Contents – PCI DSS: A Practical Guide to implementing and maintaining compliance, Third Edition

CONTENTS

BACKGROUND

What is PCI?

Why PCI?

How does PCI compliance work?

Getting started with PCI

A prioritised approach to compliance

The approach of this book

CHAPTER 1: STEP 1 – ESTABLISHING THE PCI PROJECT

What is the project initiation workshop objective?

What are the workshop deliverables?

CHAPTER 2: STEP 2 – DETERMINE THE SCOPE

Scoping the PCI target environment

The approach used to determine the exact scope

CHAPTER 3: STEP 3 – REVIEW THE INFORMATION SECURITY POLICY

CHAPTER 4: STEP 4 – CONDUCT GAP ANALYSIS

Gap analysis objectives

Gap analysis approach

PCI gap analysis reporting and security improvement plan

CHAPTER 5: STEP 5 – CONDUCT RISK ANALYSIS

The goal of the risk management process

The benefits of risk management

The elements of the risk management process

CHAPTER 6: STEP 6 – ESTABLISH THE BASELINE

Build and maintain a secure network

Protect cardholder data

Maintain a vulnerability management programme

Implement strong access control measures

Regularly monitor and test networks

Maintain an information security policy

CHAPTER 7: STEP 7 – AUDITING

Initiation of the audit (objectives and scope)

Auditor preparation

Conduct the audit

Report the findings

Agree follow-up action and clearance of any findings

CHAPTER 8: STEP 8 – REMEDIATION PLANNING

CHAPTER 9: STEP 9 – MAINTAINING AND DEMONSTRATING COMPLIANCE

Validation requirements

How to meet these requirements

Using log management information for PCI compliance

Regular monitoring and testing

Arriving where you want to be: PCI compliant

Demonstrating compliance – ROC

CHAPTER 10: PCI DSS AND ISO27001

PCI and ISO27001 – the comparisons

APPENDIX 1 – PROJECT CHECKLIST

APPENDIX 2 – PCI DSS PROJECT PLAN

APPENDIX 3 – BIBLIOGRAPHY AND SOURCES

APPENDIX 4 – FURTHER USEFUL INFORMATION

APPENDIX 5 – PCI DSS MAPPING TO ISO27001

ITG Resources