The Definitive Guide to PCI DSS Version 4 : Documentation, Compliance, and Management / by Arthur B. Cooper Jr., Jeff Hall, David Mundhenk, Ben Rothke.

Format:

Book

Author/Creator:

Cooper Jr., Arthur B.

Contributor:

Hall, Jeff.

Mundhenk, David.

Rothke, Ben.

Language:

English

Subjects (All):

Data protection.

Data and Information Security.

Local Subjects:

Data and Information Security.

Physical Description:

1 online resource (264 pages)

Edition:

1st ed. 2023.

Place of Publication:

Berkeley, CA : Apress : Imprint: Apress, 2023.

Summary:

This book is your go-to reference on how to achieve PCI compliance. With more than 400 PCI requirements, the updated PCI Data Security Standard (PCI DSS) v4.0 does not detail the specific documentation that a PCI auditor—known as a Qualified Security Assessor (QSA)—needs to know. This book is the first reference to detail the specific documentation needed for every PCI requirement. The authors provide real-world examples of complying with the 12 main PCI requirements and clarify many of the gray areas within the PCI DSS. Any merchant or service provider that stores, processes, or transmits credit card data must comply with the PCI Data Security Standard. PCI DSS 1.0 was first published in 2004, yet many of those tasked with PCI compliance still encounter difficulties when trying to make sense of it. PCI DSS version 4 was published in March 2022, and at 360 pages, it has numerous additional requirements, leaving many people struggling to know what they need to doto comply. PCI DSS v4.0 has a transition period in which PCI DSS version 3.2.1 will remain active for two years from the v4.0 publication date. Although the transition period ends on March 31, 2024, and may seem far away, those tasked with PCI compliance will need every bit of the time to acquaint themselves with the many news updates, templates, forms, and more, that PCI v4.0 brings to their world. You will: Know what it takes to be PCI compliant Understand and implement what is in the PCI DSS Get rid of cardholder data Have everything you need to know about segmenting your cardholder data network Know what documentation is needed for your PCI compliance efforts Leverage real-world experience to assist PCI compliance work.

Contents:

Chapter 1. A Brief History of PCI

Chapter 2. Install and Maintain Network Controls

Chapter 3. Apply Secure Configurations to all System Components- Chapter 4. Protect Stored Account Data

Chapter 5. Protect Cardholder Data with Strong Cryptography During Transmission Over Open, Public Networks

Chapter 6. Protect All Systems and Networks from Malicious Software

Chapter 7. Develop and Maintain Secure Systems and Software

Chapter 8. Restrict Access to System Components and Cardholder Data by Business Need to Know

Chapter 9. Identify Users and Authenticate Access to System Components

Chapter 10. Restrict Physical Access to Cardholder Data

Chapter 11. Log and Monitor All Access to System Components and Cardholder Data

Chapter 12. Test Security of Systems and Networks Regularly

Chapter 13. Support Information Security with Organizational Policies and Programs

Chapter 14. How To Read a Service Provider Attestation of Compliance

Chapter 15. Segmentation and tokenization

Chapter 16. The Customized Approach, Compensating Controls, and the Targeted Risk Analysis.

Notes:

Includes index.

ISBN:

9781484292884

148429288X

OCLC:

1381095762