| | |  | Wireless Technologies | Home » » » PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance | | | | | | | Product Promotions: | | | | | Description: | | Identity theft and other confidential information theft have now topped the charts as the #1 cybercrime. In particular, credit card data is preferred by cybercriminals. Is your payment processing secure and compliant? Now in its second edition, PCI Compliance has been revised to follow the new PCI DSS standard 1.2.1. Also new to this edition: Each chapter has how-to guidance to walk you through implementing concepts, and real-world scenarios to help you relate to the information and better grasp how it impacts your data. This book provides the information that you need to understand the current PCI Data Security standards and how to effectively implement security on the network infrastructure in order to be compliant with the credit card industry guidelines and protect sensitive and personally identifiable information. - Completely updated to follow the PCI DSS standard 1.2.1
- Packed with help to develop and implement an effective security strategy to keep infrastructure compliant and secure
- Both authors have broad information security backgrounds, including extensive PCI DSS experience
| | | Product Details: | | | Author:
| Dr. Anton Chuvakin | | Paperback:
| 368 pages | | Publisher:
| Syngress | | Publication Date:
| December 15, 2009 | | Language:
| English | | ISBN:
| 1597494992 | | Product Length:
| 9.2 inches | | Product Width:
| 7.4 inches | | Product Height:
| 1.1 inches | | Product Weight:
| 1.7 pounds | | Package Length:
| 9.2 inches | | Package Width:
| 7.4 inches | | Package Height:
| 1.1 inches | | Package Weight:
| 1.0 pounds | | Average Customer Rating:
|  based on 12 reviews |
| | | | Used and New: | | | |
| All | |
| $44.95 | Used
- Mint | | | $44.95 | Used
- Acceptable | | | $45.37 | Used
- Acceptable | | | $46.20 | Used
- Mint | | | $48.61 | New | | | $48.62 | New | | | $48.64 | New | | | $50.62 | New | | | $50.87 | Used
- Mint | | | $50.89 | New | | | $50.91 | Used
- Mint | | | $51.10 | New | | | $54.61 This item ships for FREE with Super Saver Shipping. | New | | | $56.07 | New | | | $56.32 | Used
- Mint | | | $56.74 | New | | | $58.27 | New | | | $58.50 | New | | | $59.44 | New | | | $59.52 | Used
- Mint | | | $59.52 | New | | | $59.72 | New | | | $59.95 | New | | | $61.32 | New | | | $61.97 | New | | | $61.97 | Used
- Mint | | | $65.12 | Used
- VeryGood | | | $65.15 | Used
- Good | | | $67.06 | New | | | $68.07 | New | | | $68.07 | Used
- Mint | | | $68.82 | New | | | $72.41 | New | | | $76.06 | Used
- Mint | | | $79.24 | Used
- Mint | | | $85.38 | Used
- VeryGood | | | $86.07 | New | | | $92.51 | New | | | $92.89 | Used
- VeryGood | | | $101.45 | Used
- Mint | | | $110.23 | New | |
| New | |
| $48.61 | New | | | $48.62 | New | | | $48.64 | New | | | $50.62 | New | | | $50.89 | New | | | $51.10 | New | | | $54.61 This item ships for FREE with Super Saver Shipping. | New | | | $56.07 | New | | | $56.74 | New | | | $58.27 | New | | | $58.50 | New | | | $59.44 | New | | | $59.52 | New | | | $59.72 | New | | | $59.95 | New | | | $61.32 | New | | | $61.97 | New | | | $67.06 | New | | | $68.07 | New | | | $68.82 | New | | | $72.41 | New | | | $86.07 | New | | | $92.51 | New | | | $110.23 | New | |
| Used | |
| $44.95 | Used
- Mint | | | $44.95 | Used
- Acceptable | | | $45.37 | Used
- Acceptable | | | $46.20 | Used
- Mint | | | $50.87 | Used
- Mint | | | $50.91 | Used
- Mint | | | $56.32 | Used
- Mint | | | $59.52 | Used
- Mint | | | $61.97 | Used
- Mint | | | $65.12 | Used
- VeryGood | | | $65.15 | Used
- Good | | | $68.07 | Used
- Mint | | | $76.06 | Used
- Mint | | | $79.24 | Used
- Mint | | | $85.38 | Used
- VeryGood | | | $92.89 | Used
- VeryGood | | | $101.45 | Used
- Mint | |
| | | | Customer Reviews: | |
Average Customer Review:
 ( 12 customer reviews )
Write an online review and share your thoughts with other customers.
Most Helpful Customer Reviews
32 of 32 found the following review helpful:
 Book Review: PCI Compliance: Implementing Effective PCI Data Security StandardsAug 23, 2007
By Andrew Hay
"Devastatingly handsome security author, blogger and BBQ junkie."
When I first received this book from Syngress I was very excited. I knew nothing about PCI compliance -- other than it was big ticket item and everyone processing Visa transactions was affected in some way because of it. I can honestly say that I tore through this book and didn't put it down until I reached chapter 13. I was completely wrapped up in it as it was something I knew nothing about and wanted to know more!
Chapters 1 through 3 introduce you to the concepts behind PCI compliance including what it is and who needs to comply. These chapters really set the stage for what the rest of the book has to offer the reader.
Chapter 4 provides a technology overview of firewalls, intrusion systems, antivirus solutions, and common system default settings. Personally I felt that Chapter 4 was filler content just to add a chapter. It may, however, serve as a good reference for those in management roles who do not have "hands-on" interaction with the architecture of their environment.
Chapter 5 explains how to go about protecting your cardholder data as dictated by PCI requirements 3 & 4. This is a great chapter for anyone new to securing infrastructure to meet the requirements of a PCI audit. The authors also provide a fantastic section entitled "The Absolute Essentials" which offers suggestions on the minimum protection you can employ to protect your cardholder data.
Chapter 6 was by far my most favorite chapter and Syngress has offered it as a free download from their website. Many of you know what I do for a living and know how important understanding logging and requirements for logging is for my day-to-day duties. This chapter focuses around PCI Requirement 10 which details how you must handle the log data collected in your PCI environment. As soon as I started reading this chapter I knew that Dr. Anton Chuvakin had written this section of the book, or at least had a heavy insight into its direction. This chapter alone makes the book worth its weight in gold.
Chapter 7 details the importance of access control in your PCI environment. For obvious reasons, access to your cardholder data must be recorded and checked with a fine tooth comb. User privileges, authentication, authorization, and user education is also covered in this chapter. This chapter goes further to provide examples of ensuring your Windows, Unix/Linux, and Cisco infrastructure meet PCI requirements.
Chapter 8 explains how to leverage vulnerability management solutions to meet the requirements outlined in sections 5, 6, and 11 of the PCI requirement. The authors also provide two very good case studies to help the reader put things into perspective.
Chapter 9 focusses on the monitoring and testing of your environment. The authors are quick to point out that monitoring and testing must continue even after the audit in order to ensure you remain compliant.
Chapter 10 details how to drive your PCI project from the business side in order to ensure you accomplish your objectives. Suggestions are provided on budgeting time and resources, keeping staff in the loop, and justifying the business case to your executive team. The authors also offer a step-by-step "checklist" for ensuring your project runs smoothly and that all of your bases are covered.
Chapter 11 explains the various responsibilities within the organization for ensuring the PCI project succeeds. One of the key things to take away from this chapter is the role of the Incident Response team and its need to understand the requirements of PCI compliance.
Chapter 12 is a really good "eye-opener" that prepares you for the failure of your first audit. The key thing to take away from this is chapter is to not blame the auditor the same way you shouldn't blame a referee in sports. They're simply there to do their job to the best of their ability. If you have a problem with the way they are doing their job, bring it up with their superior. Perhaps their decision will get overturned?
Chapter 13 brings you into a "OK, now what?" phase. This chapter provides a detailed overview of the various requirements and breaks each requirement into "Policy Checks" and "Hands-on Assessments" sections. The policy checks discuss policies that should be reviewed to verify that they are up-to-date and the hands-on assessments sections give ideas on testing these policies. The beauty part is that the authors suggest open source solutions to help you protect your PCI compliant investment.
I give this book 5 stars as it is the best PCI reference I have found on the market. Everything I found in this book will allow me to understand the compliance requirements of my existing customers, their process, and their overall goals. Hats off to the entire team of authors.
11 of 12 found the following review helpful:
Great book for one of the most sensible security standards everAug 27, 2007
By Ben Rothke
"Author of 'Computer Security: 20 Things Every Employee Should Know'"
It has long been rumored that manufacturers of items such as razors and batteries specifically produce their products an inferior level in order to ensure repeat business. A similar paradox is occurring in the information security space where many are complaining that the PCI Data Security Standard (PCI DSS) is too complex and costly. What is most troubling is that such opinions are being written in periodicals and by people that should know better.
PCI came to life when Visa, MasterCard, American Express, Diner's Club, Discover, and JCB collaborated to create a new set of standards to deal with credit card fraud. PCI requires that all merchants and service providers that handle, transmit, store or process information concerning any of these cards, or related card data, be required to be compliant with the PCI DSS. If they are not compliant, they can face monetary penalties and/or have their card processing privileges terminated by the credit card issuers.
The primary purpose of PCI is to force organizations to embrace common security controls to protect credit card data and reduce fraud and theft. The following are the six primary control areas and 12 specific requirements of the PCI DSS:
Build and maintain a secure network
1. Install and maintain firewall configurations
2. Do not use vendor-supplied or default passwords
Protect cardholder data
3. Protect stored data
4. Encrypt transmissions of cardholder data across public networks
Maintain a vulnerability management program
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
Implement Strong Access Control Measures
7. Restrict access to need-to-know
8. Assign unique IDs to each person with computer access
9. Restrict physical access to cardholder data
Regularly monitor and test networks
10. Monitor and track all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an information security policy
12. Maintain a policy that addresses information security
A quick review of these 12 items shows that PCI is a textbook example of the fundamentals of information security. With that, PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance is an excellent resource that provides the reader with all of the fundamental information needed to understand and implement PCI DSS.
The books 13 chapters provide the reader with a comprehensive overview of all of the details and requirements of PCI. The first three chapters provide an overview of the basics about PCI and the basic requirements of the standard. The following six chapters go into detail about each of the primary control areas.
In particular, chapter 6 provides a good overview of the PCI logging requirements. This requirement can be time-consuming to put into place. The author notes that a commonly overlooked but essential requirement, namely that of accurate and synchronized time on network devices. Enterprise information network and security infrastructure devices are highly dependent on synchronized time and PCI recognizes that correct time is critical for transactions across a network.
In a further discussion about synchronized time in chapter 9, the author unfortunately makes an error when he states that local hardware is considered a stratum 1 time source since it gets its time from its own CMOS. From an NTP perspective, only a device that is directly linked to a stratum-0 device is called a stratum-1. CMOS clocks are notoriously inaccurate and can't be relied upon.
The title of chapter 12 is both amusing and accurate `Planning to fail your first Audit'. The irony is that so many organizations lack a CISO or formal business security program in place designed to protect corporate information assets. They don't focus on information security as a process, rather as a set of products or regulatory items to be checked-off. Yet, these same organizations are surprised when they fail an audit.
The book concludes in chapter 13 with the well-known observation that security is a process, not an event. The book astutely notes that it is impossible to be PCI compliant without approaching security as a process. Trying to achieve compliance without integrating the various aspects in an integrated fashion is bound to fail.
Overall, PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance is a great book for one of the most sensible security standards ever. Anyone who has PCI responsibilities or wants to gain a quick understanding of the PCI DSS requirements will find the book to be quite valuable.
5 of 5 found the following review helpful:
The best way to come up to speed on PCI-DSS requirementsAug 03, 2010
By M. Foster
"Mike Foster"
I read a lot of books in an attempt to grasp PCI compliance. This is my favorite PCI book and I refer to it frequently.
One of the things I noticed about other books is they, in my opinion, went into way too much detail on some of the basics, and tended to glaze over the more complicated parts.
What I enjoy so much about this book is that it covers basics in enough detail that even a beginner can understand, and it is also answers in detail the hard questions that other books left me confused.
With this book I gained at least twice as good an understanding of PCI than after reading all of those other books. If you want to understand PCI-DSS, this book is a great way to do so.
1 of 1 found the following review helpful:
ARE YOU IN COMPLIANCE???Feb 23, 2012
By John R. Vacca
"Tech Write Independent Reviewer"
Are you interested in payment security? If you are, then this book is for you! Authors Dr. Anton Chuvakin and Branden R. Williams, have done an outstanding job of writing a second edition of a book that shows you the PCI DSS requirements and helps you understand how the PCI DSS requirements fit into an organization's information security framework, and how to effectively implement information security controls, so that you can be both compliant and secure.
Authors Chuvakin and Williams, begin by explaining why PCI DSS is special and what the book is all about. In addition, the authors explain cybercrime and regulations, and briefly look at payment card fraud, cybercrime, ID theft, and other things around PCI DSS. They then give an overview of PCI DSS and why the card industry was compelled to create it. The authors then, explain the necessary steps in protecting data for PCI DSS compliance and other reasons. They continue by covering one of the most important aspects of PCI DSS compliance access control. In addition, the authors explain how to protect card data that is stored on your systems; as well as, how to protect data while it is in transit on your network. They then cover wireless security issues and wireless security controls and safeguards managed by PCI DSS. The authors then explain performing vulnerability assessments to identify weaknesses in systems and applications, and how to mitigate or remediate the vulnerabilities to protect and secure your data. Then, the authors discuss how to configure logging and event assessment to capture the information you need to be able to show and maintain PCI compliance; as well as, how to perform other security monitoring tasks. In addition, they give an overview of the steps involved and tasks necessary to implement a successful PCI compliance project. The authors then, provide an understanding of why an assessor is available to work with you to validate your compliance and help you with security. They continue by explaining how compensating controls are often talked about and misunderstood. In addition, the authors cover the details you need to keep in mind once you have achieved compliance. They then cover how PCI DSS relates to other regulatory beasts: laws, frameworks and regulations. Finally, the authors explain common, but damaging PCI myths and misconceptions; as well as, explaining the reality behind them.
The goal of this most excellent book, is to show you how to effectively implement information security controls, so that you can be both compliant and secure. Perhaps more importantly, each chapter of the book is designed to provide you the information you need to know in a way that you can easily understand and apply.
1 of 1 found the following review helpful:
Great guide to PCI DSSApr 24, 2011
By Tracy R. Reed
I bought this book a year ago, shortly after it came out and I am just now getting around to reviewing it although I have been benefiting from its guidance for the past year as I go through another PCI implementation.
This is an excellent book. One of my best tech book buys in quite some time. It answered some questions I had been wondering about for a few years as I have gone through PCI implementations just using my sysadmin security experience and common sense plus the PCI DSS requirements themselves. It covers each of the 12 PCI DSS requirements (each of which has on average another 12 sub-requirements, don't let anyone tell you that "PCI is easy, just 12 things!") in order and gives examples and shows you how they apply.
This book does not cover PCI DSS 1.2 but the differences are quite small so don't let that worry you. Everything in the book is still correct, it just doesn't address virtualization which was the major thing added in 1.2.
I have even corresponded with one of the authors, Anton Chuvakin, a couple of times and he has always been friendly and helpful. I listen to his security podcast also.
If you have a need to learn about PCI DSS I strongly recommend this book as it is the best.
See all 12 customer reviews on Amazon.com
| | |
|
