Linqs-ISO-27701-Privacy-Information-Management-System-Training


What is PCI DSS?

PCI Security Standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The standards apply to all entities that store, process or transmit cardholder data – with requirements for software developers and manufacturers of applications and devices used in those transactions. The Council is responsible for managing the security standards, while compliance with the PCI set of standards is enforced by the founding members of the Council: American Express, Discover Financial Services, JCB, MasterCard and Visa Inc.

PCI Data Security Standard (PCI DSS) is the global data security standard adopted by the payment card brands for all entities that process, store or transmit cardholder data and/or sensitive authentication data. It consists of steps that mirror security best practices.

The goal of the PCI DSS is to protect cardholder data and sensitive authentication data wherever it is processed, stored or transmitted.


Who is Required to Comply with the PCI DSS?

The PCI DSS applies to all entities that store, process, and/or transmit cardholder data. It covers technical and operational system components included in or connected to cardholder data. If a person or entity accepts or processes payment cards, PCI DSS applies to that person or entity.


What are the Goals and Requirements of the PCI DSS?

The PCI DSS v3.2.1 outlines six major goals as follows:














Download PCI DSS Quick Reference Guide!

  • Build and Maintain a Secure Network and Systems
  • Protect Cardholder Data
  • Maintain a Vulnerability Management Program
  • Implement Strong Access Control Measures
  • Regularly Monitor and Test Networks
  • Maintain an Information Security Policy

and contains twelve major requirements, in addition to 79+ sub-requirements, as in the following:

  • Install and maintain a firewall configuration to protect cardholder data
  • Do not use vendor-supplied defaults for system passwords and other security parameters
  • Protect stored cardholder data
  • Encrypt transmission of cardholder data across open, public networks
  • Protect all systems against malware and regularly update anti-virus software or programs
  • Develop and maintain secure systems and applications
  • Restrict access to cardholder data by business need to know
  • Identify and authenticate access to system components
  • Restrict physical access to cardholder data
  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes
  • Maintain a policy that addresses information security for all personnel

Don’t try to manage it all alone! Linqs  has extensive experience in compliance with the PCI DSS requirements.

We can assist you with training, policy and procedure development, and help implement your information security management system compliant with the PCI DSS requirements.


Related Posts and News

ISO/IEC 27032 Lead Cybersecurity Manager training enables you to acquire the expertise and competence needed to support an organization in implementing and managing a Cybersecurity program based on ISO/IEC 27031 and NIST Cybersecurity framework. During this training course, you will gain a comprehensive knowledge of Cybersecurity, […]
Linqs is offering ISO/IEC 27005 Lead Risk Manager training course which enables the participants to acquire the necessary expertise to support an organization in the risk management process related to all assets of relevance for Information Security using the ISO/IEC 27005 standard as a reference framework. […]
Linqs is offering ISO/IEC 27005 Risk Manager training course which enables the participants to develop the competence to master the risk management process related to all assets of relevance for Information Security using the ISO/IEC 27005 standard as a reference framework. During this training course, participants […]