The recent plethora of information security and payment card data breaches has created a tremendous amount of problems for consumers, retailers, financial institutions, and service providers. Payment Card Industry Data Security Standard Handbook addresses the payment card industry standard that includes requirements for security management, policies, procedures, network architecture, software design, and any other critical protective measures. It is an all-inclusive resource for payment card industry compliance, providing CIOs, IT managers, controllers, and accounts payable/receivable managers guidance on how to achieve compliance with the Payment Card Industry Data Security Standards. INDICE: Preface. Introduction. Part One. The Fundamentals. Chapter 1. PCI Fundamentals. History Of PCI. Why PCI DSS? Chapter 2. Security 101. Strategy and Planning. Information Risk Management. Information Classification. Risk Assessment. Risk Analysis. Dealing with Risk. Defense in Depth. Policy, Standards, and Procedures. Adoption of Security Framework. Security and the System Development Lifecycle (SDLC). Security Training and Awareness. Metrics. Physical Security. Data Communications and Networking. Perimeter Security. Information Security Monitoring and Log Management. Intrusion Detection and Intrusion Prevention Technology. Logical Access Control. Electronic Authentication. Encryption. Remote Access Control. Secure Communications. HTTPS. Secure Shell. Virtual Private Networks. Wireless. Incident Response. Forensics. Part Two. PCI Break Down (Control Objectives and Associated Standards). Chapter 3. Build and Maintain a Secure Network. Requirement 1: Install And Maintain A Firewall Configuration To Protect Cardholder Data. Requirement 2: Do Not Use Vendor Supplied Defaults For System Passwords And Other Security Parameters. Requirement A.1: Hosting Providers Protect Cardholder Data Environment. Chapter 4. Protect Cardholder Data. Requirement 3: Protect Stored Cardholder Data. PCI DSS Appendix B: Compensating Controls For Requirement 3.4. Requirement 4: Encrypt Transmission Of Cardholder Data Across Open Public Networks. Chapter 5. Maintain a Vulnerability Management Program. Requirement 5: Use And Regularly Update Anti-Virus Software. Requirement 6: Develop And Maintain Secure Systems And Applications. Chapter 6. Implement Strong Access Control Measures. Requirement 7: Restrict Access To Cardholder Data By Business Need-To-Know. Requirement 8: Assigned A Unique ID To Each Person With Computer Access. Requirement 9: Restrict PhysicalAccess To Cardholder Data. Chapter 7. Regularly Monitor And Test Networks. Requirement 10: Track And Monitor All Access To Network Resources And CardholderData. Requirement 11: Regularly Test Security Systems And Processes. Chapter 8. Maintain An Information Security Policy. Requirement 12: Maintain A Policy That Addresses Information Security. Part Three. Strategy and Operations. Chapter 9. Assessment and Remediation. PCI DSS Payment Card Industry Self-Assessment Questionnaire. PCI DSS Security Audit Procedures. PCI DSS Security ScanningProcedures. Leveraging Self-Assessment. Strategy and Program Development. Chapter 10. PCI Program Management. Case For Strategic Compliance. Who Should Be Involved Achieving PCI DSS Compliance For Our Organization? PCI DSS Glossary, Abbreviations, and Acronyms. References. Resources. Index.
- ISBN: 978-0-470-26046-3
- Editorial: John Wiley & Sons
- Encuadernacion: Cartoné
- Páginas: 224
- Fecha Publicación: 12/11/2008
- Nº Volúmenes: 1
- Idioma: Inglés