PCI DSS: An Integrated Data Security Standard Guide
BenefitsDemystifies PCI DSS so you can develop an effectivecybersecurity and information security (InfoSec) strategy for theprotection of payment card dataShows you how to implement an integrated defensive model thatcan be applied against the PCI DSS controls frameworkProvides you with new insight into PCI DSS so you know how itapplies to specific businesses, and how to implement and manageyour compliance obligationsSummaryGain a broad understanding of how PCI DSS is structured andobtain a high-level view of the contents and context of each of the12 top-level requirements. The guidance provided in this book willhelp you effectively apply PCI DSS in your business environments,enhance your payment card defensive posture, and reduce theopportunities for criminals to compromise your network or stealsensitive data assets. Businesses are seeing an increased volume of data breaches,where an opportunist attacker from outside the business or adisaffected employee successfully exploits poor company practices.Rather than being a regurgitation of the PCI DSS controls, thisbook aims to help you balance the needs of running your businesswith the value of implementing PCI DSS for the protection ofconsumer payment card data.Applying lessons learned from history, military experiences(including multiple deployments into hostile areas), numerous PCIQSA assignments, and corporate cybersecurity and InfoSec roles,author Jim Seaman helps you understand the complexities of thepayment card industry data security standard as you protectcardholder data. You will learn how to align the standard with yourbusiness IT systems or operations that store, process, and/ortransmit sensitive data. This book will help you develop a businesscybersecurity and InfoSec strategy through the correctinterpretation, implementation, and maintenance of PCI DSS.What You Will LearnBe aware of recent data privacy regulatory changes and therelease of PCI DSS v4.0Improve the defense of consumer payment card data to safeguardthe reputation of your business and make it more difficult forcriminals to breach securityBe familiar with the goals and requirements related to thestructure and interdependencies of PCI DSSKnow the potential avenues of attack associated with businesspayment operationsMake PCI DSS an integral component of your businessoperationsUnderstand the benefits of enhancing your security cultureSee how the implementation of PCI DSS causes a positive rippleeffect across your businessWho This Book Is For Business leaders, information security (InfoSec) practitioners,chief information security managers, cybersecurity practitioners,risk managers, IT operations managers, business owners, militaryenthusiasts, and IT auditorsTable of ContentsAn Evolving Regulatory PerspectiveThe Evolution of PCI DSSData Life Support SystemAn Integrated Cyber/InfoSec StrategyThe Importance of Risk ManagementRisk Management vs. Compliance – The DifferentiatorPCI DSS ApplicabilityDe-scoping the Scoping RiskAn Introduction to the PCI DSS Controls FrameworkPayment Channel Attack VectorsCompliance – A Team EffortPIE FARM – A Project Managed Approach to PCI DSSProactive DefensePeople, People, PeopleThe Ripple EffectCometh the Year, Month, Day, HourQuick Fire Round – Five Commonly Asked QuestionsAuthorsJames (Jim) Seaman has been dedicated to thepursuit of security for his entire adult life. He served 22 yearsin the RAF Police, covering a number of specialist areas includingphysical security, aviation security, information securitymanagement, IT security management, cybersecurity management,security investigations, intelligence operations, and incidentresponse and disaster recovery. He has successfully transitionedhis skills to the corporate environment and now works in areas suchas financial services, banking, retail, manufacturing, e-commerce,and marketing. He helps businesses enhance their cybersecurity andInfoSec defensive measures and work with various industry securitystandards.