Home Page Icon
Home Page
Table of Contents for
Cover image
Close
Cover image
by Anton Chuvakin, Branden R. Williams
PCI Compliance, 3rd Edition
Cover image
Title page
Table of Contents
Copyright
Acknowledgements
About the Authors
Foreword
Chapter 1. About PCI and This Book
Who Should Read This Book?
How to Use The Book in Your Daily Job
What This Book is Not
Organization of the Book
Summary
Chapter 2. Introduction to Fraud, Data Theft, and Related Regulatory Mandates
Summary
Chapter 3. Why Is PCI Here?
What is PCI and Who Must Comply?
PCI DSS in Depth
Quick Overview of PCI Requirements
PCI DSS and Risk
Benefits of Compliance
Case Study
Summary
REFERENCES
Chapter 4. Determining and Reducing the PCI Scope
The Basics of PCI DSS Scoping
The “Gotchas” of PCI Scope
Scope Reduction Tips
Planning Your PCI Project
Case Study
Summary
Chapter 5. Building and Maintaining a Secure Network
Which PCI DSS Requirements Are in This Domain?
What Else Can You Do to Be Secure?
Tools and Best Practices
Common Mistakes and Pitfalls
Case Study
Summary
Chapter 6. Strong Access Controls
Which PCI DSS Requirements are in this Domain?
What Else Can You Do to Be Secure?
Tools and Best Practices
Common Mistakes and Pitfalls
Case Study
Summary
Chapter 7. Protecting Cardholder Data
What is Data Protection and Why is it Needed?
Requirements Addressed in This Chapter
PCI Requirement 3: Protect Stored Cardholder Data
Requirement 3 Walk-Through
What Else Can You Do to Be Secure?
PCI Requirement 4 Walk-Through
Requirement 12 Walk-Through
Appendix A of PCI DSS
How to Become Compliant and Secure
Common Mistakes and Pitfalls
Case Study
Summary
REFERENCES
Chapter 8. Using Wireless Networking
What is Wireless Network Security?
Where is Wireless Network Security in PCI DSS?
Why Do We Need Wireless Network Security?
Tools and Best Practices
Common Mistakes and Pitfalls
Case Study
Summary
Chapter 9. Vulnerability Management
PCI DSS Requirements Covered
Vulnerability Management in PCI
Requirement 5 Walk-Through
Requirement 6 Walk-Through
Requirement 11 Walk-Through
Internal Vulnerability Scanning
Common PCI Vulnerability Management Mistakes
Case Study
Summary
REFERENCES
Chapter 10. Logging Events and Monitoring the Cardholder Data Environment
PCI Requirements Covered
Why Logging and Monitoring in PCI DSS?
Logging and Monitoring in Depth
PCI Relevance of Logs
Logging in PCI Requirement 10
Monitoring Data and Log for Security Issues
Logging and Monitoring in PCI—All Other Requirements
PCI DSS Logging Policies and Procedures
Tools For Logging in PCI
Other Monitoring Tools
Intrusion Detection and Prevention
Integrity Monitoring
Common Mistakes and Pitfalls
Case Study
Summary
Reference
Chapter 11. PCI for the Small Business
The Risks of Credit Card Acceptance
New Business Considerations
Your POS is Like My POS!
A Basic Scheme for SMB Hardening
Case Study
Summary
Chapter 12. Managing a PCI DSS Project to Achieve Compliance
Justifying a Business Case for Compliance
Bringing the Key Players to the Table
Budgeting Time and Resources
Educating Staff
Project Quickstart Guide
The PCI DSS Prioritized Approach
The Visa TIP
Summary
REFERENCE
Chapter 13. Don’t Fear the Assessor
Remember, Assessors Are There to Help
Dealing With Assessors’ Mistakes
Planning for Remediation
Planning for Reassessing
Summary
Chapter 14. The Art of Compensating Control
What is a Compensating Control?
Where are Compensating Controls in PCI DSS?
What a Compensating Control is Not
Funny Controls You Didn’t Design
How to Create a Good Compensating Control
Case Studies
Summary
Chapter 15. You’re Compliant, Now What?
Security is a Process, Not an Event
Plan for Periodic Review and Training
PCI Requirements With Periodic Maintenance
PCI Self-Assessment
Case Study
Summary
Chapter 16. Emerging Technology and Alternative Payment Schemes
New Payment Schemes
Predictions
Taxonomy and Tidbits
Case Study
Summary
Chapter 17. Myths and Misconceptions of PCI DSS
Myth #1 PCI Doesn’t Apply to Me
Myth #2 PCI is Confusing and Ambiguous
Myth #3 PCI DSS is Too Onerous
Myth #4 Breaches Prove PCI DSS Irrelevant
Myth #5 PCI is All We Need For Security
Myth #6 PCI DSS is Really Easy
Myth #7 My Tool is PCI Compliant Thus I Am Compliant
Myth #8 PCI is Toothless
Case Study
Summary
REFERENCES
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Title page
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset