You are previewing PCI Compliance.
O'Reilly logo
PCI Compliance

Book Description

Identity theft has been steadily rising in recent years, and credit card data is one of the number one targets for identity theft. With a few pieces of key information. Organized crime has made malware development and computer networking attacks more professional and better defenses are necessary to protect against attack. The credit card industry established the PCI Data Security standards to provide a baseline expectancy for how vendors, or any entity that handles credit card transactions or data, should protect data to ensure it is not stolen or compromised. This book will provide the information that you need to understand the PCI Data Security standards and how to effectively implement security on the network infrastructure in order to be compliant with the credit card industry guidelines and protect sensitive and personally identifiable information.

* PCI Data Security standards apply to every company globally that processes or transmits credit card transaction data
* Information to develop and implement an effective security strategy to keep infrastructures compliant
* Well known authors have extensive information security backgrounds

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright
  4. Technical Editor
  5. Acknowledgements
  6. Dedication
  7. Contributors
  8. Table of Contents
  9. Chapter 1: About PCI and This Book
    1. Introduction
  10. Chapter 2: Introduction to Fraud, ID Theft and Regulatory Mandates
  11. Chapter 3: Why PCI Is Important
    1. Introduction
    2. What is PCI?
    3. Overview of PCI Requirements
    4. Benefits of Compliance
    5. Summary
    6. Solutions Fast Track
    7. Frequently Asked Questions
  12. Chapter 4: Building & Maintaining a Secure Network
    1. Introduction
    2. Installing and Maintaining a Firewall Configuration
    3. Choosing an Intrusion Detection or Intrusion Prevention System
    4. Antivirus Solutions
    5. System Defaults and Other Security Parameters
    6. Summary
    7. Solutions Fast Track
    8. Frequently Asked Questions
  13. Chapter 5: Protect Cardholder Data
    1. Protecting Cardholder Data
    2. PCI Requirement 3: Protect Stored Cardholder Data
    3. PCI Requirement 4—Encrypt Transmission of Cardholder Data Across Open, Public Networks
    4. Using Compensating Controls
    5. Mapping Out a Strategy
    6. The Absolute Essentials
    7. Summary
    8. Solutions Fast Track
    9. Frequently Asked Questions
  14. Chapter 6: Logging Access & Events Chapter
    1. Introduction to Logging
    2. Logging in PCI Requirement 10
    3. Logging in PCI – All Other Requirements
    4. Tools for Logging in PCI
    5. Case Studies
    6. Summary
    7. Solutions Fast Track
    8. Frequently Asked Questions
  15. Chapter 7: Strong Access Control
    1. Introduction
    2. Principles of Access Control
    3. Authentication and Authorization
    4. PCI and Access Control
    5. Configuring Systems to Enforce PCI Compliance
    6. Physical Security
    7. Summary
    8. Solutions Fast Track
    9. Frequently Asked Questions
  16. Chapter 8: Vulnerability Management
    1. Introduction
    2. Vulnerability Management in PCI
    3. Requirement 5 Walkthrough
    4. Requirement 6 Walkthrough
    5. Requirement 11 Walkthrough
    6. Common PCI Vulnerability Management Mistakes
    7. Case Studies
    8. Summary
    9. Solutions Fast Track
    10. Frequently Asked Questions
  17. Chapter 9: Monitoring and Testing
    1. Introduction
    2. Monitoring Your PCI DSS Environment
    3. Auditing Network and Data Access
    4. Testing Your Monitoring Systems and Processes
    5. Solutions Fast Track
    6. Frequently Asked Questions
  18. Chapter 10: How to Plan a Project to Meet Compliance
    1. Introduction
    2. Justifying a Business Case for Compliance
    3. Bringing All the Players to the Table
    4. Helping to Budget Time and Resources
    5. How to Inform/Train Staff on Issues
    6. Where to Start: The First Steps
    7. Summary
    8. Solutions Fast Track
    9. Frequently Asked Questions
  19. Chapter 11: Responsibilities
    1. Introduction
    2. Whose Responsibility Is It?
    3. Incident Response
    4. Business Continuity
    5. Summary
    6. Frequently Asked Questions
  20. Chapter 12: Planning to Fail Your First Audit
    1. Introduction
    2. Remember, Auditors Are There to Help You
    3. Dealing With Auditor’s Mistakes
    4. Planning for Remediation
    5. Planning For Your Retest
    6. Summary
    7. Solutions Fast Track
    8. Frequently Asked Questions
  21. Chapter 13: You're Compliant, Now What
    1. Introduction
    2. Security is a PROCESS, Not an Event
    3. Plan for Periodic Review and Training, Don’t Stop Now!
    4. PCI Self-Audit
    5. Summary
    6. Solutions Fast Track
    7. Frequently Asked Questions
  22. Index
  23. Instruction for Online Access