E-Book, Englisch, 367 Seiten, Web PDF
Chuvakin / Williams PCI Compliance
2. Auflage 2009
ISBN: 978-1-59749-539-4
Verlag: Elsevier Science & Techn.
Format: PDF
Kopierschutz: 1 - PDF Watermark
Understand and Implement Effective PCI Data Security Standard Compliance
E-Book, Englisch, 367 Seiten, Web PDF
ISBN: 978-1-59749-539-4
Verlag: Elsevier Science & Techn.
Format: PDF
Kopierschutz: 1 - PDF Watermark
PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance, Second Edition, discusses not only how to apply PCI in a practical and cost-effective way but more importantly why. The book explains what the Payment Card Industry Data Security Standard (PCI DSS) is and why it is here to stay; how it applies to information technology (IT) and information security professionals and their organization; how to deal with PCI assessors; and how to plan and manage PCI DSS project. It also describes the technologies referenced by PCI DSS and how PCI DSS relates to laws, frameworks, and regulations.
This book is for IT managers and company managers who need to understand how PCI DSS applies to their organizations. It is for the small- and medium-size businesses that do not have an IT department to delegate to. It is for large organizations whose PCI DSS project scope is immense. It is also for all organizations that need to grasp the concepts of PCI DSS and how to implement an effective security framework that is also compliant.
Completely updated to follow the PCI DSS standard 1.2.1Packed with help to develop and implement an effective security strategy to keep infrastructure compliant and secureBoth authors have broad information security backgrounds, including extensive PCI DSS experience
Dr. Anton Chuvakin is a recognized security expert in the field of log
management and PCI DSS compliance. He is an author of the books 'Security Warrior' and 'PCI
Compliance' and has contributed to many others, while also publishing dozens of papers on
log management, correlation, data analysis, PCI DSS, and security management. His blog
(http://www.securitywarrior.org) is one of the most popular in the industry.
Additionaly, Anton teaches classes and presents at many security conferences across the world
and he works on emerging security standards and serves on the advisory boards of
several security start-ups. Currently, Anton is developing his security consulting practice,
focusing on logging and PCI DSS compliance for security vendors and Fortune 500 organizations.
Anton earned his Ph.D. from Stony Brook University.
Autoren/Hrsg.
Weitere Infos & Material
1;Front Cover;1
2;PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance;4
3;Copyright;5
4;Contents;6
5;Foreword;14
6;Acknowledgments;16
7;About the Authors;18
8;Chapter 1. About PCI and This Book;20
8.1;Who Should Read This Book?;22
8.2;How to Use the Book in Your Daily Job;23
8.3;What this Book is NOT;23
8.4;Organization of the Book;23
8.5;Summary;24
9;Chapter 2. Introduction to Fraud, ID Theft, and Regulatory Mandates;28
9.1;Summary;33
10;Chapter 3. Why Is PCI Here?;34
10.1;What Is PCI and Who Must Comply?;35
10.2;PCI DSS in Depth;40
10.3;Quick Overview of PCI Requirements;50
10.4;PCI DSS and Risk;54
10.5;Benefits of Compliance;56
10.6;Case Study;56
10.7;Summary;58
10.8;References;59
11;Chapter 4. Building and Maintaining a Secure Network;60
11.1;Which PCI DSS Requirements Are in This Domain?;61
11.2;What Else Can You Do to Be Secure?;74
11.3;Tools and Best Practices;75
11.4;Common Mistakes and Pitfalls;76
11.5;Case Study;77
11.6;Summary;80
12;Chapter 5. Strong Access Controls;82
12.1;Which PCI DSS Requirements Are in This Domain?;83
12.2;What Else Can You Do to Be Secure?;116
12.3;Tools and Best Practices;118
12.4;Common Mistakes and Pitfalls;119
12.5;Case Study;120
12.6;Summary;123
13;Chapter 6. Protecting Cardholder Data;124
13.1;What Is Data Protection and Why Is It Needed?;125
13.2;Requirements Addressed in This Chapter;127
13.3;PCI Requirement 3: Protect Stored Cardholder Data;127
13.4;What Else Can You Do to Be Secure?;140
13.5;PCI Requirement 4 Walk-through;140
13.6;Requirement 12 Walk-through;144
13.7;Appendix A of PCI DSS;147
13.8;How to Become Compliant and Secure;147
13.9;Common Mistakes and Pitfalls;150
13.10;Case Study;152
13.11;Summary;154
13.12;References;154
14;Chapter 7. Using Wireless Networking;156
14.1;What Is Wireless Network Security?;157
14.2;Where Is Wireless Network Security in PCI DSS?;159
14.3;Why Do We Need Wireless Network Security?;166
14.4;Tools and Best Practices;167
14.5;Common Mistakes and Pitfalls;168
14.6;Case Study;169
14.7;Summary;173
15;Chapter 8. Vulnerability Management;174
15.1;PCI DSS Requirements Covered;176
15.2;Vulnerability Management in PCI;176
15.3;Requirement 5 Walk-through;183
15.4;Requirement 6 Walk-through;184
15.5;Requirement 11 Walk-through;198
15.6;Internal Vulnerability Scanning;213
15.7;Common PCI Vulnerability Management Mistakes;215
15.8;Case Study;218
15.9;Summary;220
15.10;References;221
16;Chapter 9. Logging Events and Monitoring the Cardholder Data Environment;222
16.1;PCI Requirements Covered;223
16.2;Why Logging and Monitoring in PCI DSS?;224
16.3;Logging and Monitoring in Depth;225
16.4;PCI Relevance of Logs;229
16.5;Logging in PCI Requirement 10;231
16.6;Monitoring Data and Log Security Issues;235
16.7;Logging and Monitoring in PCI – All Other Requirements;238
16.8;Tools for Logging in PCI;242
16.9;Log Management Tools;248
16.10;Other Monitoring Tools;250
16.11;Intrusion Detection and Prevention;250
16.12;Integrity Monitoring;255
16.13;Common Mistakes and Pitfalls;257
16.14;Case Study;257
16.15;Summary;260
16.16;References;260
17;Chapter 10. Managing a PCI DSS Project to Achieve Compliance;262
17.1;Justifying a Business Case for Compliance;263
17.2;Bringing the Key Players to the Table;268
17.3;Budgeting Time and Resources;271
17.4;Educating Staff;274
17.5;Project Quickstart Guide;277
17.6;PCI SSC New Prioritized Approach;280
17.7;Summary;281
17.8;Reference;282
18;Chapter 11. Don’t Fear the Assessor;284
18.1;Remember, Assessors Are There to Help;285
18.2;Dealing With Assessors’ Mistakes;288
18.3;Planning for Remediation;290
18.4;Planning for Reassessing;294
18.5;Summary;295
19;Chapter 12. The Art of Compensating Control;296
19.1;What Is a Compensating Control?;297
19.2;Where Are Compensating Controls in PCI DSS?;298
19.3;What a Compensating Control Is Not;299
19.4;Funny Controls You Didn’t Design;300
19.5;How to Create a Good Compensating Control;302
19.6;Summary;306
20;Chapter 13. You’re Compliant, Now What?;308
20.1;Security Is a Process, Not an Event;308
20.2;Plan for Periodic Review and Training;310
20.3;PCI Requirements with Periodic Maintenance;312
20.4;PCI Self-Assessment;319
20.5;Case Study;320
20.6;Summary;321
21;Chapter 14. PCI and Other Laws, Mandates, and Frameworks;324
21.1;PCI and State Data Breach Notification Laws;325
21.2;PCI and the ISO27000 Series;328
21.3;PCI and Sarbanes–Oxley (SOX);330
21.4;Regulation Matrix;332
21.5;Summary;333
21.6;References;334
22;Chapter 15. Myths and Misconceptions of PCI DSS;336
22.1;Myth #1 PCI Doesn’t Apply;337
22.2;Myth #2 PCI Is Confusing;341
22.3;Myth #3 PCI DSS Is Too Onerous;343
22.4;Myth #4 Breaches Prove PCI DSS Irrelevant;345
22.5;Myth #5 PCI Is All We Need for Security;347
22.6;Myth #6 PCI DSS Is Really Easy;350
22.7;Myth #7 My Tool Is PCI Compliant;352
22.8;Myth #8 PCI Is Toothless;355
22.9;Case Study;358
22.10;Summary;359
22.11;References;359
23;Index;362
