Society of Payment Security Professionals

CPISM Training and Exam Seminar

Wed, 10 Jun 2009 17:29:54 GMT

CPISM Training and Exam Seminar
Start Date: 19-Aug-09 8:30 AM
End Time: 21-Aug-09 2:00 PM
Location: StayBridge Suites Denver International Airport, Denver, CO 80249
Speaker:

Event Details:

The rapid influx of regulation from all directions has created a need for professionals that understand both the business objectives of the industry at large as well the security and privacy issues facing the industry. To date, the marriage of these two skills has been difficult to evaluate. In order to address the need to identify professionals that understand both the industry as a whole as well as the pressing security issues the industry faces, the Society of Payment Security Professionals created the Certified Payment-Card Industry Security Manager (CPISM).

The CPISM is directed towards those individuals involved in data security compliance projects in the Payments Industry. The material assessed is crucial for project managers, compliance and risk managers, as well as for more technical staff in the Payment Card Security Industry.

SPSP has partnered with StayBridge Suites to provide facilities and rooms for the training seminars. We have negotiated a discounted rate of $119 per night for a one bedroom suite. To reserve your room, call 303-574-0888 and mention the Society of Payment Security Professionals. The room rate deadline is August 2, 2009 at 3 PM. To get more information about the hotel, please visit their website.

StayBridge Suites Denver International Airport

6951 Tower Rd

Denver, CO USA 80249

CPISA Training and Exam Seminar

Wed, 10 Jun 2009 17:15:02 GMT

CPISA Training and Exam Seminar
Start Date: 18-Aug-09 8:30 AM
End Time: 21-Aug-09 2:00 PM
Location: StayBridge Suites Denver International Airport, Denver, CO 80249
Speaker:

Event Details:

In conjunction with the CPISM is the Certified Payment-card Industry Security Auditor (CPISA) certification. The CPISA focuses on information technology, information security, and auditing knowledge and skills. Along with the requirements for the CPISM designation, candidates will complete an additional examination that will test proficiency with the various aspects of approximately twenty skills.

Examinees will need to understand information security concepts such as access control models, cryptographic models and their uses, security management practices, security architecture, application and system security, and physical security. Examinees will need to understand auditing concepts that are applicable to relevant laws and standards within the payment card industry. These include identification of types of sensitive data (NPI, PII, PI, Cardholder Data) related to relevant regulations. Examinees will also be expected to understand the requirements related to auditing organizations and systems against the following standards: PCI DSS, SB1386, MPCSA, PA DSS.

SPSP has partnered with StayBridge Suites to provide facilities and rooms for the training seminars. We have negotiated a discounted rate of $119 per night for a one bedroom suite. To reserve your room, call 303-574-0888 and mention the Society of Payment Security Professionals. The room rate deadline is August 2, 2009 at 3 PM. To get more information about the hotel, please visit their website.

If you have already earned your CPISM certification and would like to sit for the CPISA, please contact us before registering.

StayBridge Suites Denver International Airport

6951 Tower Rd

Denver, CO USA 80249

Inoculation and End to End Encryption

noemail@https://paymentsecuritypros.com — Mon, 01 Jun 2009 13:00:00 GMT

Inoculation & End to End Encryption

1-Jun-09 7:00 AM

An Analysis on the Hearings before the Sub-Committee on Emerging Threats, Cybersecurity, and Science and Techology; "Do the PCI Standards Reduce Cybercrime?"

noemail@https://paymentsecuritypros.com — Sun, 05 Apr 2009 00:00:00 GMT

Analysis of Congressional hearing on PCI DSSSince 1999, the Payment Card Industry has worked towards the implementation of standardized security practices to protect cardholder data. In 2001, Visa US debuted the Cardholder Information Security Program (CISP) on the heels of Visa International’s release of the Account Information Security (AIS) program. Within a year, MasterCard International debuted their own security program, the Site Data Protection (SDP) program. While each of these programs had similar goals, they employed different security standards and validation requirements. In 2006, the card brands created the Payment Card Industry Security Standards Council (PCI SSC) and debuted the Payment Card Industry Data Security Standards (PCI DSS). The PCI DSS was a cooperative effort at creating minimum standard for the security of cardholder data. The new Standard was to be managed by the Payment Card Industry Security Standards Council (PCI SSC), a newly formed consortium of five major card brands - Visa, Inc., MasterCard Worldwide, American Express, Discover Financial and JCB. The PCI SSC was created on a similar model as the Europay, MasterCard, Visa (EMV) model that introduced Chip & PIN technology.

In the intervening years, the debate as to the effectiveness of the PCI DSS has raged, as data compromises have continued to increase, seemingly unabated, in frequency and magnitude.. Advocates of the PCI DSS have maintained that the best defense against breaches remains compliance with the Standard. Further, while conceding that data breaches continue to challenge the industry supports maintains that the Standard has actually prevented many data compromises. Detractors, in turn, have used the increased media coverage of data compromises to question the efficacy of the PCI DSS altogether. Their position is that, if the Standard was effective, the magnitude and frequency of such breaches would decline.

Concerned over the apparent increase in data breaches, and the recognition that cybercrime is increasingly being used to support terrorist activities, the House of Representatives Committee on Homeland Security has undertaken an investigation of the PCI DSS and its impact on the cybercrime. The Committee on Homeland Security was formed in 2002 as a non-permanent committee whose charter was to oversee the development of the Department of Homeland Security. In 2005, the Committee was made permanent. The Committee’s many areas of focus include the issue of CyberSecurity, Science and Technology. Accordingly, the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology is leading the investigation into the PCI DSS and its impact, if any, on cybercrime. Of particular interest to the Subcommittee is the use of misappropriated payment card data in the funding of criminal activities, particularly terrorism and terrorism related activities.

Data Delimma

noemail@https://paymentsecuritypros.com — Fri, 13 Feb 2009 00:00:00 GMT

/attachments/wysiwyg/10/ProPayWhitepaperNov08.pdf

12-Feb-09 5:00 PM

PCI Weekly News February 9, 2009

noemail@https://paymentsecuritypros.com — Mon, 09 Feb 2009 20:00:00 GMT

/attachments/wysiwyg/470/PCIWeeklyNewsFeb9th2009.pdf

9-Feb-09 1:00 PM

PCI Weekly News February 2, 2009

noemail@https://paymentsecuritypros.com — Fri, 06 Feb 2009 01:00:00 GMT

/attachments/wysiwyg/470/PCIWeeklyNewsFeb2nd2009.pdf

5-Feb-09 6:00 PM

PCI Weekly News January 26, 2009

noemail@https://paymentsecuritypros.com — Fri, 06 Feb 2009 00:00:00 GMT

/attachments/wysiwyg/470/PCIWeeklyNewsJan26th2009.pdf

5-Feb-09 5:00 PM

PCI Weekly News January 12, 2009

noemail@https://paymentsecuritypros.com — Tue, 13 Jan 2009 06:00:00 GMT

PCI Weekly News

12-Jan-09 11:00 PM

PCI Weekly News December 22, 2008

noemail@https://paymentsecuritypros.com — Tue, 06 Jan 2009 01:00:00 GMT

/attachments/wysiwyg/470/PCIWeeklyNewsDec22nd2008.pdf

5-Jan-09 6:00 PM

PCI Weekly News January 5, 2009

noemail@https://paymentsecuritypros.com — Tue, 06 Jan 2009 01:00:00 GMT

/attachments/wysiwyg/470/PCIWeeklyNewsJan5th2009.pdf

5-Jan-09 6:00 PM

Certification DataSheet

noemail@https://paymentsecuritypros.com — Fri, 02 Jan 2009 23:00:00 GMT

Certification DataSheet

2-Jan-09 4:00 PM

Society of Payment Security Professionals Certifies 100 CPISMs Since May

noemail@https://paymentsecuritypros.com — Thu, 02 Oct 2008 16:00:00 GMT

PARK CITY, UT--(Marketwire - October 02, 2008) - Highlighted Links Payment Security Professionals The Society of Payment Security Professionals (SPSP) is pleased to announce that they have now certified more than 100 people as Certified Payment-Card Industry Security Managers (CPISMs). The rapid adoption of the certification illustrates the need in the industry to provide a standard level of data security, compliance, and industry knowledge in the Payment-Card Industry. In November, the SPSP will introduce the companion certification, the Certified Payment-Card Industry Security Auditor (CPISA). The Society of Payment Security Professionals proctored the industry's first public CPISM training and examination in August 2008 and now over 100 people are certified worldwide. The growing demand for certification has led the SPSP to schedule another training event in November in Dallas, Texas. According to Shelley Johnson, Director of Education and New Media, The...

First QSAs Earn CPISM Credential

noemail@https://paymentsecuritypros.com — Thu, 31 Jul 2008 19:00:00 GMT

PARK CITY, UT--(Marketwire - July 31, 2008) - Coalfire Systems recently invited the Society of Payment Security Professionals to proctor the Certified Payment-Card Industry Security Manager (CPISM) certification at their Louisville, CO headquarters. The event makes Coalfire Systems the first Qualified Security Assessment Company (QSAC) to put its Qualified Security Assessors (QSA) through the CPISM examination and certification process. The knowledge and skill validation that Coalfire Systems has gained from obtaining the rigorous CPISM certifications for its delivery staff perfectly complements the real world experience that we gain from engagement experience, helping our customers through complex compliance and security requirements, according to Matt Harrigan, Managing Director for the California Region. By educating security professionals about the industry as a whole, and defining a common language for payment security, the CPISM levels the playing field between parties who...

Society of Payment Security Professionals Welcomes the Newest CPISMs: New Standard of Experience and Education for the Payment-Card Industry

noemail@https://paymentsecuritypros.com — Tue, 15 Jul 2008 15:00:00 GMT

PARK CITY, UT--(Marketwire - July 15, 2008) - The Society of Payment Security Professionals (SPSP) proctored the industry's first Certified Payment-Card Industry Security Manager (CPISM) training and examination for more than 55 individuals. In the first months since the debut of the certification, two major acquiring banks and a Qualified Security Assessor have sent almost 100 of their employees through the training and examination. According to Dr. Heather Mark, Ph.D., Executive Director of the Society of Payment Security Professionals, This marks the adoption of a new standard of experience and education for those that are involved in protecting consumer data in the Payment-Card Industry. The protection of consumer data is an initiative that ProPay takes very seriously, said Richard Sorenson, COO of ProPay and newly minted CPISM. In having our employees sit for both the training and the exam we are able to better inform our clients on issues of data protection. The rigorous...

Qualified Security Assessor

Fri, 08 May 2009 06:00:00 GMT

Title: Qualified Security Assessor Description: The successful candidate will work directly for a a partner of PSC on Payment Card Industry security audits and engagements. Projects may include: Performing independent security assessments in accordance with PCI Data Security Standard; Performing independent security assessments on payment applications in accordance with PCI Payment Application Data Security Standard Working as a team member on a large audit engagement to perform elements of PCI audits; Performing security consultation projects to assist PSC Client's implement security controls; Developing testing scripts and procedures; Assisting PSC security lab in performing vulnerability analysis; Evaluating systems and environments to identify security exposures; Other security-related projects that may be assigned according to skills; Marketing and sales of PSC services as may be required from time to time. Who is PSC? With offices in the USA,...

PCI Compliance Manager

Thu, 07 May 2009 06:00:00 GMT

Title: PCI Compliance Manager Description: SunTrust Banks, Inc., with total assets of $177.4 billion on June 30, 2008, is one of the nation’s largest and strongest financial holding companies. Atlanta-based SunTrust enjoys leading market positions in some of the highest growth markets in the United States and also serves clients in selected markets nationally. We are announcing a new position for a Payment Card Industry (PCI) Compliance Manager that will be based in Atlanta, GA. This position reports into our Enterprise Technology Risk Management (ETRM) Governance group. This group is chartered with the governance to secure SunTrust’s information, keeping it confidential, reliable, and available for our clients every single day. As a member of this group you will consult with our business partners and provide your expertise and guidance to help us plan for rand remediate risks. We will expect you to anticipate business needs, emerging trends and threats by continuously monitoring and...

Tue, 30 Jun 2009 04:17:54 GMT

EMAIL ISSUES for SPSP! We are working through email issues. If you get a 'returned' message please resend or contact the team at info@aegenis.com The Society of Payment Security Professionals' (SPSP) objective is to provide individuals and organizations involved in payment security with an online community to share information and access education and certification opportunities. Society members come from a variety of businesses including card brands, merchants, acquirers, issuers, ISOs, and more. Though their organizations may vary, they all share one purpose: to protect consumer data using the most current, viable technologies and processes. Listen to a podcast about the SPSP The SPSP is the global trainer of Visa Inc. merchants, service providers, and client banks. We provide training and education to thousands of people every year, from countries including: USA, Canada, UK, Brazil, Australia, Japan, Korea, Singapore, Argentina, and Hong Kong (China). In...

SPSP Announces 2009 Training Dates

Fri, 26 Jun 2009 18:06:47 GMT

The Society of Payment Security Professionals has announced the 2009 CPISM/CPISA US training and certification dates. All CPISM/CPISA Candidates must still be a member in good standing of the Society of Payment Security Professionals. To join, click here. You can also add the annual membership fee to your event registration. 2009 CPISM/CPISA Training & Certification Exam Dates CPISA Dates 08/18/2009 - 08/21/2009 Boot Camp (4 days) Denver, CO Register CPISM Dates 08/19/2009 - -8/21/2009 Boot Camp (3 days) Denver, CO Register ...

Society Membership

Tue, 31 Mar 2009 17:00:11 GMT

Membership in the Society of Payment Security Professionals is open to anyone with an interest in payment card security. Membership brings with it access to community conversations, discounted events and eLearning, podcasts, and members-only webinars where the industry's most current and pressing trends are discussed. Members also have access to a job board that is specific to this industry.

Member Benefits

Ability to participate in Usergroups (Working Groups)
Customizable member profile page
Member-only webinars covering current and emerging issues
Access to online directory of members
Access to monthly podcasts
Ability to engage in member's only discussion board
Discounted event and eLearning
Access to online database of white papers and industry reports

To apply for membership, visit our membership application page.

Membership Levels

Dues are due on an annual basis. There are two options, individual membership and organizational membership.

Individual Membership for 1 year. This includes all of the benefits listed above.
Organizational Membership for 1 year for up to 12 people. This includes all of the benefits listed above for each member, one free job posting per calendar year, discounted onsite training and exam opportunities, and display of your company's logo and website link.

Credit Card Processing

Public Surveys

Tue, 03 Mar 2009 20:55:08 GMT

These surveys are offered to compile relevant information related to payment card security issues. Please feel free to answer the surveys at your convenience. The surveys can be answered anonymously.

Survey #1: Cost and Value of PCI DSS

Blogs and Podcasts

Tue, 17 Feb 2009 11:40:49 GMT

Keep up with recent trends and issues in the Payment Card Industry. The PCI Answers blog provides current updates on industry trends with voices from The Aegenis Group and from SPSP Board Members. The SPSP Community Blog is an aggregation of SPSP member blogs. And listen to podcasts produced by experts at The Aegenis Group on the Aegenis Group Podcasts.

The Society of Payment Security Professionals (SPSP) values collaborative discussion and dialog among its Members. The SPSP Community Blog consists of blog posts made by Members on their own blogs that are aggregated and displayed here. Blog posts are solely the opinions of their respective authors. If you are a member and would like to share your blog, go to the Add Your Blog page.

PCI Answers Blog

The SPSP Podcasts

SPSP Community Blog

SPSP Webinars

Mon, 16 Feb 2009 18:08:05 GMT

The Society of Payment Security Professionals is pleased to offer members monthly webinars on subjects of particular interest to Payment Security Professionals™.

Upcoming Webinars

The Role of Risk Management in Data Security

Thursday, March 12, 2009

Presented by Chris Mark, CPISM/A, CISSP, CIPP

Founder, Society of Payment Security Professionals

The end goal of PCI DSS compliance is to "prevent the electronic and paper theft of payment card data." Is this goal attainable, and if so what is the best path to reach that goal?

This presentation will outline the role of proper risk management in data security. It will discuss several case studies of how risk management can be used to reduce and troubleshoot scope.

To register for the webinar, please follow this link.

Webinar Archives are Coming Soon

Payment Security Professional of the Year 2008

Fri, 13 Feb 2009 18:51:26 GMT

Branden Williams The Society of Payment Security Professionals is proud to announce Branden Williams as the Payment Security Professional of the Year, 2008. Mr. Williams is the Director of the PCI Practice for VeriSign’s Global Security Practice. When asked about his entry to payment security, Branden explained, Payment security was not my life when I was hired, but after the first VISA CISP assessment that I performed in mid-2004, I was hooked. The incredible complexity of the systems and the uniqueness of each customer’s environment gave my brain new folds. I enjoyed the challenge of solving complex security and compliance issues and helping customers bring antiquated systems into compliance through the design of creative compensating controls or re-engineering the entire payment stream. In January of 2006, I took the global PCI leadership position at VeriSign and have been leading our practice ever since. Though he began working in the payment security space in...

Organizational Members

Fri, 13 Feb 2009 00:04:34 GMT

Organizational Members are corporate, private, or public organizations that support the Society of Professional Security Professionals (SPSP). Benefits of organizational membership include: Individual membership for up to 12 members of the organization Up to 20% discount for onsite training programs Free listing in the SPSP business directory Free job postings on the SPSP job Board Many more services are currently being developed. To become an organizational member, click here. Please note that there is a two-step process to becoming an organizational member. The person signing the company up has to complete a self-user registration first and will then receive two emails 1. Self user registration confirmation 2. Email with a link to add the company and complete the process. ...

Society News Network

Sun, 18 Jan 2009 04:58:41 GMT

The Society News Network (SNN) is an RSS syndication of all the content within the Society site. Here you can subscribe to podcasts, blog content, newsletters, and SPSP Community Content. The SNN solicits content from bloggers and news sources who write actively about Payment Card Security. If you are interested in submitting your site for review, please contact us. ALL SYNDICATED CONTENT Press Releases PCI Answers Blog Podcasts SPSP Community Content Articles Calendar Events Job Listings Resume Listings Directory Listings Surveys

CPISA

Wed, 14 Jan 2009 19:50:54 GMT

Certified Payment-Card Industry Security Auditor (CPISA) In conjunction with the CPISM is the Certified Payment-card Industry Security Auditor (CPISA) certification. The CPISA focuses on information technology, information security, and auditing knowledge and skills. Along with the requirements for the CPISM designation, candidates will complete an additional examination that will test proficiency with the various aspects of approximately twenty skills. Examinees will need to understand information security concepts such as access control models, cryptographic models and their uses, security management practices, security architecture, application and system security, and physical security. Examinees will need to understand auditing concepts that are applicable to relevant laws and standards within the payment card industry. These include identification of types of sensitive data (NPI, PII, PI, Cardholder Data)...

Cost and Value of PCI DSS

noemail@https://paymentsecuritypros.com — Tue, 03 Mar 2009 19:00:00 GMT

Objectives: The objective of this survey is to collect, and analyze and provide findings to Society members related to the costs associated with the PCI DSS assessment and remediation efforts, as well as opinions as to the value of the PCI DSS.

Release Date: 3-Mar-09 12:00 PM
Expiration Date: 4-Apr-09 12:00 PM
Please answer the survey questions as accurately as possible. To take this survey anonymously, please select the 'anonymous' option.

PCI-logo

Sat, 04 Jul 2009 00:38:16 GMT

File uploaded by Ben Oguntala.

QSAe2e

Sat, 04 Jul 2009 00:38:16 GMT