PCI Compliance
Understand and Implement Effective PCI Data Security Standard Compliance
- 3rd Edition - August 13, 2012
- Authors: Branden R. Williams, Anton Chuvakin
- Language: English
- Paperback ISBN:9 7 8 - 1 - 5 9 7 4 9 - 9 4 8 - 4
- eBook ISBN:9 7 8 - 1 - 5 9 7 4 9 - 9 5 3 - 8
The credit card industry established the PCI Data Security Standards to provide a minimum standard for how vendors should protect data to ensure it is not stolen by fraudsters. PC… Read more
Purchase options
The credit card industry established the PCI Data Security Standards to provide a minimum standard for how vendors should protect data to ensure it is not stolen by fraudsters. PCI Compliance, 3e, provides the information readers need to understand the current PCI Data Security standards, which have recently been updated to version 2.0, and how to effectively implement security within your company to be compliant with the credit card industry guidelines and protect sensitive and personally identifiable information. Security breaches continue to occur on a regular basis, affecting millions of customers and costing companies millions of dollars in fines and reparations. That doesn’t include the effects such security breaches have on the reputation of the companies that suffer attacks. PCI Compliance, 3e, helps readers avoid costly breaches and inefficient compliance initiatives to keep their infrastructure secure.
- Provides a clear explanation of PCI
- Provides practical case studies, fraud studies, and analysis of PCI
- The first book to address version 2.0 updates to the PCI DSS, security strategy to keep your infrastructure PCI compliant
IT Security Professionals (Security Auditors, Security Engineers, Compliance Specialists, etc.), IT Professionals (Network Administrators, IT Managers, Security Managers, Security Analysts, Directors of Security,etc.)
Acknowledgements
About the Authors
Foreword
Chapter 1. About PCI and This Book
Who Should Read This Book?
How to Use The Book in Your Daily Job
What This Book is Not
Organization of the Book
Summary
Chapter 2. Introduction to Fraud, Data Theft, and Related Regulatory Mandates
Summary
Chapter 3. Why Is PCI Here?
What is PCI and Who Must Comply?
PCI DSS in Depth
Quick Overview of PCI Requirements
PCI DSS and Risk
Benefits of Compliance
Case Study
Summary
REFERENCES
Chapter 4. Determining and Reducing the PCI Scope
The Basics of PCI DSS Scoping
The “Gotchas” of PCI Scope
Scope Reduction Tips
Planning Your PCI Project
Case Study
Summary
Chapter 5. Building and Maintaining a Secure Network
Which PCI DSS Requirements Are in This Domain?
What Else Can You Do to Be Secure?
Tools and Best Practices
Common Mistakes and Pitfalls
Case Study
Summary
Chapter 6. Strong Access Controls
Which PCI DSS Requirements are in this Domain?
What Else Can You Do to Be Secure?
Tools and Best Practices
Common Mistakes and Pitfalls
Case Study
Summary
Chapter 7. Protecting Cardholder Data
What is Data Protection and Why is it Needed?
Requirements Addressed in This Chapter
PCI Requirement 3: Protect Stored Cardholder Data
Requirement 3 Walk-Through
What Else Can You Do to Be Secure?
PCI Requirement 4 Walk-Through
Requirement 12 Walk-Through
Appendix A of PCI DSS
How to Become Compliant and Secure
Common Mistakes and Pitfalls
Case Study
Summary
REFERENCES
Chapter 8. Using Wireless Networking
What is Wireless Network Security?
Where is Wireless Network Security in PCI DSS?
Why Do We Need Wireless Network Security?
Tools and Best Practices
Common Mistakes and Pitfalls
Case Study
Summary
Chapter 9. Vulnerability Management
PCI DSS Requirements Covered
Vulnerability Management in PCI
Requirement 5 Walk-Through
Requirement 6 Walk-Through
Requirement 11 Walk-Through
Internal Vulnerability Scanning
Common PCI Vulnerability Management Mistakes
Case Study
Summary
REFERENCES
Chapter 10. Logging Events and Monitoring the Cardholder Data Environment
PCI Requirements Covered
Why Logging and Monitoring in PCI DSS?
Logging and Monitoring in Depth
PCI Relevance of Logs
Logging in PCI Requirement 10
Monitoring Data and Log for Security Issues
Logging and Monitoring in PCI—All Other Requirements
PCI DSS Logging Policies and Procedures
Tools For Logging in PCI
Other Monitoring Tools
Intrusion Detection and Prevention
Integrity Monitoring
Common Mistakes and Pitfalls
Case Study
Summary
Reference
Chapter 11. PCI for the Small Business
The Risks of Credit Card Acceptance
New Business Considerations
Your POS is Like My POS!
A Basic Scheme for SMB Hardening
Case Study
Summary
Chapter 12. Managing a PCI DSS Project to Achieve Compliance
Justifying a Business Case for Compliance
Bringing the Key Players to the Table
Budgeting Time and Resources
Educating Staff
Project Quickstart Guide
The PCI DSS Prioritized Approach
The Visa TIP
Summary
REFERENCE
Chapter 13. Don’t Fear the Assessor
Remember, Assessors Are There to Help
Dealing With Assessors’ Mistakes
Planning for Remediation
Planning for Reassessing
Summary
Chapter 14. The Art of Compensating Control
What is a Compensating Control?
Where are Compensating Controls in PCI DSS?
What a Compensating Control is Not
Funny Controls You Didn’t Design
How to Create a Good Compensating Control
Case Studies
Summary
Chapter 15. You’re Compliant, Now What?
Security is a Process, Not an Event
Plan for Periodic Review and Training
PCI Requirements With Periodic Maintenance
PCI Self-Assessment
Case Study
Summary
Chapter 16. Emerging Technology and Alternative Payment Schemes
New Payment Schemes
Predictions
Taxonomy and Tidbits
Case Study
Summary
Chapter 17. Myths and Misconceptions of PCI DSS
Myth #1 PCI Doesn’t Apply to Me
Myth #2 PCI is Confusing and Ambiguous
Myth #3 PCI DSS is Too Onerous
Myth #4 Breaches Prove PCI DSS Irrelevant
Myth #5 PCI is All We Need For Security
Myth #6 PCI DSS is Really Easy
Myth #7 My Tool is PCI Compliant Thus I Am Compliant
Myth #8 PCI is Toothless
Case Study
Summary
REFERENCES
Index
- Edition: 3
- Published: August 13, 2012
- Language: English
BW
Branden R. Williams
Branden R. Williams (CISSP, CISM, CPISA, CPISM) leads an information security practice in a Global Security Consulting group at a major security firm in Flower Mound, TX and teaches in the NSA Certified Information Assurance program at the University of Dallas's Graduate School of Management. Branden has been involved in information technology since 1994, and focused on information security since 1996. He started consulting on payment security in 2004, assessing companies against the Visa CISP and Mastercard SDP programs. He has a Bachelors of Business Administration in Marketing from the University of Texas, Arlington, and a Masters of Business Administration in Supply Chain Management and Market Logistics from the University of Dallas.
Branden publishes a monthly column in the ISSA Journal entitled "Herding Cats," and authors a blog at http://www.brandenwilliams.com/.
Affiliations and expertise
CISSP, CISM, CPISA, CPISM, and CTO of a Global Security Consulting group at a major security firm in Flower Mound, TXAC
Anton Chuvakin
Dr. Anton Chuvakin is a recognized security expert in the field of log
management and PCI DSS compliance. He is an author of the books "Security Warrior" and "PCI
Compliance" and has contributed to many others, while also publishing dozens of papers on
log management, correlation, data analysis, PCI DSS, and security management. His blog
(http://www.securitywarrior.org) is one of the most popular in the industry.
Additionaly, Anton teaches classes and presents at many security conferences across the world
and he works on emerging security standards and serves on the advisory boards of
several security start-ups. Currently, Anton is developing his security consulting practice,
focusing on logging and PCI DSS compliance for security vendors and Fortune 500 organizations.
Anton earned his Ph.D. from Stony Brook University.
Affiliations and expertise
is a recognized security expert in the field of log management and PCI DSS compliance.Read PCI Compliance on ScienceDirect