This self-paced online course equips personnel involved in the Incident Response Plan (IRP) with the knowledge and skills to respond effectively to security incidents under PCI DSS v4.0. Participants will learn to implement key IRP components, monitor and detect threats, manage evidence, conduct investigations, and apply post-incident actions. Practical guidance and scenario-based exercises ensure employees can fulfil their IRP responsibilities in compliance with PCI DSS requirements.
Fees
COURSE OUTLINES
Agenda
-
Introduction to Incident Response & PCI DSS
- What is an Incident Response Plan (IRP)?
- Why IRP is critical under PCI DSS v4.0
- Overview of Requirement 12 and its sub-requirements
-
Key Components of an IRP
- Roles and responsibilities
- Communication and contact strategies (including acquirers/payment brands)
- Containment and mitigation procedures
- Business continuity and recovery
- Legal and regulatory reporting obligations
- Reference to payment brand-specific procedures
-
Monitoring & Detection Systems
- Tools required for real-time monitoring
- IDS/IPS
- File integrity monitoring
- Anti-malware, EDR, UBA
- Email security (DMARC, SPF, DKIM)
- Wireless IDS/IPS
- Tamper detection for payment pages
- Responding to alerts and suspected incidents
-
Response Procedures for PAN Discovery
- What to do when Primary Account Numbers (PANs) are found outside the CDE
- Secure deletion and migration
- Identifying root causes and fixing process gaps
- Preventing future data leaks
-
Preparing for a Forensic Investigation
- Importance of having a pre-approved forensic investigator (PFI) list
- Establishing relationships with forensic experts ahead of time
- Ensuring logging and monitoring systems are properly configured and retained
- Maintaining an up-to-date data flow diagram and asset inventory
-
Evidence Handling & Chain of Custody
- Principles of digital evidence handling:
- Do not alter original data
- Use write-blockers when imaging drives
- Document every step taken
- Chain of custody documentation:
- Who accessed the evidence
- When and why it was accessed
- How it was stored and transferred
- Secure storage of evidence (physical and digital)
- Principles of digital evidence handling:
-
Conducting the Investigation
- Initial triage and scoping
- Imaging and analysis of affected systems
- Identifying indicators of compromise (IOCs)
- Timeline reconstruction and root cause analysis
- Reporting findings to relevant stakeholders (including acquirers/payment brands)
-
Post-Investigation Actions
- Remediation planning and execution
- Updating security controls and policies
- Lessons learned and process improvement
- Communicating outcomes to internal and external parties
- Regulatory and legal follow-up (if applicable)
-
Training & Testing Requirements
- Role-specific training expectations
- Frequency based on risk analysis
- Tabletop exercises: how to conduct and document
- Post-mortem reviews and continuous improvement
-
Availability & Escalation Protocols
- 24/7 availability of incident response personnel
- Escalation paths and decision-making authority
- Coordination across departments (IT, Legal, HR, PR)
-
Knowledge Check & Acknowledgment
- Short quiz or scenario-based exercise
- Employee acknowledgment of IRP understanding
COURSE DETAILS
Course Details
- Course Duration: approximately 45–60 minutes
- Delivery: Course is delivered via our LMS platform
- Access Period: Upon registration, participants have two weeks to complete the course
- Target Audience: Personnel involved in the incident response plan (IRP)
PREREQUISITES
- Personnel must be actively assigned roles within the organisation’s Incident Response Plan (IRP)
- Basic understanding of IT systems, networks, and security concepts