PCI DSS : an integrated data security standard guide /

Gain a broad understanding of how PCI DSS is structured and obtain a high-level view of the contents and context of each of the 12 top-level requirements. The guidance provided in this book will help you effectively apply PCI DSS in your business environments, enhance your payment card defensive pos...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Seaman, Jim
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Berkeley, CA : Apress, 2020.
Temas:
Computer security.
Computer Security
Sécurité informatique.
Computer security
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Intro
  • Table of Contents
  • About the Author
  • About the Technical Reviewer
  • Introduction
  • A Tribute To
  • Chapter 1: An Evolving Regulatory Perspective
  • Introduction
  • Revolution or Evolution?
  • Europe
  • Canada
  • United States
  • Australia
  • China
  • Japan
  • Argentina
  • Malaysia
  • Brazil
  • India
  • Financial Services
  • Data Privacy Hierarchy
  • PCI DSS Validation Requirements
  • Recommendations
  • Behaviors
  • Leadership
  • Consent or Legitimate Use
  • Conclusion
  • Key Takeaways
  • Risks
  • Chapter 2: The Evolution of PCI DSS
  • Associated Costs (Non-compliance/Data Breach)
  • Introduction
  • PCI DSS Controls Framework Architecture
  • Primary (Core) Ring
  • Secondary Ring
  • Tertiary Ring
  • Quaternary Ring
  • Quinary Ring
  • Senary (Outer) Ring
  • Historic References
  • Build and Maintain a Secure Network
  • Protect Cardholder Data
  • Maintain a Vulnerability Management Program
  • Implement Strong Access Control Measures
  • Regularly Monitor and Test Networks
  • Maintain an Information Security Policy
  • Reality Bites
  • Recommendations
  • Conclusion
  • Key Takeaways
  • Risks
  • Chapter 3: Data Life Support System
  • Introduction
  • Concept
  • Lessons Learned
  • Layered Defenses
  • 24/7 Monitoring
  • Physical Security
  • Incident Response
  • Blood Life-Cycle Management
  • Recommendations
  • Conclusion
  • Key Takeaways
  • Risks
  • Chapter 4: An Integrated Cyber/InfoSec Strategy
  • Introduction
  • Components of an Effective Strategy
  • Data Privacy
  • Cyber Security
  • External Attack Surface Reconnaissance
  • Information Gathering
  • PCI DSS Applicable Controls
  • External Technologies
  • Information Security
  • Physical Security
  • Resilience
  • What Is Resilience?
  • Recommendations
  • Conclusion
  • Key Takeaways
  • Risks
  • Chapter 5: The Importance of Risk Management
  • Introduction
  • What Is a Risk Assessment?
  • Background
  • Scenario Development
  • Think Like an Attacker
  • Risk Scenarios
  • Risk Assessment Process
  • Reality Bites
  • Recommendations
  • Conclusion
  • Key Takeaways
  • Risks
  • Chapter 6: Risk Management vs. Compliance
  • The Differentiator
  • Introduction
  • PCI DSS Is Not a Legal Requirement ...
  • ... But Should Be a Business Requirement?
  • Concept
  • How Is This Achieved?
  • Qualitative vs. Quantitative Risk Assessment
  • Qualitative Risk Assessments
  • Quantitative Risk Assessments
  • Risk Appetite/Tolerance
  • Case Studies
  • Case Study 1: Telephone-Based Payments Risk Balance Case
  • Case Study 2: Enhanced PCI DSS Program Through Integration into Enterprise Risk Management (ERM)
  • Reality Bites
  • Recommendations
  • Conclusion
  • Key Takeaways
  • Risks
  • Chapter 7: PCI DSS Applicability
  • PCI DSS Overview
  • Introduction
  • The Precious Cargo
  • Structure of a Payment Card
  • Precious Cargo Categories
  • Front of Payment Card Breakdown
  • Rear of Payment Card Breakdown
  • Personal Identification Number (PIN)/PIN Blocks
  • CHD Storage

Ejemplares similares