PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance, Second Edition, discusses not only how to apply PCI in a practical and cost-effective way but more importantly why. The book explains what the Payment Card Industry Data Security Standard (PCI DSS) is and why it is here to stay; how it applies to information technology (IT) and information security professionals and their organization; how to deal with PCI assessors; and how to plan and manage PCI DSS project. It also describes the technologies referenced by PCI DSS and how PCI DSS relates to laws, frameworks, and regulations.This book is for IT managers and company managers who need to understand how PCI DSS applies to their organizations. It is for the small- and medium-size businesses that do not have an IT department to delegate to. It is for large organizations whose PCI DSS project scope is immense. It is also for all organizations that need to grasp the concepts of PCI DSS and how to implement an effective security framework that is also compliant. - Completely updated to follow the PCI DSS standard 1.2.1 - Packed with help to develop and implement an effective security strategy to keep infrastructure compliant and secure - Both authors have broad information security backgrounds, including extensive PCI DSS experience
Autorentext
Dr. Anton Chuvakin is a recognized security expert in the field of log
management and PCI DSS compliance. He is an author of the books "Security Warrior" and "PCI
Compliance" and has contributed to many others, while also publishing dozens of papers on
log management, correlation, data analysis, PCI DSS, and security management. His blog
(http://www.securitywarrior.org) is one of the most popular in the industry.
Additionaly, Anton teaches classes and presents at many security conferences across the world
and he works on emerging security standards and serves on the advisory boards of
several security start-ups. Currently, Anton is developing his security consulting practice,
focusing on logging and PCI DSS compliance for security vendors and Fortune 500 organizations.
Anton earned his Ph.D. from Stony Brook University.
Inhalt
Foreword Acknowledgments Chapter 1: About PCI and This Book Chapter 2: Introduction to Fraud, ID Theft, and Regulatory Mandates Chapter 3: Why Is PCI Here? Chapter 4: Building and Maintaining a Secure Network Chapter 5: Strong Access Controls Chapter 6: Protecting Cardholder Data Chapter 7: Using Wireless Networking Chapter 8: Vulnerability Management Chapter 9: Logging Events and Monitoring the Cardholder Data Environment Chapter 10: Managing a PCI DSS Project to Acheive Compliance Chapter 11: Don't Fear the Assessor Chapter 12: The Art of Compensating Control Chapter 13: You're Compliant, Now What? Chapter 14: PCI and Other Laws, Mandates, and Frameworks Chapter 15: Myths and Misconceptions of PCI DSS