PCI DSS Training

PCI Training Description

Global Learning Systems provides PCI Training solutions to meet PCI DSS 12.6.1 standards and can help your organization stay compliant with the latest PCI Compliance requirements.

Payment Card Industry Data Security Standard (PCI DSS)

This course provides training to meet PCI DSS 12.6.1 compliance requirements and best practices for employees to follow on a daily basis.

The PCI DSS was developed by the major credit card companies (Visa, Mastercard, American Express, DiscoverCard, JCB International) to help organizations that handle credit card payments prevent card fraud, cracking, and other security threats. Any organization that processes, stores or transmits payment card data must be PCI DSS 12.6.1 compliant and provide PCI Training to avoid audits and fines, as well as the more serious effects of a breach.

The current PCI DSS standard is version 2.0, released on October 26^th, 2010.  PCI DSS version 2.0 adoption is a mandate for all organizations with payment card data as of January 1^st, 2011.  By January 1^st 2012, all assessments must also be under the version 2.0 standard of PCI DSS.  Version 2.0 has two new requirements and 132 changes. 

PCI DSS still has 12 requirements for compliance, organized into six groups called “control objectives.”  Other changes and enhancements fall under the category of clarification or additional guidelines. 

Here’s a list of the 12 PCI DSS Compliance requirements.  Requirement 12.6.1 and 12.6.2 are specifically tied to PCI Security Awareness Training and reporting for annual audits.

(Control Objective) Build and Maintain a Secure Network:

Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data:

Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program:

Requirement 5: Use and regulary upate anti-virus software on all systems commonly affected by malware
Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control:

Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks:

Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy:

Requirement 12: Maintain a policy that addresses information security

 

What are the PCI Training Requirements?

Under Section 12.6 of the Payment Card Industry (PCI) compliance requirements, organizations must “Implement a formal security awareness program to make all employees aware of the importance of cardholder data security,” including the following:

• 12.6.1. Educate employees upon hire and at least annually.
  • 12.6.1.a Verify that the security awareness program provides multiple methods of communicating awareness and educating employees.
  • 12.6.1.b Verify that employees attend awareness training upon hire and at least annually.
• 12.6.2 Require employees to acknowledge in writing that they have read and understood the company’s security policy and procedures.
  • Verify that the security awareness program requires employees to acknowledge in writing that they have read and understand the company’s information security policy. (Source: PCI)

Global Learning Systems PCI Trainingmeets PCI DSS 12.6.1 training requirements.

 

PCI Training

Security is everyone’s responsibility.

You need a strong PCI Training program to ensure a secure environment and avoid a breach.  The right training program can help you save time and money in the process

• Are you tired of using a spreadsheet to track your users?
• Are you tired of chasing everyone down to get their PCI training completed?

The PCI Training course is delivered in a fully hosted solution that provides quick, easy access for your users while providing you with one-button reporting and automated workflows for follow up communication!

Our PCI training course is interactive and engaging, with a professional look and feel that will keep your users from being bored without being cheesy or cartoonish.  We brand the whole PCI Training program for your organization and can even include your unique examples and images for a more personalized experience.

Our built in tracking measure your users’ retention of the PCI training material with knowledge checks, as well as tracks how much of the content is viewed.  So you are covered for your annual audit.

Our one-button reporting gives you fast insight into who has completed their PCI training course, is still in the process of taking it, or even who hasn’t started yet.  You can easily communicate with users in any report with another single click, or automate follow up so you have time to focus on more critical tasks. 

Each user who completes their PCI training course can print a personalized PCI training course certificate of completion. 

PCI TRAINING COURSE FEATURES

Off-the-shelf PCI training developed with you in mind.

The PCI training course is fully navigational, engaging and interactive, and includes built in knowledge checks with feedback.  Users can track their progress, as well as return to where they left off when they get interrupted. 

Our PCI DSS and Security Awareness training courses are designed to engage learners and keep their attention with real world scenarios, thought-provoking examples, and lots of interaction.

Each module has an introduction to the PCI training content about to be covered, an interactive set of lessons, and a knowledge check to measure retention. 

KeyStone references your unique policies or regulations and brands the course with your logo as part of our off-the-shelf PCI training solution.

The PCI training course takes the average user 45 minutes.  However, this course is 100% customizable, so the seat time can change to fit your requirements.

Our pricing fits any budget and scales unbelievably well for audiences of all sizes.

Complete roll out support includes PCI training course posters, newsletters, best practices, awareness campaigns, webinars, refresher modules, screensavers, wallpaper, and other reinforcement tools to help your users keep a secure environment, including a custom video from your management.

KeyStone also provides a PCI training refresher course, and Role Based training for your specialized security awareness training requirements.

Call today to find out how we can help you plan and implement a comprehensive PCI training campaign to meet PCI DSS 12.6.1 Compliance and foster a security-conscious environment.

 

PCI DSS 12.6.1 STANDARDS AND REGULATIONS

The PCI Training course meets all federal and industry compliance standards including PCI DSS 12.6.1 (version 2) and Section 508, as well as includes elements from the NIST/FISMA standards for general security awareness compliance.

Our PCI training course is designed to meet and exceed the topics required by federal and industry standards and regulations.  From deployment to tracking and reporting, KeyStone can help you pass your PCI DSS audit with ease.  So relax, we’ve got you covered! 

 

PCI TRAINING ACCESSIBILITY AND DIVERSITY

KeyStone's PCI Training course meets Section 508 requirements and takes into account a diverse population of global cultures. 

Our courses are designed to be easily understood and viewed by users of broad technical experiences.  Regardless of the hardware, software, or operating system your audience is using, our PCI Training course works on all major platforms.  So don’t worry about which version of flash or which browser your users have on their mac or pc.  We’ve got a compatible solution!

Our 25 years of experience serving the federal government and fortune 500 companies globally has been filled with a long, rich heritage of loyal customers and award-winning service.

 

PCI TRAINING AND SECURITY AWARENESS: PAST PERFORMANCE

KeyStone offers an entire library of PCI and security awareness courses to include role-based training for employees, supervisors, IT professionals, and other target groups in your organization.  Our award-winning solutions are used by many federal government and fortune 500 clients to meet compliance and ensure a secure environment.

With over 25 years of experience and a who’s who list of clients, KeyStone provides an unsurpassed record of past performance in the training, awareness, and compliance arena.  Our work speaks for itself.  Give us a call for a live tour of our solution, and we’ll be happy to show you what brings our clients back year after year.

 

FREE PCI TRAINING COURSE TRIAL ACCOUNT

Sign up for our PCI Training course trial account.  We are happy to provide qualified potential customers with a live tour and free trial account to test our solutions first hand. 

PCI Training Course Outline: (PCI DSS 12.6.1 Compliance)

We understand that employees have varying degrees of knowledge.  Our Information PCI Training course can be customized to meet your requirements and modules can be added or created as needed.

 

Audience: General Awareness (Role Based PCI and Security Awareness Training available as well)

Length: Choose between 20 and 45 minute versions

 

• PCI Training - Key Objectives: 
• To make users aware of PCI DSS and Compliance Requirements
• To teach users secure habits and best practices that will promote a secure environment
• To help your organization avoid a PCI security breach
• PCI Training to pass audit requirements for PCI DSS 12.6.1 Compliance.

 

PCI Training - Outline

PCI Training Course Length: 15-20 minutes, 45-50 minutes (with optional modules)

 

• PCI Training Introduction (5-6 minutes)
• Module Objectives
• What is PCI Compliance?
• How the Standard Applies to Everyone
• PCI Terminology

 

• PCI Training Guidelines (10-12 minutes)
• Module Objectives
• Organization Responsibilities
• Personal Responsibilities
• PCI Incidents
• Module Summary
• Knowledge Check

 

• PCI Training Threats and Mitigation Strategies (10-12 minutes)
• Module Objectives
• Consumer Concerns
• Securing Customer Data
• Point-of-Sale Best Practices
• Back Office Best Practices
• Module Summary
• Knowledge Check

 

• PCI Training for Social Engineering*
• Module Objectives
• Threats and Mitigation Strategies
• What is Social Engineering?
• Types of Social Engineering
• Avoiding Social Engineering
• Module Summary
• Knowledge Check

 

• PCI Training for Identity Theft*
• Introduction
• Module Objectives
• Threats and Mitigation Strategies
• What is Identity Theft?
• Identify Theft Methods
• Identity Theft Prevention
• Victim Recourse
• Module Summary
• Knowledge Check

 

 

* Note: These modules are recommended and are part of Global Learning Systems broader “Security Awareness Training and Compliance” curriculum.

 

 

Key Features of the PCI Training Solution

The PCI Training solution is easy to deploy, track, and manage. From complete roll out support to automated follow up and compliance reports for your audit, our highly effective solution gives you everything you need to pass your audit and avoid a breach. Learn about PCI, PCI training requirements, PCI DSS 12.6.1 Compliance requirements, and best practices.

• Interactive and engaging PCI Training content for general awareness (role based training also available)
• Branded to your environment
• Integrates your organization's PCI and Security policies and regulations
• Modular format for flexibility and 100% Customizable
• Standards and regulations compliant
• Section 508 Compliant - animation, audio, and text enhancements
• Pre and/or post tests with random questioning and learner feedback
• Created, written and reviewed by certified industry experts
• Online PCI Training testing and certification
• Includes personal PCI Training Certificate of Completion
• 20 and 45 minute versions available
• Fully hosted and SCORM / AICC compliant 
• Learning and Knowledgebase Management
  • Web-based course delivery
  • 24x7 secure access globally
  • Admin features, Tracking and Reporting
  • Single Sign-On, LMS user management, Learner Registration
  • Automated roll out and follow up
  • Easily add and edit custom policies and content
  • Email notification

 

Additional PCI Training Resources:

For information on our PCI Training assessments, marketing, and audit materials, please see the resource tab.

A PCI Training program you can afford:

KeyStone provides flexible pricing to fit any situation.  Whether you are a small organization or have over a hundred thousand users globally in multiple languages, we have a program to meet your needs. General licensing is on an annual basis with optional renewal, and multi-year contracts are available but not required.  

Single Sign-On for painless adoption of your PCI Training course. 

Single Sign-On (SSO) allows your Active Directory users to automatically log in and take training securely without having to enter a password.   SSO is based on Active Directory Federation Services (ADFS). 

• Allow AD users to seamlessly log in from your network
• Assign content using AD Groups
• Secure 256-bit SSL Encryption

PCI Training Compliance for PCI DSS 12.6.2

Effective measurement and reporting are critical elements to PCI Trainingcompliance for PCI DSS 12.6.1.

With over 25 years of experience and millions of users worldwide, GLS provides a world-class OnDemand learning portal for organizations of any size.

In a fresh, new platform that blends the best of Learning and Knowlegebase Management, GLS’s award-winning, proprietary OnDemand learning portal can be customized to meet your needs.  

The OnDemand learning portal is included with tier 1 access to the OnDemand platform through your annual compliance licensing, and that includes user management, tracking and reporting, and full access to all features.

ABOUT the OnDemand learning Portal

This self-service, branded, learning portal is available 24x7 and fully hosted on our secure global content delivery network. Robust and easily managed, our OnDemand portal includes innovative courseware management features, including: user, group, and course management; usage and completion reporting; knowledgebase articles; and access including user and administrator levels. In addition, the portal offers learner registration, web-based course delivery, reporting and tracking, pre- and post- tests (with random questions), course certificates, email notifications, secure report downloads, administration features, and batch update.

Specifically, the OnDemand learning portal includes the following:

• Robust and easily managed, this hosted, web-based Learning Management System includes innovative courseware management features.
• Complete, content-rich courses with a personalized Certificate of Completion
• One-button course reporting (client customizable)
• One-button communication with learners based on reports
• Course status (user progress)
• Automatic Course Bookmarking
• Courses are Section 508 compliant for disabled learners
• Audio and Video support tutorials for auditory and visual learners
• Workflow Feature – automate follow up to end users to ensure compliance
• Secure password authentication
• Scalable database architecture
• Custom Categories – build your own categories for customized knowledge base
• Custom Articles - add your own articles (content in Word, PPT, PDF, etc.)
• Ability to add quizzes / assessments and surveys.
• Custom Screencams – built in screencam capability.
• Enhanced user interface designed for rich-media (Flash, video, etc.) learning environment
• Four (4) user levels: Admin, Contributor, Helpdesk and User
• Active Directory (ADFS) single sign-on (SSO) user authentication through client’s enterprise environment
• Available 24x7, 365 days, globally, and provided in a secure, branded portal for a customized look and feel.
• Self-Help learning portal for true “just-in-time” training. Keyword search for true just-in-time training on any subject by topic and full-text in library.
• Intuitive and easy to use - even to adding custom content without software or development requirements.
• A PCI Training knowledgebase and glossary of terms including PCI DSS Version 2
• Helpdesk support features including tie-in to your existing support ticket or incident reporting system, easy assignment to user Quicklists, and quick capture of common "how to" support items for automated, video-based support.

 

---

Meet PCI DSS 12.6.1 compliance requirements while tracking and reporting organizational PCI Training.

KeyStone offers a fully hosted PCI Training program on our secure global content delivery network. Our OnDemand learning portal features learner registration, web-based course delivery, 24/7 access, student/management reporting and tracking, pre- and post- tests (with random questions), course certificates, email notifications, secure report downloads, administration features, and batch update.

KeyStone OnDemand offers an effective eLearning compliance program with over 2 decades of experience and eLearning focus behind it. With millions of users worldwide, KeyStone provides world-class content and learning management for organizations of any size.

Hosting for PCI Training

KeyStone can provide and fully host your PCI Training solutions, or you can implement internally in your own SCORM compliant LMS.

PCI Training Compliance should be easy - with KeyStone, it is.

Don’t stress out about how to implement PCI Training and get your population up to speed on a learning program. We provide an intuitive, easy-to-use platform that helps you get the training you need, when you need it, without the headaches.  Let GLS help you meet your PCI DSS 12.6.1 requirements.

As a global provider of PCI Trainingservices in the market place, we believe KeyStone is uniquely qualified to deliver PCI  Training to your audience.  We have identified key components that will help insure a successful outcome:

Interface Design – KeyStone is focused on developing the appropriate learning environments to facilitate learner navigation, comprehension of material and successful completion.  We have developed numerous creative and engaging instructional multimedia products in diverse content areas—all custom and off-the-shelf learning solutions for our clients. 

Demonstrated Past Performance in Security Training – KeyStone is a global provider of PCI security and compliance training and has significant experiencedelivering similar PCI Trainingprograms to large user populations within the Federal government and corporate training sectors. 

eLearning Focus – KeyStone is 100% focused on developing customized eLearning solutions for our clients, with a dedicated team of learning experts. We specialize in the development and delivery of enterprise-wide learning programs to diverse user groups.

OnDemand Learning and Courseware Management – KeyStone’s hosted OnDemand learning platform allows for the ability to support greater communication, awareness, compliance and tracking.  Customers experience effective turn-key and customized training solutions, as well as reaching compliancy within a couple of weeks. 

We partner our customers to plan and implement information PCI Training programs for all populations, including current staff, new employees, managers, IT professionals, and contractors, providing training needs analysis, strategic planning, training implementation and fully hosted solutions.

With over two decades experience delivering a wide range of customized training solutions, including PCI Training, security awareness training, sales and leadership training, lean 6 sigma and project management, KeyStone has an extensive resume of satisfied customers in every sector. We continue to provide highly innovative, flexible solutions with cutting edge technology, user-friendly delivery, and cost-effective process and are a leading provider of web-based PCI Training and security awareness solutions.

Past Performance: A proven track record

KeyStone has delivered solutions to organizations in all industries globally, including many Fortune 500 companies and federal agencies. Every solution is built on a comprehensive understanding of information security issues, best practices, 20 years of training and communication experience, and a unique understanding of utilizing media and technology for effective learning. We provide a content-rich solution which engages users through a combination of web-based, interactive Information security awareness training and ongoing security awareness campaigns to ensure a security-minded culture. Security is everyone’s responsibility, and we provide the knowledge and expertise to reduce threat by increasing each user’s understanding of potential threats and how to avoid them with good information security practices.

A Comprehensive PCI Training Program

KeyStone provides a comprehensive PCI Training solution with over 2 decades of past performance and industry acceptance.  Our PCI Training course meets PCI DSS 12.6.1 Compliance Standards for PCI DSS version 2.

Our library provides highly engaging and dynamic courses your learners will appreciate while remaining professional and geared toward the adult learner.  All of our courses include optional refresher versions, annual updates, and role based options for managers, IT professionals, and executives.

Award-Winning Support

KeyStone provides an unmatched level and quality of support.  Your enterprise-wide deployment, tracking, reporting, follow up, feedback, and continuing education are of utmost importance to us.  That’s why every member of our team, from the CEO down, is available and actively engaged in helping you get the support you need.  

At Global Learning Systems, we pride ourselves on meeting and exceeding your expectations.  Whether you need help with deployment, best practices, or LMS features, an experienced Project Manager is always a call or email away to help you get what you need quickly.  Our solution also includes a library of video tutorials and assets to help you quickly and easily find answers on demand. 

 

 

 

Customize your PCI Training

Every organization has unique needs and requirements.  Whether it’s simply tying in local policies and regulations, or adding completely custom modules for specific needs, we work with your team to provide a high quality product that meets your requirements.   Each course is 100% customizable, and with over 25 years of custom content experience, KeyStone can develop content quickly and efficiently, helping you stay in budget while delivering a high-end solution tailored to your organization.

PCI Training is designed for quick customization and rapid implementation.  We have unmatched experience in developing custom content for your requirements.

---

Standard Customization we provide with every PCI Training license includes:

• PCI Training brandedwith your unique title and logo
• Reference to your internal policies, regulations, and procedures
• Edit policies and security articles with the click of a button
• Employee responsibilities for PCI DSS Compliance (PCI DSS 12.6.1)
• Customized reporting for PCI DSS 12.6.1 Compliance
• Easy to deploy and manage, you can even add your own content!

---

Other PCI Training Customization options include:

• Role Based responsibilities
• Incident reporting policies and instructions
• PCI Training Best practices
• An introduction video and message from your management team
• PCI Policy agreement and tracking
• Real world examples relevant to your unique environment
• 100% Customizable content in our topics, modules and courses
• 100% Custom topics, modules, and courses

When it comes to PCI Training, you want a highly effective security awareness program to ensure user understanding and retention of security principles. KeyStone delivers engaging PCI Training content to organizations globally and knows how to reach your population’s interest while taking compliance a step beyond the check-mark and providing higher security awareness retention.

PCI Training Localization

KeyStone can localize PCI Training to your unique population.  We have provided training in over 18 languages globally and can translate both our off-the-shelf courses and your custom content to any language required.  We work with linguistic experts and certified translators to ensure your localization is in the right dialect and meets your unique needs. 

PCI Training Resources

Please enjoy these PCI Training resources.  We’re always updating this page and adding new resources, so check back often.

PCI Training Marketing Plan: 
Implement your security awareness culture

KeyStone is an award-winning provider of PCI awareness and education solutions.  Complete roll out support includes webinars, posters, quick reference guides, newsletters, localization, awareness campaigns, and videos from management.

PCI Training Communication Materials: 

KeyStone can provide PCI Training posters, InfoSec Newsletters, handouts, brochures and existing material customized to client’s specific requirements.

Sample PCI Compliance Posters

Customized PCI Training Management Flash/Video Intro: 

KeyStone can develop a short introduction segment (2-3 minutes), such as a management video to communicate the importance of the training and overall PCI Training Program. 

A complete compliance library for Role Based training

Our complete library includes role based training for IT administrators, Management, Executives, IT Professionals, and Programmers as well as courses on Privacy, PII, No Fear, e-Discovery, Ethics, Anti-Harassment, HIPAA, PCI DSS 12.6.1 and other compliances.

PCI DSS Version 2 (PDF)

PCI DSS Version 2 (PDF)