PCI Compliance - 3rd Edition - ISBN: 9781597499484, 9781597499538

PCI Compliance

3rd Edition

Understand and Implement Effective PCI Data Security Standard Compliance

Authors: Branden Williams Anton Chuvakin
eBook ISBN: 9781597499538
Paperback ISBN: 9781597499484
Imprint: Syngress
Published Date: 13th August 2012
Page Count: 360
Tax/VAT will be calculated at check-out
59.95
36.99
45.95
Unavailable
File Compatibility per Device

PDF, EPUB, VSB (Vital Source):
PC, Apple Mac, iPhone, iPad, Android mobile devices.

Mobi:
Amazon Kindle eReader.

Institutional Access

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.

Description

The credit card industry established the PCI Data Security Standards to provide a minimum standard for how vendors should protect data to ensure it is not stolen by fraudsters. PCI Compliance, 3e, provides the information readers need to understand the current PCI Data Security standards, which have recently been updated to version 2.0, and how to effectively implement security within your company to be compliant with the credit card industry guidelines and protect sensitive and personally identifiable information. Security breaches continue to occur on a regular basis, affecting millions of customers and costing companies millions of dollars in fines and reparations. That doesn’t include the effects such security breaches have on the reputation of the companies that suffer attacks. PCI Compliance, 3e, helps readers avoid costly breaches and inefficient compliance initiatives to keep their infrastructure secure.

Key Features

  • Provides a clear explanation of PCI
  • Provides practical case studies, fraud studies, and analysis of PCI
  • The first book to address version 2.0 updates to the PCI DSS, security strategy to keep your infrastructure PCI compliant

Readership

IT Security Professionals (Security Auditors, Security Engineers, Compliance Specialists, etc.), IT Professionals (Network Administrators, IT Managers, Security Managers, Security Analysts, Directors of Security,etc.)

Table of Contents

Acknowledgements

About the Authors

Foreword

Chapter 1. About PCI and This Book

Who Should Read This Book?

How to Use The Book in Your Daily Job

What This Book is Not

Organization of the Book

Summary

Chapter 2. Introduction to Fraud, Data Theft, and Related Regulatory Mandates

Summary

Chapter 3. Why Is PCI Here?

What is PCI and Who Must Comply?

PCI DSS in Depth

Quick Overview of PCI Requirements

PCI DSS and Risk

Benefits of Compliance

Case Study

Summary

REFERENCES

Chapter 4. Determining and Reducing the PCI Scope

The Basics of PCI DSS Scoping

The “Gotchas” of PCI Scope

Scope Reduction Tips

Planning Your PCI Project

Case Study

Summary

Chapter 5. Building and Maintaining a Secure Network

Which PCI DSS Requirements Are in This Domain?

What Else Can You Do to Be Secure?

Tools and Best Practices

Common Mistakes and Pitfalls

Case Study

Summary

Chapter 6. Strong Access Controls

Which PCI DSS Requirements are in this Domain?

What Else Can You Do to Be Secure?

Tools and Best Practices

Common Mistakes and Pitfalls

Case Study

Summary

Chapter 7. Protecting Cardholder Data

What is Data Protection and Why is it Needed?

Requirements Addressed in This Chapter

PCI Requirement 3: Protect Stored Cardholder Data

Requirement 3 Walk-Through

What Else Can You Do to Be Secure?

PCI Requirement 4 Walk-Through

Requirement 12 Walk-Through

Appendix A of PCI DSS

How to Become Compliant and Secure

Common Mistakes and Pitfalls

Case Study

Summary

REFERENCES

Chapter 8. Using Wireless Networking

What is Wireless Network Security?

Where is Wireless Network Security in PCI DSS?

Why Do We Need Wireless Network Security?

Tools and Best Practices

Common Mistakes and Pitfalls

Case Study

Summary

Chapter 9. Vulnerability Management

PCI DSS Requirements Covered

Vulnerability Management in PCI

Requirement 5 Walk-Through

Requirement 6 Walk-Through

Requirement 11 Walk-Through

Internal Vulnerability Scanning

Common PCI Vulnerability Management Mistakes

Case Study

Summary

REFERENCES

Chapter 10. Logging Events and Monitoring the Cardholder Data Environment

PCI Requirements Covered

Why Logging and Monitoring in PCI DSS?

Logging and Monitoring in Depth

PCI Relevance of Logs

Logging in PCI Requirement 10

Monitoring Data and Log for Security Issues

Logging and Monitoring in PCI—All Other Requirements

PCI DSS Logging Policies and Procedures

Tools For Logging in PCI

Other Monitoring Tools

Intrusion Detection and Prevention

Integrity Monitoring

Common Mistakes and Pitfalls

Case Study

Summary

Reference

Chapter 11. PCI for the Small Business

The Risks of Credit Card Acceptance

New Business Considerations

Your POS is Like My POS!

A Basic Scheme for SMB Hardening

Case Study

Summary

Chapter 12. Managing a PCI DSS Project to Achieve Compliance

Justifying a Business Case for Compliance

Bringing the Key Players to the Table

Budgeting Time and Resources

Educating Staff

Project Quickstart Guide

The PCI DSS Prioritized Approach

The Visa TIP

Summary

REFERENCE

Chapter 13. Don’t Fear the Assessor

Remember, Assessors Are There to Help

Dealing With Assessors’ Mistakes

Planning for Remediation

Planning for Reassessing

Summary

Chapter 14. The Art of Compensating Control

What is a Compensating Control?

Where are Compensating Controls in PCI DSS?

What a Compensating Control is Not

Funny Controls You Didn’t Design

How to Create a Good Compensating Control

Case Studies

Summary

Chapter 15. You’re Compliant, Now What?

Security is a Process, Not an Event

Plan for Periodic Review and Training

PCI Requirements With Periodic Maintenance

PCI Self-Assessment

Case Study

Summary

Chapter 16. Emerging Technology and Alternative Payment Schemes

New Payment Schemes

Predictions

Taxonomy and Tidbits

Case Study

Summary

Chapter 17. Myths and Misconceptions of PCI DSS

Myth #1 PCI Doesn’t Apply to Me

Myth #2 PCI is Confusing and Ambiguous

Myth #3 PCI DSS is Too Onerous

Myth #4 Breaches Prove PCI DSS Irrelevant

Myth #5 PCI is All We Need For Security

Myth #6 PCI DSS is Really Easy

Myth #7 My Tool is PCI Compliant Thus I Am Compliant

Myth #8 PCI is Toothless

Case Study

Summary

REFERENCES

Index

Details

No. of pages:
360
Language:
English
Copyright:
© Syngress 2012
Published:
Imprint:
Syngress
eBook ISBN:
9781597499538
Paperback ISBN:
9781597499484

About the Author

Branden Williams

Branden R. Williams (CISSP, CISM, CPISA, CPISM) leads an information security practice in a Global Security Consulting group at a major security firm in Flower Mound, TX and teaches in the NSA Certified Information Assurance program at the University of Dallas's Graduate School of Management. Branden has been involved in information technology since 1994, and focused on information security since 1996. He started consulting on payment security in 2004, assessing companies against the Visa CISP and Mastercard SDP programs. He has a Bachelors of Business Administration in Marketing from the University of Texas, Arlington, and a Masters of Business Administration in Supply Chain Management and Market Logistics from the University of Dallas.

Branden publishes a monthly column in the ISSA Journal entitled "Herding Cats," and authors a blog at http://www.brandenwilliams.com/.

Affiliations and Expertise

CISSP, CISM, CPISA, CPISM, and CTO of a Global Security Consulting group at a major security firm in Flower Mound, TX

Anton Chuvakin

Dr. Anton Chuvakin is a recognized security expert in the field of log

management and PCI DSS compliance. He is an author of the books "Security Warrior" and "PCI

Compliance" and has contributed to many others, while also publishing dozens of papers on

log management, correlation, data analysis, PCI DSS, and security management. His blog

(http://www.securitywarrior.org) is one of the most popular in the industry.

Additionaly, Anton teaches classes and presents at many security conferences across the world

and he works on emerging security standards and serves on the advisory boards of

several security start-ups. Currently, Anton is developing his security consulting practice,

focusing on logging and PCI DSS compliance for security vendors and Fortune 500 organizations.

Anton earned his Ph.D. from Stony Brook University.

Affiliations and Expertise

is a recognized security expert in the field of log management and PCI DSS compliance.

Reviews

"Williams and Chuvakin provide background on Version 2.0 of the Payment Card Industry Data Security Standard (PCI DSS), the minimum standard with which vendors must comply to ensure data security. They also provide instruction on how to implement security that is in compliance with industry guidelines and successfully ensures the safety of sensitive and personally identifiable information." --Reference and Research Book News, August 2013