitute.org/pages/PCI%7B47%7DDSS-Workshop-2012.html

Up to our ears in SAQs!

updated
Drew Perry
Security Analyst
Murray State University
(270) 809-4414
aperry@murraystate.edu

***MSU Information Systems staff will never ask for your password or other confidential information via email.***




On Mar 30, 2012, at 09:10, Joel Rosenblatt wrote: > We are using Trustwave We are also using Trustwave. -Dan
Message from allenathome@sbcglobal.net

ANX. Training is good. Customer service is improving. Allen ********************************************************************************************************************* L. Allen Mundt "If you fail a test in life, you'll face it time and time again until you pass it. The stakes keep getting higher if you don't learn how to pass." Dawn Staley *********************************************************************************************************************
I believe ours is homegrown and it is online. Carolann G Lazarus, CISA lazarus@buffalo.edu 716-829-6947
We got ours as part of the package from the folks that provided QSA and consulting services. Quinn R Shamblin ------------------------------------------------------------------------------------------------ Executive Director of Information Security, Boston University CISM, CISSP, GCFA, PMP  -  O 617-358-6310  M 617-999-7523
IU uses Trustwave's Security Awareness Education as well. --chad Chad Marcum Payment System Security Analyst Office of the Treasurer Indiana University
Thanks all for the suggestions. To answer Don's question, just looking at options to satisfy section 12 requirements. We have a general security awareness course that touches on cardholder data as part of a broader list of "restricted" data but our consultant seems to think it's not sufficient. I think I agree though I do contend that I'm satisfying the letter of the standard. >