There is a 133% increase in breaches in 2018 compared to 2017 as per the breach level index published by a leading digital security provider. While Payment Security compliance levels are increasing, the detection and response capabilities have not been able to match up to address the growing threats.
Timely incident detection and response is a crucial element. SISA payment forensics labs that investigated over 24 investigations in 2017 and 30 investigations in 2018 observed that all these breaches except one were due to third-party reporting. In other words, breached organizations did not identify any of these incidents themselves, thereby leading to reputation and huge financial losses.
Payment Security Frameworks including PCI DSS and SWIFT CSF emphasize the organization to have a proper incident detection and response program and survey reports that over 82% of the organizations do not have trained staff to identify them.
CPIDR is a program designed by SISA for IT Security Staff who manage payment systems, working for a retailer, bank or processor. They are typically from the networking team, infrastructure team, the application support team or their IT Security team doing security monitoring. This program is to train the teams to identify, detect and appropriately respond to such incidents.
The target participants for this workshop are teams and managers from IT, Information Security, and Security Operations Center.
Note: Certified Payment-Security Incident Detector and Responder (CPIDR) is an independent payments industry certification offered by SISA (https://www.sisainfosec.com) for payment security professionals, relating to the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS is managed and developed by the PCI Security Standards Council (PCI SSC), which provides its own PCI DSS training and certification programs. SISA is not affiliated with or endorsed by PCI SSC.
For more information about PCI SSC and the PCI DSS visit: https://www.pcisecuritystandards.org.
- Introduction to the Payments World
- Overview of the Payment Risks
- Threat Hunting
– Hands-on exercise
- Incident Response
- Incident Containment
- Closing Discussion
– 10 Steps to be taken during a payment breach
– Compliance Requirements as per Regulatory Mandates
Training Mode: Interactive, workshop style with case studies
CPIDR Certification: Online Exam (One-hour)
- Basic knowledge of review of audit trails and logs
- Basic knowledge of Memory analysis
- Working knowledge on MS Excel
- Laptop is mandatory for the workshop along with MS Excel
Renju Varghese Jolly
CPIDR Authorised Trainer
PCI QSA, Core PFI, ISO 27001 LA
Renju leads the MDR division and is the VP – Delivery at SISA. He is a Core Payment Forensic Investigator approved by the PCI Council and has handled several forensic investigation audits and has successfully implemented PCI Compliance program at leading Banks, Third Party Processors, IT, BPOs, and Payment Gateways. He has also conducted several workshops on payment security across the world.
Some of his Key Accomplishments:
- Second PCI QSA in the region
- First VISA PIN Assessor in the region
- Core Payment Forensic Investigator
- Master CPISI Trainer (PCI DSS Implementation Workshop)
- Certifications: PCI QSA, PA QSA, P2PE QSA, PCI Forensic Investigator (PFI), PCI PIN Security Assessor, CISA, CISSP, GIAC Certified Forensic Analyst