Preface

Chapter 1. Introduction

Chapter 2. What it takes to be PCI compliant

Chapter 3. Getting rid of cardholder data

Chapter 4. Brief overview of PCI version 4

Chapter 5. Everything you need to know about segmenting your cardholder data network

Chapter 6. PCI requirement 1 - Install and Maintain Network Security Controls

Chapter 7. PCI requirement 2 - Apply Secure Configurations to All System Components

Chapter 8. PCI requirement 3 - Protect Stored Account Data

Chapter 9. PCI requirement 4 - Protect Cardholder Data with Strong Cryptography During Transmission Over Open, Public Networks  

Chapter 10. PCI requirement 5 - Protect All Systems and Networks from Malicious Software

Chapter 11. PCI requirement 6 - Develop and Maintain Secure Systems and Software

Chapter 12. PCI requirement 7 - Restrict Access to System Components and Cardholder Data by Business Need to Know

Chapter 13. PCI requirement 8 - Identify Users and Authenticate Access to System Components

Chapter 14. PCI requirement 9 - Restrict Physical Access to Cardholder Data

Chapter 15. PCI requirement 10 - Log and Monitor All Access to System Components and Cardholder Data

Chapter 16. PCI requirement 11 - Test Security of Systems and Networks Regularly

Chapter 18. Closing thoughts

Arthur B. Cooper Jr. ("Coop") is Principal Security Consultant at TrustedSec. He has 44 years of experience in information technology with the last 17 years focused on the security of payment systems and architectures, ecommerce, payment application assessments, forensic investigations, compliance security assessments, development of secure network architectures, risk management programs, security governance initiatives, and regulatory compliance. Coop was a member of the US Air Force for most of his young adult life and had direct experience with the original ARPANET and ARPANET 1822 Protocols. He was directly involved with the original DoD X.25 networks, the Defense Data Network (DDN), and the Automatic Digital Information Network (AUTODIN). He was directly involved with the original BBN Packet Switch Node (PSN) systems and has witnessed every major information technology “leap” or development since that time.

Jeff Hall is Principal Security Consultant at Truvantis, Inc. He has over 30 years of technology and compliance project experience. Jeff has done a significant amount of work with financial institutions, and the health care, manufacturing, and distribution industries, including security assessments, strategic technology planning, and application implementation. He is part of the PCI Dream Team and is the writer of the PCI Guru blog, the definitive source for PCI DSS information.

David Mundhenk is Principal Security Consultant at the eDelta Consulting, as an information security, governance, risk, and compliance consultant with extensive multi-organizational experience providing a myriad of professional security services to business and government entities worldwide. He has worked as a computer and network system security professional for more than 30 years. David’s experience covers a broad spectrum of security disciplines, including security compliance assessments, security product quality assurance, vulnerability scanning, penetration testing, application security assessments, network and host intrusion detection/prevention, disaster and recovery planning, protocol analysis, formal security training instruction, and social engineering. He has successfully completed 200+ PCI DSS assessments and scores of PADSS assessments. Certifications include CISSP, CISA, QSA, PCIP.

Ben Rothke, CISSP, CISM, CISA is a New York city-based Senior Information Security Manager with Tapad and has over 20 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, design and implementation of systems security, encryption, cryptography, and security policy development. Ben is the author of the book Computer Security - 20 Things Every Employee Should Know, and writes security and privacy book reviews for the RSA Conference blog and Security Management. He is a frequent speaker at industry conferences, such as RSA and MISTI, is a member of ASIS, and InfraGard, and holds many security certifications, besides being an ISO 27001 lead auditor.