PCI Compliance - Abhay Bhargav

PCI Compliance

The Definitive Guide

(Autor)

Buch | Hardcover
351 Seiten
2014
Auerbach (Verlag)
978-1-4398-8740-0 (ISBN)
149,60 inkl. MwSt
Although organizations that store, process, or transmit cardholder information are required to comply with payment card industry standards, most find it extremely challenging to comply with and meet the requirements of these technically rigorous standards. PCI Compliance: The Definitive Guide explains the ins and outs of the payment card industry (PCI) security standards in a manner that is easy to understand.

This step-by-step guidebook delves into PCI standards from an implementation standpoint. It begins with a basic introduction to PCI compliance, including its history and evolution. It then thoroughly and methodically examines the specific requirements of PCI compliance. PCI requirements are presented along with notes and assessment techniques for auditors and assessors.

The text outlines application development and implementation strategies for Payment Application Data Security Standard (PA-DSS) implementation and validation. Explaining the PCI standards from an implementation standpoint, it clarifies the intent of the standards on key issues and challenges that entities must overcome in their quest to meet compliance requirements.

The book goes beyond detailing the requirements of the PCI standards to delve into the multiple implementation strategies available for achieving PCI compliance. The book includes a special appendix on the recently released PCI-DSS v 3.0. It also contains case studies from a variety of industries undergoing compliance, including banking, retail, outsourcing, software development, and processors. Outlining solutions extracted from successful real-world PCI implementations, the book ends with a discussion of PA-DSS standards and validation requirements.

Abhay Bhargav is the founder and chief technical officer of the we45 Group, a Bangalore based information security solutions company. He has extensive experience with information security and compliance, having performed security assessments for many enterprises in various domains, such as banking, software development, retail, telecom, and legal. He is a qualified security assessor (QSA) for the payment-card industry and has led several security assessments for payment-card industry compliance. He is also the coauthor of Secure Java for Web Application Development, published by CRC Press. Abhay is a specialist in Web-application security with broad experience in vulnerability assessment and penetration testing, and he has served as a consultant for a wide array of enterprises and governmental/quasi-governmental entities. He was recently awarded the prestigious SANS Certified GIAC Web Application Penetration Tester certification. He has been interviewed by leading media outlets for his expertise on information security, particularly application security. Links to the interviews are available here and here. Abhay is a regular speaker at industry events. He was a featured speaker at the JavaOne Conference in September 2010 at the Moscone Center in San Francisco. He also regularly speaks at OWASP (Open Web Application Security Project) conferences around the world, notably in New York at the world’s largest application security conference, the OWASP AppSec Conference, in September 2008. He has also spoken at various other conferences and seminars, such as the PCI summit in Mumbai in December 2008. He is a regular speaker at industry events such as the Business Technology Summit and events organized by the Confederation of Indian Industry (CII). He has also delivered several talks to government entities and their stakeholders on information security and application security. He is also a trainer in information security and has led several public workshops on PCI, PA-DSS, and risk assessment. Abhay is well versed in risk assessment and risk management, with rich consulting experience in the OCTAVE® Risk Assessment and NIST SP 800-30 methodologies. His expertise also extends to providing solutions on information security based on the ISO-27001, HIPAA, SOX, GLBA, and other security-compliance standards. Previously, Abhay was the leader of application security and PCI compliance at SISA Information Security Pvt Ltd. Prior to that, he was involved in implementing enterprise IT solutions for various verticals, including manufacturing and retail. He has developed various business applications in Java and proprietary object-oriented program languages such as TDL. He has also written various articles on application security and security compliance. Apart from his professional interests, Abhay is also a trained Carnatic classical flutist and has delivered several concerts. He is also a theater enthusiast and playwright with an English comedy play to his writing credits. He blogs actively and maintains a security blog and a personal blog. He also writes a weekly article on computer education in a leading Kannada daily newspaper for the rural youth.

Payment-Card Industry: An Evolution. Card Anatomy: The Essentials. Security and the Payment-Card Industry. Payment Card Industry Data Security Standard (PCI-DSS). The Payment Application Data Security Standard (PA-DSS). Enterprise Approach to PCI Compliance. Scoping for PCI Compliance. Requirement 1: Build and Maintain a Secure Network. Requirement 2: Vendor-Supplied Defaults, System Passwords, and Security Parameters. Requirement 3: Protect Stored Cardholder Data. Requirement 4: Securing Cardholder Information in Transit. Requirement 5: Use and Regularly Update Antivirus Software. Requirement 6: Develop and Maintain Secure Systems. Requirement 7: Restrict Access to Cardholder Data by Business. Requirement 8: Access-Control Requirements for PCI Environments. Requirement 9: Restrict Physical Access to Cardholder Data. Requirement 10: Logging and Monitoring for the PCI Standards. Requirement 11: Security Testing for the PCI Environment. Requirement 12: Information Security Policies and Practices for PCI Compliance. Beyond PCI Compliance.

Zusatzinfo 11 Tables, black and white; 68 Illustrations, black and white
Verlagsort London
Sprache englisch
Maße 178 x 254 mm
Gewicht 839 g
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Mathematik / Informatik Informatik Software Entwicklung
Mathematik / Informatik Informatik Theorie / Studium
Recht / Steuern Privatrecht / Bürgerliches Recht IT-Recht
Wirtschaft Betriebswirtschaft / Management Finanzierung
Betriebswirtschaft / Management Spezielle Betriebswirtschaftslehre Bankbetriebslehre
ISBN-10 1-4398-8740-3 / 1439887403
ISBN-13 978-1-4398-8740-0 / 9781439887400
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich

von Chaos Computer Club

Buch | Softcover (2024)
KATAPULT Verlag
28,00
Management der Informationssicherheit und Vorbereitung auf die …

von Michael Brenner; Nils gentschen Felde; Wolfgang Hommel

Buch (2024)
Carl Hanser (Verlag)
69,99