Read more
PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance, Second Edition, discusses not only how to apply PCI in a practical and cost-effective way but more importantly why. The book explains what the Payment Card Industry Data Security Standard (PCI DSS) is and why it is here to stay; how it applies to information technology (IT) and information security professionals and their organization; how to deal with PCI assessors; and how to plan and manage PCI DSS project. It also describes the technologies referenced by PCI DSS and how PCI DSS relates to laws, frameworks, and regulations.
This book is for IT managers and company managers who need to understand how PCI DSS applies to their organizations. It is for the small- and medium-size businesses that do not have an IT department to delegate to. It is for large organizations whose PCI DSS project scope is immense. It is also for all organizations that need to grasp the concepts of PCI DSS and how to implement an effective security framework that is also compliant.
Completely updated to follow the PCI DSS standard 1.2.1
Packed with help to develop and implement an effective security strategy to keep infrastructure compliant and secure
Both authors have broad information security backgrounds, including extensive PCI DSS experience
List of contents
Foreword Acknowledgments Chapter 1: About PCI and This Book Chapter 2: Introduction to Fraud, ID Theft, and Regulatory Mandates Chapter 3: Why Is PCI Here? Chapter 4: Building and Maintaining a Secure Network Chapter 5: Strong Access Controls Chapter 6: Protecting Cardholder Data Chapter 7: Using Wireless Networking Chapter 8: Vulnerability Management Chapter 9: Logging Events and Monitoring the Cardholder Data Environment Chapter 10: Managing a PCI DSS Project to Acheive Compliance Chapter 11: Don't Fear the Assessor Chapter 12: The Art of Compensating Control Chapter 13: You're Compliant, Now What? Chapter 14: PCI and Other Laws, Mandates, and Frameworks Chapter 15: Myths and Misconceptions of PCI DSS
About the author
Dr. Anton Chuvakin, Ph.D., GCIH, GCFA is a recognized security expert and book author. His current role is PCI Solutions Director at Qualys. His past roles included Chief Logging Evangelist with LogLogic, a log management company, and a Chief Security Strategist with another security company.§He participates in various security industry initiatives and standards organizations.
Report
"Finally we have a solid and comprehensive reference for PCI. This book explains in great detail not only how to apply PCI in a practical and cost-effective way, but more importantly why."-- Joel Weise , Information Systems Security Association (ISSA) founder and chairman of the ISSA Journal Editorial Advisory Board
"Overall, PCI Compliance is a valuable book for one of the most sensible security standards ever put forth. Anyone who has PCI responsibilities or wants to gain a quick understanding of the PCI DSS requirements will find it quite valuable."-- Security Management
"Intended for IT managers, this guide introduces the payment card industry data security standard (PCI DSS), describes the components of a secure network, and suggests steps for planning a project to meet compliance. The 12 PCI DSS requirements are addressed individually with action items for access control, cardholder data protection, wireless network security, vulnerability management, and event logging. The second edition covers PCI DSS version 1.2.1."-- SciTech Book News
