PCI Education By PCI Security Council – Courses, Titles, Benefits
Posted on November 5, 2010 | No Comments
Ven North asked:
PCI Security Council is a standard-setting and compliance training arm for the consortium of top five payment card processors, Mastercard, Visa, American Express, Discover Card, and Japan Credit Bureau. The Council’s role is to set common standards for the security of online transactions that the five founding companies approve of and promote to the banks that offer payment cards with any of the 5 logos. The banks, in turn, can demand these PCI requirements to be fulfilled by the merchants and online service providers that they have accounts with.
To provide PCI education for online security compliance services that help individual merchants and online service providers set up their systems to be secure and compliant, the PCI Security Council provides several courses and corresponding certificates. These PCI training courses are named after the titles the participants acquire after they pass the corresponding test at the end of the course. Each of the titles will allow the participant to provide some component of PCI compliance auditing.
The PCI education training titles available are: QSA, PA-QSA, ASV, ISA.
QSA training – become a Qualified Security Assessor
By attending and passing the final exam at this course, a person becomes a Qualified Security Assessor. QSAs are allowed during the course of the year to provide PCI DSS compliance audits, or PCI Data Security Standard compliance audits using the PCI compliance checklist with companies who process payment cards online. QSAs must be re-certified annually, and PCI DSS compliance audits must be executed annually as well. QSAs are allowed to run their own PCI compliance service business.
PA-QSA training – become a Payment Application Qualified Security Assessor
This course will prepare you to work with software companies who produce payment card processing software. You will be certified to assess compliance of such software companies with the PCI PA-DSS standard. Adherence of the software to this standard means that the software is designed to securely process payment cards. PA-QSAs must be re-certified yearly.
ASV training – become an Approved Scanning Vendor
Besides the annual PCI DSS compliance audits, companies must also perform quarterly scans of their internet-facing connections for security vulnerabilities of any sorts. These scans must be performed by ASVs, and you can become qualified to offer PCI scans to the companies by passing the ASV exam after receiving the ASM training. The ASVs must be re-certified yearly.
ISA training – become an Internal Security Assessor
This title makes sense for larger companies only. When your company has many PCI DSS certifications to pass, you can have an employee with IT experience attend the ISA training with the PCI Security Council and pass the ISA training exam. Very similar in scope to the QSA training exam, becoming an ISA will allow you to internally execute PCI security audits without needing to seek help from the sources outside of the company.
Create a video blog
PCI Security Council is a standard-setting and compliance training arm for the consortium of top five payment card processors, Mastercard, Visa, American Express, Discover Card, and Japan Credit Bureau. The Council’s role is to set common standards for the security of online transactions that the five founding companies approve of and promote to the banks that offer payment cards with any of the 5 logos. The banks, in turn, can demand these PCI requirements to be fulfilled by the merchants and online service providers that they have accounts with.
To provide PCI education for online security compliance services that help individual merchants and online service providers set up their systems to be secure and compliant, the PCI Security Council provides several courses and corresponding certificates. These PCI training courses are named after the titles the participants acquire after they pass the corresponding test at the end of the course. Each of the titles will allow the participant to provide some component of PCI compliance auditing.
The PCI education training titles available are: QSA, PA-QSA, ASV, ISA.
QSA training – become a Qualified Security Assessor
By attending and passing the final exam at this course, a person becomes a Qualified Security Assessor. QSAs are allowed during the course of the year to provide PCI DSS compliance audits, or PCI Data Security Standard compliance audits using the PCI compliance checklist with companies who process payment cards online. QSAs must be re-certified annually, and PCI DSS compliance audits must be executed annually as well. QSAs are allowed to run their own PCI compliance service business.
PA-QSA training – become a Payment Application Qualified Security Assessor
This course will prepare you to work with software companies who produce payment card processing software. You will be certified to assess compliance of such software companies with the PCI PA-DSS standard. Adherence of the software to this standard means that the software is designed to securely process payment cards. PA-QSAs must be re-certified yearly.
ASV training – become an Approved Scanning Vendor
Besides the annual PCI DSS compliance audits, companies must also perform quarterly scans of their internet-facing connections for security vulnerabilities of any sorts. These scans must be performed by ASVs, and you can become qualified to offer PCI scans to the companies by passing the ASV exam after receiving the ASM training. The ASVs must be re-certified yearly.
ISA training – become an Internal Security Assessor
This title makes sense for larger companies only. When your company has many PCI DSS certifications to pass, you can have an employee with IT experience attend the ISA training with the PCI Security Council and pass the ISA training exam. Very similar in scope to the QSA training exam, becoming an ISA will allow you to internally execute PCI security audits without needing to seek help from the sources outside of the company.
Create a video blog