PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance
Cover -- Half Title -- Title Page -- Copyright Page -- Contents -- Foreword -- Acknowledgments -- Authors -- Chapter 1: About PCI DSS and This Book -- Who Should Read This Book? -- How to Use the Book in Your Daily Job -- What This Book Is Not -- Organization of the Book -- Summary -- Notes -- Chapter 2: Introduction to Fraud, Identity Theft, and Related Regulatory Mandates -- Summary -- Notes -- Chapter 3: Why Is PCI Here? -- What Is PCI DSS and Who Must Comply? -- Electronic Card Payment Ecosystem -- Goal of PCI DSS -- Applicability of PCI DSS -- A Quick Note about Appendix A3 -- PCI DSS in Depth -- Compliance Deadlines -- Compliance and Validation -- Something New, the Customized Approach -- History of PCI DSS -- PCI Council -- QSAs -- Additional PCI SSC Qualifications -- PFIs -- PCIPs -- QIRs -- ASVs -- Quick Overview of PCI Requirements -- How Changes to PCI DSS Happen -- What's New in PCI DSS 4.0 -- Customized Approach -- Extra Guidance -- New Countermeasures -- Skimmers and Web Content -- Authenticated Vulnerability Scanning -- Inventory All the Things -- Scope Reviews -- In Place With Remediation -- PCI DSS and Risk -- Benefits of Compliance -- Case Study -- The Case of the Developing Security Program -- The Case of the Confusing Validation Requirements -- Summary -- Notes -- Chapter 4: Determining and Reducing Your PCI Scope -- The Basics of PCI DSS Scoping -- Connected-To Systems -- The "Gotchas" of PCI Scope -- Scope Reduction Tips -- Planning Your PCI Project -- Case Study -- The Case of the Leaky Data -- The Case of the Entrenched Enterprise -- Summary -- Notes -- Chapter 5: Building and Maintaining a Secure Network -- Which PCI DSS Requirements Are in This Domain? -- Establish NSC Configuration Standards -- Denying Traffic from Untrusted Networks and Hosts -- Restricting Connections -- Host or Network-Based Security Controls.