You are previewing PCI DSS: A Practical Guide to implementing and maintaining compliance, Third Edition.
O'Reilly logo
PCI DSS: A Practical Guide to implementing and maintaining compliance, Third Edition

Book Description

A concise, easy to follow reference to PCI DSS compliance

This practical guide gives you a step by step guide to achieving Payment Card Industry Data Security Standard (PCI DSS) compliance – showing you how to create, design and build a PCI compliance framework.

The objective of this revised PCI DSS practical guide is to give entities advice and tips on the entire PCI implementation process. It provides a roadmap, helping entities to navigate the broad, and sometimes confusing, PCI DSS v2, and shows them how to build and maintain a sustainable PCI DSS compliance programme.

This latest revision includes increased guidance on how to ensure your PCI DSS compliance programme is 'sustainable' and has been based on real-life scenarios, which should help to ensure your PCI compliance programme remains compliant.

An ideal, non-technical introduction to PCI DSS

  • Save time and money with an easy to follow route-map to achieving PCI DSS compliance
  • Understand the fundamental details of PCI DSS compliance
  • Build your business case for PCI DSS compliance by providing the key information needed

There is a huge amount of information on the PCI DSS freely available online, but it doesn't always answer your fundamental questions. Whether you're a manager, executive or director involved in the PCI compliance process as part of your day to day activities, then this book also functions as a key support reference.

"

Table of Contents

  1. Cover
  2. Title
  3. Copyright
  4. Foreword
  5. Preface
  6. About the Author
  7. Contents
  8. Background
  9. Chapter 1: Step 1 – Establishing The Pci Project
    1. What is the project initiation workshop objective?
    2. What are the workshop deliverables?
  10. Chapter 2: Step 2 – Determine The Scope
    1. Scoping the PCI target environment
    2. The approach used to determine the exact scope
  11. Chapter 3: Step 3 – Review The Information Security Policy
  12. Chapter 4: Step 4 – Conduct Gap Analysis
    1. Gap analysis objectives
    2. Gap analysis approach
    3. PCI gap analysis reporting and security improvement plan
  13. Chapter 5: Step 5 – Conduct Risk Analysis
    1. The goal of the risk management process
    2. The benefits of risk management
    3. The elements of the risk management process
  14. Chapter 6: Step 6 – Establish The Baseline
    1. Build and maintain a secure network
    2. Protect cardholder data
    3. Maintain a vulnerability management programme
    4. Implement strong access control measures
    5. Regularly monitor and test networks
    6. Maintain an information security policy
  15. Chapter 7: Step 7 – Auditing
    1. Initiation of the audit (objectives and scope)
    2. Auditor preparation
    3. Conduct the audit
    4. Report the findings
    5. Agree follow-up action and clearance of any findings
  16. Chapter 8: Step 8 – Remediation Planning
  17. Chapter 9: Step 9 – Maintaining And Demonstrating Compliance
    1. Validation requirements
    2. How to meet these requirements
    3. Using log management information for PCI compliance
    4. Regular monitoring and testing
    5. Arriving where you want to be: PCI compliant
    6. Demonstrating compliance – ROC
  18. Chapter 10: Pci Dss And Iso27001
    1. PCI and ISO27001 – the comparisons
  19. Appendix 1 – Project Checklist
  20. Appendix 2 – Pci Dss Project Plan
  21. Appendix 3 – Bibliography And Sources
  22. Appendix 4 – Further Useful Information
  23. Appendix 5 – Pci Dss Mapping To ISO27001
  24. ITG Resources