PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance

Overview

PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance, Second Edition, discusses not only how to apply PCI in a practical and cost-effective way but more importantly why. The book explains what the Payment Card Industry Data Security Standard (PCI DSS) is and why it is here to stay; how it applies to information technology (IT) and information security professionals and their organization; how to deal with PCI assessors; and how to plan and manage PCI DSS project. It also ...
See more details below
Available through our Marketplace sellers.
Other sellers (Paperback)
  • All (7) from $4.44   
  • New (3) from $47.08   
  • Used (4) from $4.44   
Close
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any BN.com coupons and promotions
$47.08
Seller since 2008

Feedback rating:

(18384)

Condition:

New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

New
Brand New, Perfect Condition, Please allow 4-14 business days for delivery. 100% Money Back Guarantee, Over 1,000,000 customers served.

Ships from: Westminster, MD

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
$47.09
Seller since 2009

Feedback rating:

(141)

Condition: New
New Book from multilingual publisher. Shipped from UK in 10 to 14 business days.

Ships from: Fairford, United Kingdom

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
$105.00
Seller since 2015

Feedback rating:

(228)

Condition: New
Brand new.

Ships from: acton, MA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing All
Close
Sort by
PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK 7.0
  • Samsung Galaxy Tab 4 NOOK 10.1
  • NOOK HD Tablet
  • NOOK HD+ Tablet
  • NOOK eReaders
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$46.99
BN.com price
(Save 21%)$59.95 List Price

Overview

PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance, Second Edition, discusses not only how to apply PCI in a practical and cost-effective way but more importantly why. The book explains what the Payment Card Industry Data Security Standard (PCI DSS) is and why it is here to stay; how it applies to information technology (IT) and information security professionals and their organization; how to deal with PCI assessors; and how to plan and manage PCI DSS project. It also describes the technologies referenced by PCI DSS and how PCI DSS relates to laws, frameworks, and regulations.
This book is for IT managers and company managers who need to understand how PCI DSS applies to their organizations. It is for the small- and medium-size businesses that do not have an IT department to delegate to. It is for large organizations whose PCI DSS project scope is immense. It is also for all organizations that need to grasp the concepts of PCI DSS and how to implement an effective security framework that is also compliant.
  • Completely updated to follow the PCI DSS standard 1.2.1
  • Packed with help to develop and implement an effective security strategy to keep infrastructure compliant and secure
  • Both authors have broad information security backgrounds, including extensive PCI DSS experience
Read More Show Less

Editorial Reviews

From the Publisher

"Finally we have a solid and comprehensive reference for PCI. This book explains in great detail not only how to apply PCI in a practical and cost-effective way, but more importantly why."--Joel Weise, Information Systems Security Association (ISSA) founder and chairman of the ISSA Journal Editorial Advisory Board

"Overall, PCI Compliance is a valuable book for one of the most sensible security standards ever put forth. Anyone who has PCI responsibilities or wants to gain a quick understanding of the PCI DSS requirements will find it quite valuable."--Security Management

"Intended for IT managers, this guide introduces the payment card industry data security standard (PCI DSS), describes the components of a secure network, and suggests steps for planning a project to meet compliance. The 12 PCI DSS requirements are addressed individually with action items for access control, cardholder data protection, wireless network security, vulnerability management, and event logging. The second edition covers PCI DSS version 1.2.1."--SciTech Book News

Read More Show Less

Product Details

  • ISBN-13: 9781597494991
  • Publisher: Elsevier Science
  • Publication date: 12/15/2009
  • Edition number: 2
  • Pages: 368
  • Product dimensions: 7.40 (w) x 9.10 (h) x 1.00 (d)

Meet the Author

Dr. Anton Chuvakin is a recognized security expert in the field of log management and PCI DSS compliance. He is an author of the books "Security Warrior" and "PCI
Compliance" and has contributed to many others, while also publishing dozens of papers on log management, correlation, data analysis, PCI DSS, and security management. His blog
(http://www.securitywarrior.org) is one of the most popular in the industry.
Additionaly, Anton teaches classes and presents at many security conferences across the world and he works on emerging security standards and serves on the advisory boards of several security start-ups. Currently, Anton is developing his security consulting practice,
focusing on logging and PCI DSS compliance for security vendors and Fortune 500 organizations.
Anton earned his Ph.D. from Stony Brook University.

Branden R. Williams (CISSP, CISM, CPISA, CPISM) leads an information security practice in a Global Security Consulting group at a major security firm in Flower Mound, TX and teaches in the NSA Certified Information Assurance program at the University of Dallas's Graduate School of Management. Branden has been involved in information technology since 1994, and focused on information security since 1996. He started consulting on payment security in 2004, assessing companies against the Visa CISP and Mastercard SDP programs. He has a Bachelors of Business Administration in Marketing from the University of Texas, Arlington, and a Masters of Business Administration in Supply Chain Management and Market Logistics from the University of Dallas.
Branden publishes a monthly column in the ISSA Journal entitled "Herding Cats," and authors a blog at http://www.brandenwilliams.com/.

Read More Show Less

Read an Excerpt

PCI Compliance

Understand and Implement Effective PCI Data Security Standard Compliance
By Anton A. Chuvakin Branden R. Williams

SYNGRESS

Copyright © 2010 Elsevier Inc.
All right reserved.

ISBN: 978-1-59749-539-4


Chapter One

About PCI and This Book

Information in this chapter

Who Should Read This Book? 3 How to Use the Book in Your Daily Job 4 What This Book Is NOT 4 Organization of the Book 4

If you are like most information technology (IT) and information security professionals, the idea of becoming compliant with Payment Card Industry Data Security Standard (PCI DSS) or countless other regulations does not sound like much fun. It is much more common to associate compliance efforts with the other extreme, and that is PAIN. Whether it is the pain of not knowing what to do, pain of failing the assessment, or pain of "doing compliance" on a $0 budget, there are plenty of challenges that earned compliance – PCI DSS compliance in particular – have in common with pain.

Thus, we face the seemingly impossible challenge to write a fun and insightful book about PCI DSS. We realize all the difficulties of achieving this, and we are committed to the challenge. We'd like to invite you, our reader, to travel with us in the hopes that when you turn the last page, you would come to realize that PCI DSS compliance can indeed be (YES) fun!

There are many standards and regulations out there. If your company's stock is publicly traded in the United States, you must adhere to the Sarbanes–Oxley (SOX) mandates. Financial companies fall under the Gramm–Leach–Bliley Act (GLBA). Those in the energy sector work toward North American Electric Reliability Corporation (NERC), Federal Energy Regulatory Commission (FERC), or Critical Infrastructure Protection (CIP) standards. If you are in the health care industry, your network must comply with the Health Insurance Portability and Accountability Act (HIPAA) standards. Other countries have their own "alphabet soup" of standards such as British BSI, Russian GOST (Russian for "gosudarstvennyy standart" or "state standard"), worldwide International Organization for Standardization (ISO)/ International Electrotechnical Commission (IEC), and so on. However, the PCI DSS occupies a special place among the standards due to two reasons: broad, worldwide applicability and the presence of enforcement mechanism that is seen as imminent and unavoidable, unlike for some other mentioned regulations.

The overarching theme of all these standards, laws, and regulations is that organizations need to secure their data and protect their networks to keep citizens' data safe. In some cases, weak information security may only affect the company. However, when the data on the corporate network contains personal information about patients, customers, or employees, a breach of security can have implications far beyond the company. A breach of a company dealing with hundreds of millions of customers, such as a card payment processor, will have implications touching nearly the entire society and, thus, decreasing such occurrences is in the public interest.

Visa, MasterCard, American Express, Discover, and JCB banded together to develop PCI DSS to ensure that credit-card customer information is adequately protected and to protect the card industry. Breaches of customer information lead to money loss and damaged reputations, and the credit-card industry wants to protect itself from financial loss or eroded consumer confidence in credit cards as a means of transacting money.

We will use its experience with PCI DSS, both from the PCI Qualified Security Assessor (QSA) side and from information security side, to explain the most up-to-date PCI DSS guidelines to you. However, we will do so in a broader, more holistic approach. The objective of this book is not only to teach you about the PCI DSS requirements but to help you understand how the PCI DSS requirements fit into an organization's information security framework, and how to effectively implement information security controls so that you can be both compliant and secure. In addition, we will focus on how to do this in the easiest and most painless way, but without compromising security in the process.

This book will make constant reference to the PCI DSS. PCI DSS, and its related standards, is owned by the PCI Security Standards Council (PCI SSC), sometimes known in the industry as PCI Co. Before you start reading this book, you should go to the Council's Web site at www.pcisecuritystandards.org and download PCI DSS version 1.2.1 under the Security Standards/PCI DSS heading.

As of this publication, PCI DSS is at version 1.2.1. The changes between versions 1.2 and 1.2.1 are not enough to differentiate in this book, so when we refer to PCI DSS version 1.2, assume that includes version 1.2.1.

WHO SHOULD READ THIS BOOK?

Every company that accepts card payments, processes credit- or debit-card transactions, stores payment card data, or in any other way touches personal or sensitive data associated with payment card processing is affected by the PCI DSS. Nowadays, it means that virtually all businesses, no matter how big or small, need to understand their scope of PCI DSS and how to implement PCI controls to work toward reducing their risk, or face penalties or even the possibility of having their merchant status revoked.

Even with such a broad audience compelled to comply with the PCI DSS, this book had to be written for a specific technical level. This book could have been written in very simple terms to educate the general population about PCI DSS. We could have written an in-depth technical tome providing every bit of detail a network engineer or security administrator might need to configure and implement all controls mandated by PCI DSS. This book aims in the middle and is more of a strategic guide to help executive management understand the implications of PCI DSS and what it takes to be compliant. Overall, the book would be useful for everybody in IT and in management of the organization that deal with credit cards. This would include executive management, IT and IT security management, network, server, application developers, database managers, as well as everyone interested in payment security.

As a result, this book is for the IT managers and company managers who need to understand how PCI DSS applies to their organizations. This book is for the small- and medium-size businesses that don't have an IT department to delegate to. The book is also for large organizations whose PCI DSS project scope is immense. It is for all organizations that need to grasp the concepts of PCI DSS and how to implement an effective security framework that is also compliant. This book is intended as an introduction to PCI DSS, but with a deeper and more technical understanding of how to put it into action. Finally, even PCI "literati" will benefit from the stories and case studies presented by us!

HOW TO USE THE BOOK IN YOUR DAILY JOB

You can use the book during the entire lifecycle from complete PCI unawareness to ultimate security and compliance enlightenment. Specifically, you can use it as provided in the following:

* Learn what PCI DSS is and why it is here to stay

* Figure out how it applies to you and your organization

* Learn what to do about each of the 12 main requirements

* Gain knowledge about dealing with PCI assessors

* Learn how to plan and manage PCI DSS project

* Understand all the technologies referenced by PCI DSS

* Get the best experience out of what can be seen as a painful assessment process

WHAT THIS BOOK IS NOT

While reading the book, it is useful to remember that this is not the book that will unambiguously answer every PCI DSS esoteric question. Also, there is simply no way to create a book that will answer PCI DSS questions as the regulation applies to your own environment. Indeed, there are a lot of similarity in how networks and systems are deployed, but given broad applicability of PCI DSS – from small e-commerce sites to huge worldwide retailers – there is no way to have a book "customized" for your networks, systems, and applications. It is not meant to be the final authority for all issues related to PCI DSS, and it is not the unabridged guide to all things of PCI DSS. Finally, even though the book is written using one of the authors' QSA1 experience, your QSA is the ultimate judge of most PCI "puzzles" you will face on your journey to compliance.

ORGANIZATION OF THE BOOK

Each chapter of the book is designed to provide you the information you need to know in a way that you can easily understand and apply. To aid in that goal, the chapters follow a common structure which, wherever possible, includes the description of the PCI DSS requirement, the value of the requirement for PCI DSS and security, common tips and select tools useful for satisfying the requirement, as well as common mistakes and pitfalls.

Specifically, we are trying to first explain what is the control or a concept we are talking about, whether it is log management or compensating controls. Then, we explain where in PCI DSS this concept sits and why it is needed for information security – how it reduces risk. Next, we explain what you should do with this concept to be secure and compliant using examples, common practices, etc. Most chapters have a detailed and entertaining case study. When we said that we will make PCI fun, we really mean it! Most chapters have a summary that provides a brief recap of the concepts discussed to reinforce what you read or to help you identify areas that you may need to re-read if you feel you don't understand them yet. Where possible, we also try to highlight common mistakes and pitfalls with these requirements or PCI concepts.

SUMMARY

This section provides a brief description of the information covered in each chapter:

* Chapter 1: About PCI and This Book – This chapter explains why PCI DSS is special and what this book is about.

* Chapter 2: Introduction to Fraud, ID Theft, and Regulatory Mandates – This chapter explains cybercrime and regulations and is a brief look at payment card fraud, cybercrime, ID theft, and other things around PCI DSS.

* Chapter 3: Why Is PCI Here? – This chapter gives an overview of PCI DSS and why the card industry was compelled to create it. This chapter also includes some discussion about the benefits of PCI DSS compliance and the risks of noncompliance.

* Chapter 4: Building and Maintaining a Secure Network – This chapter explains the necessary steps in protecting data for PCI DSS compliance and other reasons: to have a secure network in the first place. This chapter discusses the basic components of a secure network and lays the foundation for building the rest of your PCI DSS compliance.

* Chapter 5: Strong Access Controls – This chapter covers one of the most important aspects of PCI DSS compliance access control. The information in this chapter includes the need to restrict access to only those individuals that need it, as well as restricting physical access to computer systems.

* Chapter 6: Protecting Cardholder Data – This chapter explains how to protect card data that is stored on your systems, as well as how to protect data while it is in transit on your network.

* Chapter 7: Using Wireless Networking – This chapter covers wireless security issues and wireless security controls and safeguards managed by PCI DSS.

* Chapter 8: Vulnerability Management – This chapter explains performing vulnerability assessments to identify weaknesses in systems and applications, and how to mitigate or remediate the vulnerabilities to protect and secure your data.

* Chapter 9: Logging Events and Monitoring the Cardholder Data Environment – This chapter discusses how to configure logging and event assessment to capture the information you need to be able to show and maintain PCI compliance, as well as how to perform other security monitoring tasks.

(Continues...)



Excerpted from PCI Compliance by Anton A. Chuvakin Branden R. Williams Copyright © 2010 by Elsevier Inc. . Excerpted by permission of SYNGRESS. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

Read More Show Less

Table of Contents

Foreword Acknowledgments Chapter1: About PCI and This Book Chapter 2: Introduction to Fraud, ID Theft, and Regulatory Mandates Chapter 3: Why Is PCI Here? Chapter 4: Building and Maintaining a Secure Network Chapter 5: Strong Access Controls Chapter 6: Protecting Cardholder Data Chapter 7: Using Wireless Networking Chapter 8: Vulnerability Management Chapter 9: Logging Events and Monitoring the Cardholder Data Environment Chapter 10: Managing a PCI DSS Project to Acheive Compliance Chapter 11: Don't Fear the Assessor Chapter 12: The Art of Compensating Control Chapter 13: You're Compliant, Now What? Chapter 14: PCI and Other Laws, Mandates, and Frameworks Chapter 15: Myths and Misconceptions of PCI DSS

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Posted February 23, 2012

    EXCELLENT BOOK!!!

    Are you interested in payment security? If you are, then this book is for you! Authors Dr. Anton Chuvakin and Branden R. Williams, have done an outstanding job of writing a second edition of a book that shows you the PCI DSS requirements and helps you understand how the PCI DSS requirements fit into an organization’s information security framework, and how to effectively implement information security controls, so that you can be both compliant and secure. Authors Chuvakin and Williams, begin by explaining why PCI DSS is special and what the book is all about. In addition, the authors explain cybercrime and regulations, and briefly look at payment card fraud, cybercrime, ID theft, and other things around PCI DSS. They then give an overview of PCI DSS and why the card industry was compelled to create it. The authors then, explain the necessary steps in protecting data for PCI DSS compliance and other reasons. They continue by covering one of the most important aspects of PCI DSS compliance access control. In addition, the authors explain how to protect card data that is stored on your systems; as well as, how to protect data while it is in transit on your network. They then cover wireless security issues and wireless security controls and safeguards managed by PCI DSS. The authors then explain performing vulnerability assessments to identify weaknesses in systems and applications, and how to mitigate or remediate the vulnerabilities to protect and secure your data. Then, the authors discuss how to configure logging and event assessment to capture the information you need to be able to show and maintain PCI compliance; as well as, how to perform other security monitoring tasks. In addition, they give an overview of the steps involved and tasks necessary to implement a successful PCI compliance project. The authors then, provide an understanding of why an assessor is available to work with you to validate your compliance and help you with security. They continue by explaining how compensating controls are often talked about and misunderstood. In addition, the authors cover the details you need to keep in mind once you have achieved compliance. They then cover how PCI DSS relates to other regulatory beasts: laws, frameworks and regulations. Finally, the authors explain common, but damaging PCI myths and misconceptions; as well as, explaining the reality behind them. The goal of this most excellent book, is to show you how to effectively implement information security controls, so that you can be both compliant and secure. Perhaps more importantly, each chapter of the book is designed to provide you the information you need to know in a way that you can easily understand and apply.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)