The PCI Council has introduced a series of instructor-led PCI Awareness training courses for 2011, the first of which will take place in San Francisco on February 18. Another in-person training seminar is slated for March 11 in London.
“The awareness training is intended for anybody who wants to learn more about PCI”, said Bob Russo, general manager of the PCI Council. He told Infosecurity that the courses contain four modules that cover all PCI basics, including how the payment system operates straight through to how PCI works and why it is important to be compliant.
“It’s an inclusive type of training for management”, he continued, especially for managers who lack a working knowledge of what PCI compliance entails, or its value to the business.
Those interested can sign up for instructor-led, in person training sessions, or take advantage of the Council’s online compliance awareness training. The PCI Council will be holding two webinars the week of Feb 21 to discuss its training sessions for 2011.
The PCI Council released version 2.0 of the PCI DSS in October 2010, which went into effect in January of this year and allows merchants an entire year to transition their compliance processes to be in line with the new standard.
Russo said he expects supplemental guidance to be issued by the council over the next year, as new data security technologies emerge, including advice on point-to-point encryption, tokenization, using the standards in a virtualized environment, and using the standards in the cloud.
“We can say confidently that [PCI compliance] is the best defense you will have against a breach, but by no means is this the ceiling”, Russo added. “This is basically the minimum you should be doing – anything you can add to it is an additional layer that makes it more secure.”