PCI Compliance (eBook)
368 Seiten
Elsevier Science (Verlag)
978-1-59749-539-4 (ISBN)
This book is for IT managers and company managers who need to understand how PCI DSS applies to their organizations. It is for the small- and medium-size businesses that do not have an IT department to delegate to. It is for large organizations whose PCI DSS project scope is immense. It is also for all organizations that need to grasp the concepts of PCI DSS and how to implement an effective security framework that is also compliant.
- Completely updated to follow the PCI DSS standard 1.2.1
- Packed with help to develop and implement an effective security strategy to keep infrastructure compliant and secure
- Both authors have broad information security backgrounds, including extensive PCI DSS experience
Dr. Anton Chuvakin is a recognized security expert in the field of log
management and PCI DSS compliance. He is an author of the books 'Security Warrior' and 'PCI
Compliance' and has contributed to many others, while also publishing dozens of papers on
log management, correlation, data analysis, PCI DSS, and security management. His blog
(http://www.securitywarrior.org) is one of the most popular in the industry.
Additionaly, Anton teaches classes and presents at many security conferences across the world
and he works on emerging security standards and serves on the advisory boards of
several security start-ups. Currently, Anton is developing his security consulting practice,
focusing on logging and PCI DSS compliance for security vendors and Fortune 500 organizations.
Anton earned his Ph.D. from Stony Brook University.
PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance, Second Edition, discusses not only how to apply PCI in a practical and cost-effective way but more importantly why. The book explains what the Payment Card Industry Data Security Standard (PCI DSS) is and why it is here to stay; how it applies to information technology (IT) and information security professionals and their organization; how to deal with PCI assessors; and how to plan and manage PCI DSS project. It also describes the technologies referenced by PCI DSS and how PCI DSS relates to laws, frameworks, and regulations.This book is for IT managers and company managers who need to understand how PCI DSS applies to their organizations. It is for the small- and medium-size businesses that do not have an IT department to delegate to. It is for large organizations whose PCI DSS project scope is immense. It is also for all organizations that need to grasp the concepts of PCI DSS and how to implement an effective security framework that is also compliant. - Completely updated to follow the PCI DSS standard 1.2.1- Packed with help to develop and implement an effective security strategy to keep infrastructure compliant and secure- Both authors have broad information security backgrounds, including extensive PCI DSS experience
Front Cover 1
PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance 4
Copyright 5
Contents 6
Foreword 14
Acknowledgments 16
About the Authors 18
Chapter 1. About PCI and This Book 20
Who Should Read This Book? 22
How to Use the Book in Your Daily Job 23
What this Book is NOT 23
Organization of the Book 23
Summary 24
Chapter 2. Introduction to Fraud, ID Theft, and Regulatory Mandates 28
Summary 33
Chapter 3. Why Is PCI Here? 34
What Is PCI and Who Must Comply? 35
PCI DSS in Depth 40
Quick Overview of PCI Requirements 50
PCI DSS and Risk 54
Benefits of Compliance 56
Case Study 56
Summary 58
References 59
Chapter 4. Building and Maintaining a Secure Network 60
Which PCI DSS Requirements Are in This Domain? 61
What Else Can You Do to Be Secure? 74
Tools and Best Practices 75
Common Mistakes and Pitfalls 76
Case Study 77
Summary 80
Chapter 5. Strong Access Controls 82
Which PCI DSS Requirements Are in This Domain? 83
What Else Can You Do to Be Secure? 116
Tools and Best Practices 118
Common Mistakes and Pitfalls 119
Case Study 120
Summary 123
Chapter 6. Protecting Cardholder Data 124
What Is Data Protection and Why Is It Needed? 125
Requirements Addressed in This Chapter 127
PCI Requirement 3: Protect Stored Cardholder Data 127
What Else Can You Do to Be Secure? 140
PCI Requirement 4 Walk-through 140
Requirement 12 Walk-through 144
Appendix A of PCI DSS 147
How to Become Compliant and Secure 147
Common Mistakes and Pitfalls 150
Case Study 152
Summary 154
References 154
Chapter 7. Using Wireless Networking 156
What Is Wireless Network Security? 157
Where Is Wireless Network Security in PCI DSS? 159
Why Do We Need Wireless Network Security? 166
Tools and Best Practices 167
Common Mistakes and Pitfalls 168
Case Study 169
Summary 173
Chapter 8. Vulnerability Management 174
PCI DSS Requirements Covered 176
Vulnerability Management in PCI 176
Requirement 5 Walk-through 183
Requirement 6 Walk-through 184
Requirement 11 Walk-through 198
Internal Vulnerability Scanning 213
Common PCI Vulnerability Management Mistakes 215
Case Study 218
Summary 220
References 221
Chapter 9. Logging Events and Monitoring the Cardholder Data Environment 222
PCI Requirements Covered 223
Why Logging and Monitoring in PCI DSS? 224
Logging and Monitoring in Depth 225
PCI Relevance of Logs 229
Logging in PCI Requirement 10 231
Monitoring Data and Log Security Issues 235
Logging and Monitoring in PCI – All Other Requirements 238
Tools for Logging in PCI 242
Log Management Tools 248
Other Monitoring Tools 250
Intrusion Detection and Prevention 250
Integrity Monitoring 255
Common Mistakes and Pitfalls 257
Case Study 257
Summary 260
References 260
Chapter 10. Managing a PCI DSS Project to Achieve Compliance 262
Justifying a Business Case for Compliance 263
Bringing the Key Players to the Table 268
Budgeting Time and Resources 271
Educating Staff 274
Project Quickstart Guide 277
PCI SSC New Prioritized Approach 280
Summary 281
Reference 282
Chapter 11. Don’t Fear the Assessor 284
Remember, Assessors Are There to Help 285
Dealing With Assessors’ Mistakes 288
Planning for Remediation 290
Planning for Reassessing 294
Summary 295
Chapter 12. The Art of Compensating Control 296
What Is a Compensating Control? 297
Where Are Compensating Controls in PCI DSS? 298
What a Compensating Control Is Not 299
Funny Controls You Didn’t Design 300
How to Create a Good Compensating Control 302
Summary 306
Chapter 13. You’re Compliant, Now What? 308
Security Is a Process, Not an Event 308
Plan for Periodic Review and Training 310
PCI Requirements with Periodic Maintenance 312
PCI Self-Assessment 319
Case Study 320
Summary 321
Chapter 14. PCI and Other Laws, Mandates, and Frameworks 324
PCI and State Data Breach Notification Laws 325
PCI and the ISO27000 Series 328
PCI and Sarbanes–Oxley (SOX) 330
Regulation Matrix 332
Summary 333
References 334
Chapter 15. Myths and Misconceptions of PCI DSS 336
Myth #1 PCI Doesn’t Apply 337
Myth #2 PCI Is Confusing 341
Myth #3 PCI DSS Is Too Onerous 343
Myth #4 Breaches Prove PCI DSS Irrelevant 345
Myth #5 PCI Is All We Need for Security 347
Myth #6 PCI DSS Is Really Easy 350
Myth #7 My Tool Is PCI Compliant 352
Myth #8 PCI Is Toothless 355
Case Study 358
Summary 359
References 359
Index 362
| Erscheint lt. Verlag | 13.11.2009 |
|---|---|
| Sprache | englisch |
| Themenwelt | Sachbuch/Ratgeber |
| Informatik ► Netzwerke ► Sicherheit / Firewall | |
| ISBN-10 | 1-59749-539-5 / 1597495395 |
| ISBN-13 | 978-1-59749-539-4 / 9781597495394 |
| Haben Sie eine Frage zum Produkt? |
EPUB (Adobe DRM)Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
