PCI DSS a Pocket Guide
Published on 4. September 2008
Book
Paperback/Softback
42 pages
978-1-905356-64-5 (ISBN)
Description
Target dates for compliance with the PCI DSS itself have all long since passed. Many organisations particularly those that fall below the top tier of payment card transaction volumes are not yet compliant - and can no longer afford to put off the work required to fall into line with this global standard. This handy pocket guide will provide you with all the information you will need when considering how to approach the PCI DSS, and is an ideal tool for awareness training for your PCI staff. Attacks are highly automated, seeking out website and payment card system vulnerabilities All businesses that accept payment cards are prey for hackers and criminal gangs that seek to steal payment card and individual identity details. Many attacks are highly automated, seeking out website and payment card system vulnerabilities remotely, using increasingly sophisticated tools and techniques. When a vulnerability is discovered, an attack can start without management or staff of the target company having any awareness of what is going on. PCI DSS is designed to ensure that merchants are effectively protecting cardholder data.
It recognises that not all merchants may have the technical understanding to identify for themselves the necessary steps and short-circuits to avoid danger. All merchants, and their service providers, should therefore ensure that they comply with PCI DSS, and that they stay compliant. Key features of this pocket guide: * Overview of Payment Card Industry Data Security Standard * Scope and compliance * Consequences of a breach * PCI self-assessment questionnaire * Procedures and Qualifications
It recognises that not all merchants may have the technical understanding to identify for themselves the necessary steps and short-circuits to avoid danger. All merchants, and their service providers, should therefore ensure that they comply with PCI DSS, and that they stay compliant. Key features of this pocket guide: * Overview of Payment Card Industry Data Security Standard * Scope and compliance * Consequences of a breach * PCI self-assessment questionnaire * Procedures and Qualifications
More details
Language
English
Place of publication
Ely
United Kingdom
Target group
Professional and scholarly
Dimensions
Height: 165 mm
Width: 95 mm
Thickness: 4 mm
Weight
43 gr
ISBN-13
978-1-905356-64-5 (9781905356645)
Copyright in bibliographic data is held by Nielsen Book Services Limited or its licensors: all rights reserved.
Schweitzer Classification
Persons
Alan Calder is a leading author on IT governance and information security issues. He is Chief Executive of IT Governance Limited, the one-stop-shop for books, tools, training and consultancy on governance, risk management and compliance.Alan is an international authority on information security management and on ISO27001 (formerly BS7799), the international security standard, about which he wrote with colleague Steve Watkins the definitive compliance guide, IT Governance: A Manager's Guide to Data Security and BS7799/ISO17799. This work is based on his experience of leading the world's first successful implementation of BS7799 (with the 4th edition published in May 2008) and is the basis for the UK Open University's postgraduate course on information security.Other books written by Alan include The Case for ISO27001 and ISO27001 - Nine Steps to Success, as well as several pocket guides in this series. Alan is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.Nicki Carter gained 12 years' experience in the Ministry of Defence and HMG, four years of which were occupied as an Information Security Adviser for government and MOD information systems. Most significantly, Nicki occupied the position of a Qualified Security Assessor (QSA) undertaking Payment Card Industry Data Security Standard (PCI DSS) assessments. The QSA responsibilities included facilitating scoping workshops, gap/risk analysis activities, and undertaking audits with both high-profile public and private sector companies.
Content
CONTENTSChapter 1: What is the Payment Card IndustryData Security Standard(PCI DSS)? ... 11Chapter 2: What is the Scope of thePCI DSS? ... 14Chapter 3: Compliance and ComplianceProgrammes ... 16Chapter 4: Consequences of a Breach ... 19Chapter 5: How do you Comply with theRequirements of the Standard? ... 20Chapter 6: Maintaining Compliance ... 25Chapter 7: PCI DSS - The Standard ... 26Chapter 8: Aspects of PCI DSS Compliance ... 28Chapter 9: The PCI Self-AssessmentQuestionnaire (SAQ) ... 32Chapter 10: Procedures and Qualifications ... 34Chapter 11: PCI DSS and ISO/IEC 27001 ... 38Chapter 12: Payment Application Data SecurityStandard (PA-DSS) ... 40Chapter 13: Pin-Entry Devices (PED) ... 42ITG Resources ... 43