Download: Member US $35 | Non-Member US 60
Purchase in Book Format: Member US $35 | Non-Member US $60
Provide feedback on this document
Visit the PCI DSS Knowledge Center community
View News Release
Free Download: ICQ: Is Your PCI DSS Compliance Program Working Correctly? (Registration Required)
Free Download: PCI DSS and COBIT 5 Processes Mapping Table (Registration Required)
ICQ and Audit/Assurance Program for PCI DSS Compliance Program
A Practical Guide to the Payment Card Industry Data Security Standard (PCI DSS) explains the security requirements, processes and technologies that are required to implement the Payment Card Industry Data Security Standard (PCI DSS), which is a compliance requirement for all enterprises that process, store, transmit or access cardholder information for any of the major payment brands, such as American Express®, Discover®, JCB, MasterCard® and VISA® brands.
The guide provides a comprehensive overview of the PCI DSS and explains how to implement its demanding security requirements. The guide also contains a wealth of background information about payment cards and the nature of payment card fraud. The content in this guide goes beyond other sources of information about the PCI DSS by providing the following valued information::
- Concise summaries of PCI DSS requirements (published in the Payment Card Industry (PCI) Data Security Standard Requirements and Security Assessment Procedures, Version 3.1)
- Consolidated information from numerous PCI DSS publications
- Background advice on challenging requirements
- Techniques that are required to scope and implement the requirements
- PCI DSS requirements mapped to COBIT 5 processes and International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001/2 controls
- Detailed explanation of how to design a professional audit/assurance plan
The guide has been written in plain language to enable non-technical directors, managers and staff in retail enterprises, financial organizations and IT service functions to easily find, understand and use the information.
The primary audience is operational stakeholders (security managers, IT managers, business managers and IT auditors) who are responsible for developing, implementing, operating, managing or reviewing the controls, technology and processes that are required to meet and formally comply with the PCI DSS. However, governance stakeholders (finance directors, C-suite executives and the board of directors) who are accountable for development of the governance framework that ensures that PCI DSS compliance is part of business as usual will find this guide very useful.