PCI DSS: An Integrated Data Security Standard Guide - Tapa blanda

Sinopsis

Chapter 1:  An Evolving Regulatory Perspective

Overview of the changes that have occurred in regard to personal data regulatory compliance and the implication for PCI DSS.

·         Data Privacy and PCI DSS

 

Chapter 2:  Data the 'Life Blood' of Business

Understand the true value of data to modern digital business

Chapter 3:  An Integrated Cyber/InfoSec Strategy

Demonstrates the links between various Cyber/InfoSec terms

·         Synchronized Defenses:

o   Information Systems & Connected Technologies

o   Security Culture

§  Roles

§  Responsibilities

·         Complimentary Defense Nodes

o   Data Security

o   Cyber Security

o   Information Security

o   Physical Security

o   Resilience

·         Knowing you enemies

o   Tactics, Techniques and Protocols (TTPs)

o   External Threat

o   Internal Threat

Chapter 4:  The Importance of Risk Management

Explains the integral importance of risk management for an effective Cyber/InfoSec Strategy

·         Risk Management

1.       Vulnerability Management

2.       Threat Management

3.       Business Impact Management

 

Chapter 5:  Compliance Versus Risk-The Differentiator

Chapter 6: The Evolution of PCI DSS

Provides an overview of the PCI DSS evolution

Chapter 7:  PCI DSS Applicability

Explains the purpose and benefits of PCI DSS

·         PCI DSS Overview

1.       Structure

2.       Scoping

 

Chapter 8:  An introduction to PCI DSS Controls Framework

Describes the structure and interdependencies of PCI DSS

·         Six Goals

1.       Fortress Design

2.       Secure Silos

3.       Secure Maintenance

4.       Gate Keeping

5.       Routine Assurance

6.       People & Process

·         12 Requirements

Requirement 12:  People Management

Requirement 1:  Layering The Network

Requirement 2:  Secure By Design/Default

Requirement 3:  The Vault

Requirement 4:  Secure In Motion

Requirement 5:  Entry Search

Requirement 6:  Build & Maintain

Requirement 7:  Role Based Restrictions

Requirement 8:  Logical Entry Control

Requirement 9:  Physical Entry Control

Requirement 10:  Detection

Requirement 11:  Assurance Testing

Chapter 9:  Payment Channel Attack Vectors

Provides an understanding of the potential avenues of attack, associated to a business' payment operations

·         Online

·         Face To Face

·         Telephone-Based

·         3^rd Parties

 

"Sinopsis" puede pertenecer a otra edición de este libro.