WEBVTT

00:00:00.000 --> 00:00:07.415
(Music) Hello.

00:00:07.415 --> 00:00:08.331
My name is John Elliott.

00:00:08.331 --> 00:00:14.504
Welcome to the course, PCI DSS: Securing Data, Systems, and Applications.

00:00:14.504 --> 00:00:15.185
In this course,

00:00:15.185 --> 00:00:19.816
I bring together the theoretical knowledge of PCI DSS requirements 5 and 6,

00:00:19.816 --> 00:00:23.885
along with the practical experience of how the standard really works.

00:00:23.885 --> 00:00:25.186
And I'm Jacob Ansari.

00:00:25.186 --> 00:00:28.487
I'm a Qualified Security Assessor or QSA with Schellman and Company,

00:00:28.487 --> 00:00:32.503
and I'm qualified to assess many of the PCI standards including PCI DSS,

00:00:32.503 --> 00:00:34.330
PA DSS, and PDPD.

00:00:34.330 --> 00:00:37.225
I've been an assessor for 14 years and have been doing this

00:00:37.225 --> 00:00:39.454
since the predecessor standards to PCI DSS.

00:00:39.455 --> 00:00:43.069
In this course we will firstly look at the DSS requirement to have

00:00:43.069 --> 00:00:46.031
antivirus or antimalware software installed on any system that can

00:00:46.031 --> 00:00:48.451
affect the security of cardholder data.

00:00:48.451 --> 00:00:51.438
And then we're going to talk about three of the most important

00:00:51.438 --> 00:00:53.459
security needs; vulnerability management,

00:00:53.459 --> 00:00:55.802
change control, and application security.

00:00:55.802 --> 00:00:59.749
This is the area where organizations most often fail and therefore

00:00:59.749 --> 00:01:02.447
how criminals break in to steal cardholder data.

00:01:02.448 --> 00:01:06.120
For each PCI DSS requirement, I'm going to cover what the standard says,

00:01:06.120 --> 00:01:09.037
what it means, and what will be assessed by a QSA.

00:01:09.037 --> 00:01:12.203
Then Jacob and I will discuss some of the key practical

00:01:12.203 --> 00:01:15.197
aspects of getting compliant and being assessed.

00:01:15.197 --> 00:01:15.713
Ideally,

00:01:15.713 --> 00:01:19.443
you'll already understand the basics of payment card processing and PCI DSS,

00:01:19.443 --> 00:01:22.211
but if you just want to get to grips with the requirement,

00:01:22.211 --> 00:01:24.671
you'll be able to jump straight in with no problems.

00:01:24.671 --> 00:01:25.804
By the end of this course,

00:01:25.804 --> 00:01:27.975
you'll have a great understanding of both the theory and the

00:01:27.975 --> 00:01:30.870
practice to help you implement the PCI DSS requirements that

00:01:30.870 --> 00:01:33.262
apply to securing logical assets.

00:01:33.262 --> 00:01:36.547
We do hope you will join us to learn the theory and practice behind

00:01:36.547 --> 00:01:41.643
PCI DSS requirements 5 and 6 with the Securing Data: Systems and

00:01:41.643 --> 00:01:45.542
Applications course here at Pluralsight.