in Work&Life

CPISI training and certification

Summary

Attended CPISI two days training from 16th to 17th June in Furama Hotel organized by SISA, took the exam on 26th June Sunday at home and passed with a score 84%, received the soft copy CPISI certificate on 07th July.

What is CPISI

CPISI is short for “Certified Payment Card Industry Security Implementer”, it is based on PCI-DSS V3.2, PCI-DSS is short for “Payment Card Industry Data Security Standard”. CPISI is based on PCI-DSS specification, similar to PCIP (Payment Card Industry Professional) certification, since it’s almost the same area and both are entry level, but PCIP will be much expensive, so CPISI cert shall be a better choice, but if you are company sponsored, if you may ignore it. Refer to PCI-DSS and WIKI for more detail.

Reason to take the training

A few consideration to take the CPISI training and certification,

1, Payment Card Industry Security is quite important, payment ecosystem is changing and evolving, people are more concerned about the payment security. Although there is word of “Payment Card”, but it is not much related smart card, it is more on the whole system or environment security, wherever the transaction data flows, it will be scoped in.
2, Study PCI-DSS specification and got some sort of certificate might be useful in future for myself.
3, payment ecosystem includes vast area, smart card is only small part, understand more detail in the back end is interesting.
4, 14 hours of CPE Credits for CISSP, yeah, it’s in security domain.

SCOPE

CPISI is in high level as it is covering wide rage of domain, it is more like how your organization will follow certain rules to be able to keep your transaction data secure and obtain the security qualification, the requirement includes, security network and system, protect cardholder data, Vulnerability management program, access control measures, monitor and test network, Information security policy. It is also talking about mobile payment, Tokenization, Virtualization, Clouds, eCommerce, ATM, Penetration Testing etc. It is really trying to cover everything related to payment, the result is you cannot get to the very detail of each security domain.

Training and Exam

The course is good, students were coming from different countries, trainer was nice and trying his best to convey the knowledge. The India students are really active during the discussion, the group photo is as below,
Training Group Photo

I read most of the material downloaded from PCI DSS website after the training, this is time consuming but gave you an overall structure and understanding of this PCI-DSS thing. The exam link was sent on 22nd June, it is required to attend the online exam within three days, it is open book exam, 50 multi choice questions, each question counts 2 points, time limit is 75 minutes. 60% is the pass mark. I got the result (84%) right after the exam as below screen shot,
Exam Result

Certificate

The PDF version certificate was received two weeks later by email, as below picture shows,
HuiLin Xiong CPISI Certificate

The hardcopy CPISI certificate was received at the end of July 2016.
HuiLin Xiong CPISI Certificate

CPISI Logo:
CPISI Logo

My certificate information can be searched on the SISA website, as this Link.
Listed on SISA website

Write a Comment

Comment

18 − fourteen =

    • Hi Pankaj, I am sorry, I cannot remember the detail of the questions, as it is open book exam, I don’t see there will be difficulties, however I would suggest to understand all the basic concept, and can quick reference to detail once in the exam. I sent you the additional material I read through in addition to the SISA slides, I downloaded them from PCI-DSS website, I read them all.

  1. Hi Huilin,

    Congrats for achieving the cert!
    May I know how much did it cost to you, including the training and the exam?

    Big Thanks!
    Rex

  2. Hello can you forward to me also the information so I may begin studying for the exam? Any and all reading material/slides would be greatly appreciated.

    Thank you