PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance, Second Edition, discusses not only how to apply PCI in a practical and cost-effective way but more importantly why. The book explains what the Payment Card Industry Data Security Standard (PCI DSS) is and why it is here to stay; how it applies to information technology (IT) and information security professionals and their organization; how to deal with PCI assessors; and how to plan and manage PCI DSS project. It also describes the technologies referenced by PCI DSS and how PCI DSS relates to laws, frameworks, and regulations.
This book is for IT managers and company managers who need to understand how PCI DSS applies to their organizations. It is for the small- and medium-size businesses that do not have an IT department to delegate to. It is for large organizations whose PCI DSS project scope is immense. It is also for all organizations that need to grasp the concepts of PCI DSS and how to implement an effective security framework that is also compliant.
- Completely updated to follow the PCI DSS standard 1.2.1
- Packed with help to develop and implement an effective security strategy to keep infrastructure compliant and secure
- Both authors have broad information security backgrounds, including extensive PCI DSS experience
IT Professionals responsible for implementing cardholder environments. This would include Network, Server, application developers, database managers, as well as numerous security personnel.
Foreword Acknowledgments Author the Authors Chapter 1 About PCI and This Book Who Should Read This Book? How to Use the Book in Your Daily Job What this Book is NOT Organization of the Book Summary Chapter 2 Introduction to Fraud, ID Theft, and Regulatory Mandates Summary Chapter 3 Why Is PCI Here? What Is PCI and Who Must Comply? Electronic Card Payment Ecosystem Goal of PCI DSS Applicability of PCI DSS PCI DSS in Depth Compliance Deadlines Compliance and Validation History of PCI DSS PCI Council QSAs ASVs Quick Overview of PCI Requirements Changes to PCI DSS PCI DSS and Risk Benefits of Compliance Case Study The Case of the Developing Security Program The Case of the Confusing Validation Requirements Summary References Chapter 4 Building and Maintaining a Secure Network Which PCI DSS Requirements Are in This Domain? Establish Firewall Configuration Standards Denying Traffic from Untrusted Networks and Hosts Restricting Connections Personal Firewalls Other Considerations for Requirement 1 The Oddball Requirement 11.4 Requirement 2: Defaults and Other Security Parameters Develop Configuration Standards Implement Single Purpose Servers Configure System Security Parameters Encrypt Nonconsole Administrative Access Hosting Providers Must Protect Shared Hosted Environment What Else Can You Do to Be Secure? Tools and Best Practices Common Mistakes and Pitfalls Egress Filtering Documentation System Defaults Case Study The Case of the Small, Flat Store Network The Case of the Large, Flat Corporate Network Summary Chapter 5 Strong Access Controls Which PCI DSS Requirements Are in
- No. of pages:
- © Syngress 2010
- 1st December 2009
- eBook ISBN:
- Paperback ISBN:
Dr. Anton Chuvakin is a recognized security expert in the field of log management and PCI DSS compliance. He is an author of the books "Security Warrior" and "PCI Compliance" and has contributed to many others, while also publishing dozens of papers on log management, correlation, data analysis, PCI DSS, and security management. His blog (http://www.securitywarrior.org) is one of the most popular in the industry. Additionaly, Anton teaches classes and presents at many security conferences across the world and he works on emerging security standards and serves on the advisory boards of several security start-ups. Currently, Anton is developing his security consulting practice, focusing on logging and PCI DSS compliance for security vendors and Fortune 500 organizations. Anton earned his Ph.D. from Stony Brook University.
is a recognized security expert in the field of log management and PCI DSS compliance.
Branden R. Williams (CISSP, CISM, CPISA, CPISM) leads an information security practice in a Global Security Consulting group at a major security firm in Flower Mound, TX and teaches in the NSA Certified Information Assurance program at the University of Dallas's Graduate School of Management. Branden has been involved in information technology since 1994, and focused on information security since 1996. He started consulting on payment security in 2004, assessing companies against the Visa CISP and Mastercard SDP programs. He has a Bachelors of Business Administration in Marketing from the University of Texas, Arlington, and a Masters of Business Administration in Supply Chain Management and Market Logistics from the University of Dallas. Branden publishes a monthly column in the ISSA Journal entitled "Herding Cats," and authors a blog at http://www.brandenwilliams.com/.
CISSP, CISM, CPISA, CPISM, and CTO of a Global Security Consulting group at a major security firm in Flower Mound, TX
"Finally we have a solid and comprehensive reference for PCI. This book explains in great detail not only how to apply PCI in a practical and cost-effective way, but more importantly why."--Joel Weise, Information Systems Security Association (ISSA) founder and chairman of the ISSA Journal Editorial Advisory Board
"Overall, PCI Compliance is a valuable book for one of the most sensible security standards ever put forth. Anyone who has PCI responsibilities or wants to gain a quick understanding of the PCI DSS requirements will find it quite valuable."--Security Management
"Intended for IT managers, this guide introduces the payment card industry data security standard (PCI DSS), describes the components of a secure network, and suggests steps for planning a project to meet compliance. The 12 PCI DSS requirements are addressed individually with action items for access control, cardholder data protection, wireless network security, vulnerability management, and event logging. The second edition covers PCI DSS version 1.2.1."--SciTech Book News