Intended for IT managers, this guide introduces the payment card industry data security standard (PCI DSS), describes the components of a secure network, and suggests steps for planning a project to meet compliance. The 12 PCI DSS requirements are addressed individually with action items for access control, cardholder data protection, wireless network security, vulnerability management, and event logging. The second edition covers PCI DSS version 1.2.1. Annotation ©2011 Book News, Inc., Portland, OR (booknews.com)
Identity theft and other confidential information theft have now topped the charts as the #1 cybercrime. In particular, credit card data is preferred by cybercriminals. Is your payment processing secure and compliant? Now in its second edition, PCI Compliance has been revised to follow the new PCI DSS standard 1.2.1. Also new to this edition: Each chapter has how-to guidance to walk you through implementing concepts, and real-world scenarios to help you relate to the information and better grasp how it impacts your data. This book provides the information that you need to understand the current PCI Data Security standards and how to effectively implement security on the network infrastructure in order to be compliant with the credit card industry guidelines and protect sensitive and personally identifiable information.
- Completely updated to follow the PCI DSS standard 1.2.1
- Packed with help to develop and implement an effective security strategy to keep infrastructure compliant and secure
- Both authors have broad information security backgrounds, including extensive PCI DSS experience
Identity theft and other confidential information theft have now topped the charts as the #1 cybercrime. In particular, credit card data is preferred by cybercriminals. Is your payment processing secure and compliant? Now in its second edition, PCI Compliance has been revised to follow the new PCI DSS standard 1.2.1. Also new to this edition: Each chapter has how-to guidance to walk you through implementing concepts, and real-world scenarios to help you relate to the information and better grasp how it impacts your data. This book provides the information that you need to understand the current PCI Data Security standards and how to effectively implement security on the network infrastructure in order to be compliant with the credit card industry guidelines and protect sensitive and personally identifiable information.
- Completely updated to follow the PCI DSS standard 1.2.1
- Packed with help to develop and implement an effective security strategy to keep infrastructure compliant and secure
- Both authors have broad information security backgrounds, including extensive PCI DSS experience
Recenzijas
"Finally we have a solid and comprehensive reference for PCI. This book explains in great detail not only how to apply PCI in a practical and cost-effective way, but more importantly why." --Joel Weise, Information Systems Security Association (ISSA) founder and chairman of the ISSA Journal Editorial Advisory Board
"Overall, PCI Compliance is a valuable book for one of the most sensible security standards ever put forth. Anyone who has PCI responsibilities or wants to gain a quick understanding of the PCI DSS requirements will find it quite valuable." --Security Management
"Intended for IT managers, this guide introduces the payment card industry data security standard (PCI DSS), describes the components of a secure network, and suggests steps for planning a project to meet compliance. The 12 PCI DSS requirements are addressed individually with action items for access control, cardholder data protection, wireless network security, vulnerability management, and event logging. The second edition covers PCI DSS version 1.2.1." --SciTech Book News
Foreword
Acknowledgments
1. About PCI and This Book
2. Introduction to Fraud, ID Theft, and Regulatory Mandates
3. Why Is PCI Here?
4. Building and Maintaining a Secure Network
5. Strong Access Controls
6. Protecting Cardholder Data
7. Using Wireless Networking
8. Vulnerability Management
9. Logging Events and Monitoring the Cardholder Data Environment
10. Managing a PCI DSS Project to Acheive Compliance
11. Don't Fear the Assessor
12. The Art of Compensating Control
13. You're Compliant, Now What?
14. PCI and Other Laws, Mandates, and Frameworks
15. Myths and Misconceptions of PCI DSS
Dr. Anton Chuvakin is a recognized security expert in the field of logmanagement and PCI DSS compliance. He is an author of the books "Security Warrior" and "PCICompliance" and has contributed to many others, while also publishing dozens of papers on log management, correlation, data analysis, PCI DSS, and security management. His blog(http://www.securitywarrior.org) is one of the most popular in the industry.Additionaly, Anton teaches classes and presents at many security conferences across the worldand he works on emerging security standards and serves on the advisory boards ofseveral security start-ups. Currently, Anton is developing his security consulting practice, focusing on logging and PCI DSS compliance for security vendors and Fortune 500 organizations.Anton earned his Ph.D. from Stony Brook University. Branden R. Williams (CISSP, CISM, CPISA, CPISM) leads an information security practice in a Global Security Consulting group at a major security firm in Flower Mound, TX and teaches in the NSA Certified Information Assurance program at the University of Dallas's Graduate School of Management. Branden has been involved in information technology since 1994, and focused on information security since 1996. He started consulting on payment security in 2004, assessing companies against the Visa CISP and Mastercard SDP programs. He has a Bachelors of Business Administration in Marketing from the University of Texas, Arlington, and a Masters of Business Administration in Supply Chain Management and Market Logistics from the University of Dallas.Branden publishes a monthly column in the ISSA Journal entitled "Herding Cats," and authors a blog at http://www.brandenwilliams.com/.
