You are previewing PCI Compliance, 3rd Edition.
O'Reilly logo
PCI Compliance, 3rd Edition

Book Description

The credit card industry established the PCI Data Security Standards to provide a minimum standard for how vendors should protect data to ensure it is not stolen by fraudsters. PCI Compliance, 3e, provides the information readers need to understand the current PCI Data Security standards, which have recently been updated to version 2.0, and how to effectively implement security within your company to be compliant with the credit card industry guidelines and protect sensitive and personally identifiable information. Security breaches continue to occur on a regular basis, affecting millions of customers and costing companies millions of dollars in fines and reparations. That doesn’t include the effects such security breaches have on the reputation of the companies that suffer attacks. PCI Compliance, 3e, helps readers avoid costly breaches and inefficient compliance initiatives to keep their infrastructure secure.

*Provides a clear explanation of PCI.

*Provides practical case studies, fraud studies, and analysis of PCI.

*The first book to address version 2.0 updates to the PCI DSS, security strategy to keep your infrastructure PCI compliant.

Table of Contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Acknowledgements
  6. About the Authors
  7. Foreword
  8. Chapter 1. About PCI and This Book
    1. Who Should Read This Book?
    2. How to Use The Book in Your Daily Job
    3. What This Book is Not
    4. Organization of the Book
    5. Summary
  9. Chapter 2. Introduction to Fraud, Data Theft, and Related Regulatory Mandates
    1. Summary
  10. Chapter 3. Why Is PCI Here?
    1. What is PCI and Who Must Comply?
    2. PCI DSS in Depth
    3. Quick Overview of PCI Requirements
    4. PCI DSS and Risk
    5. Benefits of Compliance
    6. Case Study
    7. Summary
  11. Chapter 4. Determining and Reducing the PCI Scope
    1. The Basics of PCI DSS Scoping
    2. The “Gotchas” of PCI Scope
    3. Scope Reduction Tips
    4. Planning Your PCI Project
    5. Case Study
    6. Summary
  12. Chapter 5. Building and Maintaining a Secure Network
    1. Which PCI DSS Requirements Are in This Domain?
    2. What Else Can You Do to Be Secure?
    3. Tools and Best Practices
    4. Common Mistakes and Pitfalls
    5. Case Study
    6. Summary
  13. Chapter 6. Strong Access Controls
    1. Which PCI DSS Requirements are in this Domain?
    2. What Else Can You Do to Be Secure?
    3. Tools and Best Practices
    4. Common Mistakes and Pitfalls
    5. Case Study
    6. Summary
  14. Chapter 7. Protecting Cardholder Data
    1. What is Data Protection and Why is it Needed?
    2. Requirements Addressed in This Chapter
    3. PCI Requirement 3: Protect Stored Cardholder Data
    4. Requirement 3 Walk-Through
    5. What Else Can You Do to Be Secure?
    6. PCI Requirement 4 Walk-Through
    7. Requirement 12 Walk-Through
    8. Appendix A of PCI DSS
    9. How to Become Compliant and Secure
    10. Common Mistakes and Pitfalls
    11. Case Study
    12. Summary
  15. Chapter 8. Using Wireless Networking
    1. What is Wireless Network Security?
    2. Where is Wireless Network Security in PCI DSS?
    3. Why Do We Need Wireless Network Security?
    4. Tools and Best Practices
    5. Common Mistakes and Pitfalls
    6. Case Study
    7. Summary
  16. Chapter 9. Vulnerability Management
    1. PCI DSS Requirements Covered
    2. Vulnerability Management in PCI
    3. Requirement 5 Walk-Through
    4. Requirement 6 Walk-Through
    5. Requirement 11 Walk-Through
    6. Internal Vulnerability Scanning
    7. Common PCI Vulnerability Management Mistakes
    8. Case Study
    9. Summary
  17. Chapter 10. Logging Events and Monitoring the Cardholder Data Environment
    1. PCI Requirements Covered
    2. Why Logging and Monitoring in PCI DSS?
    3. Logging and Monitoring in Depth
    4. PCI Relevance of Logs
    5. Logging in PCI Requirement 10
    6. Monitoring Data and Log for Security Issues
    7. Logging and Monitoring in PCI—All Other Requirements
    8. PCI DSS Logging Policies and Procedures
    9. Tools For Logging in PCI
    10. Other Monitoring Tools
    11. Intrusion Detection and Prevention
    12. Integrity Monitoring
    13. Common Mistakes and Pitfalls
    14. Case Study
    15. Summary
    16. Reference
  18. Chapter 11. PCI for the Small Business
    1. The Risks of Credit Card Acceptance
    2. New Business Considerations
    3. Your POS is Like My POS!
    4. A Basic Scheme for SMB Hardening
    5. Case Study
    6. Summary
  19. Chapter 12. Managing a PCI DSS Project to Achieve Compliance
    1. Justifying a Business Case for Compliance
    2. Bringing the Key Players to the Table
    3. Budgeting Time and Resources
    4. Educating Staff
    5. Project Quickstart Guide
    6. The PCI DSS Prioritized Approach
    7. The Visa TIP
    8. Summary
  20. Chapter 13. Don’t Fear the Assessor
    1. Remember, Assessors Are There to Help
    2. Dealing With Assessors’ Mistakes
    3. Planning for Remediation
    4. Planning for Reassessing
    5. Summary
  21. Chapter 14. The Art of Compensating Control
    1. What is a Compensating Control?
    2. Where are Compensating Controls in PCI DSS?
    3. What a Compensating Control is Not
    4. Funny Controls You Didn’t Design
    5. How to Create a Good Compensating Control
    6. Case Studies
    7. Summary
  22. Chapter 15. You’re Compliant, Now What?
    1. Security is a Process, Not an Event
    2. Plan for Periodic Review and Training
    3. PCI Requirements With Periodic Maintenance
    4. PCI Self-Assessment
    5. Case Study
    6. Summary
  23. Chapter 16. Emerging Technology and Alternative Payment Schemes
    1. New Payment Schemes
    2. Predictions
    3. Taxonomy and Tidbits
    4. Case Study
    5. Summary
  24. Chapter 17. Myths and Misconceptions of PCI DSS
    1. Myth #1 PCI Doesn’t Apply to Me
    2. Myth #2 PCI is Confusing and Ambiguous
    3. Myth #3 PCI DSS is Too Onerous
    4. Myth #4 Breaches Prove PCI DSS Irrelevant
    5. Myth #5 PCI is All We Need For Security
    6. Myth #6 PCI DSS is Really Easy
    7. Myth #7 My Tool is PCI Compliant Thus I Am Compliant
    8. Myth #8 PCI is Toothless
    9. Case Study
    10. Summary
  25. Index