Information Security Awareness Training

Agenda

1. Introduction to PCI DSS

   • What is PCI DSS and why it matters
   • Overview of PCI DSS v4.0 updates
   • Importance of protecting cardholder data

2. Understanding the Cardholder Data Environment (CDE)

   • What constitutes the CDE
   • Examples of systems and processes involved
   • Employee roles in securing the CDE

3. Organisational Security Policies & Procedures

   • Overview of your company’s security policies
   • Acceptable use of end-user technologies (part of Requirement 12)
   • Responsibilities and expectations for all staff

4. Threats & Vulnerabilities (15 mins)

   • Common threats to the CDE:
     • Phishing
     • Social engineering
     • Malware and ransomware
   • Real-world examples and case studies
   • How these threats impact your organization

5. Secure Behaviour & Best Practices

   • Password hygiene
   • Device security (BYOD policies)
   • Safe browsing and email practices
   • Reporting suspicious activity

6. Compliance & Accountability

   • Annual training and acknowledgment requirements
   • Tracking and enforcement of training completion
   • Role of audits and assessments

7. Knowledge Check & Acknowledgment

   • Quick quiz or interactive scenario
   • Employee acknowledgment of understanding policies

Course Details

• Course Duration: approximately 45–60 minutes
• Delivery: Course is delivered via our LMS platform
• Access Period: Upon registration, participants have two weeks to complete the course
• Target Audience: All employees handling cardholder or sensitive data, or accessing IT systems