1
00:00:00,680 --> 00:00:08,960
The PCI data security standard as for organizations that handle credit cards from the major card schemes

2
00:00:10,880 --> 00:00:19,160
basically PCI is a set of rules to follow if your company processes payments the type of data that is

3
00:00:19,160 --> 00:00:28,980
supposed to be protected by PCI compliance are things like cardholder names pins and account numbers.

4
00:00:29,120 --> 00:00:36,110
The first PCI standard PCI 1.0 was released in 2004.

5
00:00:36,560 --> 00:00:41,370
The latest version is PCI 3.2.

6
00:00:41,630 --> 00:00:47,570
The latest requirements can be found on the PCI security standards Web site.

7
00:00:47,600 --> 00:00:49,900
Currently there are 12 requirements

8
00:00:52,510 --> 00:00:57,960
to view the detailed PCI security standards document from the home page.

9
00:00:58,030 --> 00:01:11,670
You can actually click on document library and then click on View document for PCI DSS Berzon 3.2.

10
00:01:11,940 --> 00:01:17,100
Click on PCI DSS for the cyber ops exam.

11
00:01:17,100 --> 00:01:27,150
You of course do not need to memorize the entire PCI DSS document but I would at least go over the high

12
00:01:27,150 --> 00:01:37,350
level overview of the 12 PCI DSS requirements and commit those to memory and also make sure you know

13
00:01:37,700 --> 00:01:42,940
the different types of cardholder data listed on page 7.

14
00:01:43,170 --> 00:01:45,760
So those are two big things that I would focus on.

15
00:01:46,020 --> 00:01:48,960
Of course go through the whole guide.

16
00:01:48,960 --> 00:01:55,140
There are some really good stuff about network segmentation as well as best practices for implementing

17
00:01:55,170 --> 00:01:55,890
PCI

18
00:01:59,280 --> 00:02:10,630
really the best way to be PCI compliant is to create a dedicated PCI environment for any PCI systems.

19
00:02:10,680 --> 00:02:16,530
Then you only have to maintain PCI compliance for a small portion of your network.