Attended CPISI two days training from 16th to 17th June in Furama Hotel organized by SISA, took the exam on 26th June Sunday at home and passed with a score 84%, received the soft copy CPISI certificate on 07th July.
What is CPISI
CPISI is short for “Certified Payment Card Industry Security Implementer”, it is based on PCI-DSS V3.2, PCI-DSS is short for “Payment Card Industry Data Security Standard”. CPISI is based on PCI-DSS specification, similar to PCIP (Payment Card Industry Professional) certification, since it’s almost the same area and both are entry level, but PCIP will be much expensive, so CPISI cert shall be a better choice, but if you are company sponsored, if you may ignore it. Refer to PCI-DSS and WIKI for more detail.
Reason to take the training
A few consideration to take the CPISI training and certification,
1, Payment Card Industry Security is quite important, payment ecosystem is changing and evolving, people are more concerned about the payment security. Although there is word of “Payment Card”, but it is not much related smart card, it is more on the whole system or environment security, wherever the transaction data flows, it will be scoped in.
2, Study PCI-DSS specification and got some sort of certificate might be useful in future for myself.
3, payment ecosystem includes vast area, smart card is only small part, understand more detail in the back end is interesting.
4, 14 hours of CPE Credits for CISSP, yeah, it’s in security domain.
CPISI is in high level as it is covering wide rage of domain, it is more like how your organization will follow certain rules to be able to keep your transaction data secure and obtain the security qualification, the requirement includes, security network and system, protect cardholder data, Vulnerability management program, access control measures, monitor and test network, Information security policy. It is also talking about mobile payment, Tokenization, Virtualization, Clouds, eCommerce, ATM, Penetration Testing etc. It is really trying to cover everything related to payment, the result is you cannot get to the very detail of each security domain.
Training and Exam
The course is good, students were coming from different countries, trainer was nice and trying his best to convey the knowledge. The India students are really active during the discussion, the group photo is as below,
I read most of the material downloaded from PCI DSS website after the training, this is time consuming but gave you an overall structure and understanding of this PCI-DSS thing. The exam link was sent on 22nd June, it is required to attend the online exam within three days, it is open book exam, 50 multi choice questions, each question counts 2 points, time limit is 75 minutes. 60% is the pass mark. I got the result (84%) right after the exam as below screen shot,
The PDF version certificate was received two weeks later by email, as below picture shows,
The hardcopy CPISI certificate was received at the end of July 2016.
My certificate information can be searched on the SISA website, as this Link.