Chapter 1:  An Evolving Regulatory Perspective

Overview of the changes that have occurred in regard to personal data regulatory compliance and the implication for PCI DSS.

·         Data Privacy and PCI DSS

Chapter 2:  Data the ‘Life Blood’ of Business

Understand the true value of data to modern digital business

Chapter 3:  An Integrated Cyber/InfoSec Strategy

Demonstrates the links between various Cyber/InfoSec terms

o   Information Systems & Connected Technologies

o   Security Culture

§  Roles

§  Responsibilities

·         Complimentary Defense Nodes

o   Data Security

o   Cyber Security

o   Information Security

o   Physical Security

o   Resilience

·         Knowing you enemies

o   Tactics, Techniques and Protocols (TTPs)

o   External Threat

o   Internal Threat

Chapter 4:  The Importance of Risk Management

Explains the integral importance of risk management for an effective Cyber/InfoSec Strategy

·         Risk Management

1.       Vulnerability Management

2.       Threat Management

3.       Business Impact Management

Chapter 5:  Compliance Versus Risk—The Differentiator

Chapter 6: The Evolution of PCI DSS

Provides an overview of the PCI DSS evolution

Chapter 7:  PCI DSS Applicability

Explains the purpose and benefits of PCI DSS

·         PCI DSS Overview

1.       Structure

2.       Scoping

Chapter 8:  An introduction to PCI DSS Controls Framework

Describes the structure and interdependencies of PCI DSS

·         Six Goals

1.       Fortress Design

2.       Secure Silos

3.       Secure Maintenance

4.       Gate Keeping

5.       Routine Assurance

6.       People & Process

·         12 Requirements

Requirement 12:  People Management

Requirement 1:  Layering The Network

Requirement 2:  Secure By Design/Default

Requirement 3:  The Vault

Requirement 4:  Secure In Motion

Requirement 5:  Entry Search

Requirement 6:  Build & Maintain

Requirement 7:  Role Based Restrictions

Requirement 8:  Logical Entry Control

Requirement 9:  Physical Entry Control

Requirement 10:  Detection

Requirement 11:  Assurance Testing

Chapter 9:  Payment Channel Attack Vectors

Provides an understanding of the potential avenues of attack, associated to a business’ payment operations

·         Online

·         Face To Face

·         Telephone-Based

·         3^rd Parties

Chapter 10:  Compliance—A Team Effort

Recommendations for making PCI DSS an integral component of business operations

·         In house

·         Outsourced

·         Shared

Chapter 11:  PIE FARM—A Project Managed Approach

Provides insight into a project managed approach to simplify Cyber/InfoSec strategies

Chapter 12:  Proactive Defense

Provides insight into the five pillars for Proactive Defense

Chapter 13:  People, People, People

Describes the benefits of enhancing the security culture.

Chapter 14:  The Ripple Effect 

Provides a description on why the implementation of PCI DSS causes a positive ‘Ripple Effect’ across business.

Chapter 15: Quick Fire Round—Your Starter For 10

The author’s response to commonly asked questions

Appendices

·         Useful Resources

James (Jim) Seaman has been dedicated to the pursuit of security for his entire adult life. He served 22 years in the RAF Police, covering a number of specialist areas including physical security, aviation security, information security management, IT security management, cybersecurity management, security investigations, intelligence operations, and incident response and disaster recovery. He has successfully transitioned his skills to the corporate environment and now works in areas such as financial services, banking, retail, manufacturing, e-commerce, and marketing. He helps businesses enhance their cybersecurity and InfoSec defensive measures and work with various industry security standards.

Gain a broad understanding of how PCI DSS is structured and obtain a high-level view of the contents and context of each of the 12 top-level requirements. The guidance provided in this book will help you effectively apply PCI DSS in your business environments, enhance your payment card defensive posture, and reduce the opportunities for criminals to compromise your network or steal sensitive data assets. 

Businesses are seeing an increased volume of data breaches, where an opportunist attacker from outside the business or a disaffected employee successfully exploits poor company practices. Rather than being a regurgitation of the PCI DSS controls, this book aims to help you balance the needs of running your business with the value of implementing PCI DSS for the protection of consumer payment card data.

Applying lessons learned from history, military experiences (including multiple deployments into hostile areas), numerous PCI QSA assignments, and corporate cybersecurity and InfoSec roles, author Jim Seaman helps you understand the complexities of the payment card industry data security standard as you protect cardholder data. You will learn how to align the standard with your business IT systems or operations that store, process, and/or transmit sensitive data. This book will help you develop a business cybersecurity and InfoSec strategy through the correct interpretation, implementation, and maintenance of PCI DSS.

You will:

• Be aware of recent data privacy regulatory changes and the release of PCI DSS v4.0
• Improve the defense of consumer payment card data to safeguard the reputation of your business and make it more difficult for criminals to breach security
• Be familiar with the goals and requirements related to the structure and interdependencies of PCI DSS
• Know the potential avenues of attack associated with business payment operations
• Make PCI DSS an integral component of your business operations
• Understand the benefits of enhancing your security culture
• See how the implementation of PCI DSS causes a positive ripple effect across your business