PCI Compliance

PCI Compliance

Understand and Implement Effective PCI Data Security Standard Compliance

3rd Edition - August 13, 2012
There is a Newer Edition Available
  • Authors: Branden Williams, Anton Chuvakin
  • eBook ISBN: 9781597499538

Purchase options

Purchase options
DRM-free (PDF, EPub, Mobi)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order

Description

The credit card industry established the PCI Data Security Standards to provide a minimum standard for how vendors should protect data to ensure it is not stolen by fraudsters. PCI Compliance, 3e, provides the information readers need to understand the current PCI Data Security standards, which have recently been updated to version 2.0, and how to effectively implement security within your company to be compliant with the credit card industry guidelines and protect sensitive and personally identifiable information. Security breaches continue to occur on a regular basis, affecting millions of customers and costing companies millions of dollars in fines and reparations. That doesn’t include the effects such security breaches have on the reputation of the companies that suffer attacks. PCI Compliance, 3e, helps readers avoid costly breaches and inefficient compliance initiatives to keep their infrastructure secure.

Key Features

  • Provides a clear explanation of PCI
  • Provides practical case studies, fraud studies, and analysis of PCI
  • The first book to address version 2.0 updates to the PCI DSS, security strategy to keep your infrastructure PCI compliant

Readership

IT Security Professionals (Security Auditors, Security Engineers, Compliance Specialists, etc.), IT Professionals (Network Administrators, IT Managers, Security Managers, Security Analysts, Directors of Security,etc.)

Table of Contents

  • Acknowledgements

    About the Authors

    Foreword

    Chapter 1. About PCI and This Book

    Who Should Read This Book?

    How to Use The Book in Your Daily Job

    What This Book is Not

    Organization of the Book

    Summary

    Chapter 2. Introduction to Fraud, Data Theft, and Related Regulatory Mandates

    Summary

    Chapter 3. Why Is PCI Here?

    What is PCI and Who Must Comply?

    PCI DSS in Depth

    Quick Overview of PCI Requirements

    PCI DSS and Risk

    Benefits of Compliance

    Case Study

    Summary

    REFERENCES

    Chapter 4. Determining and Reducing the PCI Scope

    The Basics of PCI DSS Scoping

    The “Gotchas” of PCI Scope

    Scope Reduction Tips

    Planning Your PCI Project

    Case Study

    Summary

    Chapter 5. Building and Maintaining a Secure Network

    Which PCI DSS Requirements Are in This Domain?

    What Else Can You Do to Be Secure?

    Tools and Best Practices

    Common Mistakes and Pitfalls

    Case Study

    Summary

    Chapter 6. Strong Access Controls

    Which PCI DSS Requirements are in this Domain?

    What Else Can You Do to Be Secure?

    Tools and Best Practices

    Common Mistakes and Pitfalls

    Case Study

    Summary

    Chapter 7. Protecting Cardholder Data

    What is Data Protection and Why is it Needed?

    Requirements Addressed in This Chapter

    PCI Requirement 3: Protect Stored Cardholder Data

    Requirement 3 Walk-Through

    What Else Can You Do to Be Secure?

    PCI Requirement 4 Walk-Through

    Requirement 12 Walk-Through

    Appendix A of PCI DSS

    How to Become Compliant and Secure

    Common Mistakes and Pitfalls

    Case Study

    Summary

    REFERENCES

    Chapter 8. Using Wireless Networking

    What is Wireless Network Security?

    Where is Wireless Network Security in PCI DSS?

    Why Do We Need Wireless Network Security?

    Tools and Best Practices

    Common Mistakes and Pitfalls

    Case Study

    Summary

    Chapter 9. Vulnerability Management

    PCI DSS Requirements Covered

    Vulnerability Management in PCI

    Requirement 5 Walk-Through

    Requirement 6 Walk-Through

    Requirement 11 Walk-Through

    Internal Vulnerability Scanning

    Common PCI Vulnerability Management Mistakes

    Case Study

    Summary

    REFERENCES

    Chapter 10. Logging Events and Monitoring the Cardholder Data Environment

    PCI Requirements Covered

    Why Logging and Monitoring in PCI DSS?

    Logging and Monitoring in Depth

    PCI Relevance of Logs

    Logging in PCI Requirement 10

    Monitoring Data and Log for Security Issues

    Logging and Monitoring in PCI—All Other Requirements

    PCI DSS Logging Policies and Procedures

    Tools For Logging in PCI

    Other Monitoring Tools

    Intrusion Detection and Prevention

    Integrity Monitoring

    Common Mistakes and Pitfalls

    Case Study

    Summary

    Reference

    Chapter 11. PCI for the Small Business

    The Risks of Credit Card Acceptance

    New Business Considerations

    Your POS is Like My POS!

    A Basic Scheme for SMB Hardening

    Case Study

    Summary

    Chapter 12. Managing a PCI DSS Project to Achieve Compliance

    Justifying a Business Case for Compliance

    Bringing the Key Players to the Table

    Budgeting Time and Resources

    Educating Staff

    Project Quickstart Guide

    The PCI DSS Prioritized Approach

    The Visa TIP

    Summary

    REFERENCE

    Chapter 13. Don’t Fear the Assessor

    Remember, Assessors Are There to Help

    Dealing With Assessors’ Mistakes

    Planning for Remediation

    Planning for Reassessing

    Summary

    Chapter 14. The Art of Compensating Control

    What is a Compensating Control?

    Where are Compensating Controls in PCI DSS?

    What a Compensating Control is Not

    Funny Controls You Didn’t Design

    How to Create a Good Compensating Control

    Case Studies

    Summary

    Chapter 15. You’re Compliant, Now What?

    Security is a Process, Not an Event

    Plan for Periodic Review and Training

    PCI Requirements With Periodic Maintenance

    PCI Self-Assessment

    Case Study

    Summary

    Chapter 16. Emerging Technology and Alternative Payment Schemes

    New Payment Schemes

    Predictions

    Taxonomy and Tidbits

    Case Study

    Summary

    Chapter 17. Myths and Misconceptions of PCI DSS

    Myth #1 PCI Doesn’t Apply to Me

    Myth #2 PCI is Confusing and Ambiguous

    Myth #3 PCI DSS is Too Onerous

    Myth #4 Breaches Prove PCI DSS Irrelevant

    Myth #5 PCI is All We Need For Security

    Myth #6 PCI DSS is Really Easy

    Myth #7 My Tool is PCI Compliant Thus I Am Compliant

    Myth #8 PCI is Toothless

    Case Study

    Summary

    REFERENCES

    Index

Product details

  • No. of pages: 360
  • Language: English
  • Copyright: © Syngress 2012
  • Published: August 13, 2012
  • Imprint: Syngress
  • eBook ISBN: 9781597499538
  • About the Authors

    Branden Williams

    Branden R. Williams (CISSP, CISM, CPISA, CPISM) leads an information security practice in a Global Security Consulting group at a major security firm in Flower Mound, TX and teaches in the NSA Certified Information Assurance program at the University of Dallas's Graduate School of Management. Branden has been involved in information technology since 1994, and focused on information security since 1996. He started consulting on payment security in 2004, assessing companies against the Visa CISP and Mastercard SDP programs. He has a Bachelors of Business Administration in Marketing from the University of Texas, Arlington, and a Masters of Business Administration in Supply Chain Management and Market Logistics from the University of Dallas.

    Branden publishes a monthly column in the ISSA Journal entitled "Herding Cats," and authors a blog at http://www.brandenwilliams.com/.

    Affiliations and Expertise

    CISSP, CISM, CPISA, CPISM, and CTO of a Global Security Consulting group at a major security firm in Flower Mound, TX

    Anton Chuvakin

    Dr. Anton Chuvakin is a recognized security expert in the field of log

    management and PCI DSS compliance. He is an author of the books "Security Warrior" and "PCI

    Compliance" and has contributed to many others, while also publishing dozens of papers on

    log management, correlation, data analysis, PCI DSS, and security management. His blog

    (http://www.securitywarrior.org) is one of the most popular in the industry.

    Additionaly, Anton teaches classes and presents at many security conferences across the world

    and he works on emerging security standards and serves on the advisory boards of

    several security start-ups. Currently, Anton is developing his security consulting practice,

    focusing on logging and PCI DSS compliance for security vendors and Fortune 500 organizations.

    Anton earned his Ph.D. from Stony Brook University.

    Affiliations and Expertise

    is a recognized security expert in the field of log management and PCI DSS compliance.