Book Offers Merchants a Practical Guide to PCI DSS Compliance

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

<p><strong>Ely, England &mdash; April 10</strong><br />Achieving compliance with the Payment Card Industry Data Security Standard (PCI DSS) is a priority issue for all merchants accepting credit and debit cards. To help project managers, executives and security officers tasked with delivering compliance, IT Governance has launched <em>PCI DSS: A Practical Guide to Implementation</em>, which offers focused advice on how to build and maintain a sustainable PCI DSS compliance program.<br /> <br />The PCI DSS must be met by all merchants that accept credit and debit cards issued by the major credit card companies. It is a contractual obligation applied and enforced directly by the payment providers, and a failure by a merchant to comply can result in fines, restrictions and significant brand damage.<br /> <br />The standard requires merchants and member service providers to adopt a number of specific measures to ensure data security. These include building and maintaining a secure IT network, protecting cardholder data and maintaining a vulnerability management program and information security policy. </p><p>As described on the IT Governance Web site, the standard&rsquo;s compliance requirements are ranked in four levels, and the level of compliance required of a merchant is based upon the volume of payment card transactions it processes annually. <br /> <br /><em>PCI DSS: A Practical Guide to Implementation </em>is intended as a complementary resource for those responsible for PCI DSS compliance, helping the reader to interpret and utilize other publicly available information about the standard. Over 184 pages, it provides a helpful nine-step program for creating a compliance regime and discusses the relationship of PCI DSS to ISO27001, the international best practice standard for information security management. </p><p>Topics addressed include project initiation, gap analysis, auditing, and maintaining and demonstrating compliance. Also provided in the appendices are a project checklist, project plan and details of recommended further reading.<br /> <br /><em>PCI DSS: A Practical Guide to Implementation </em>is written by Steve Wright, a consultant and lecturer with extensive experience in the design and implementation of security architecture and information security governance frameworks, including PCI DSS. Wright has successfully executed information security projects for several U.K. government agencies and has completed many consulting engagements for global corporations in sectors including business process outsourcing, manufacturing, telecom, IT and health care. He manages a successful security management practice and is active as a lecturer and trainer on information risk management and many British Computer Society ISEB courses.<br /> <br />Alan Calder, chief executive of IT Governance, commented, &ldquo;Building a PCI DSS program from scratch can be a daunting task. This new book helps those with direct responsibility to accelerate their learning and chart the most direct course to sustainable compliance.&rdquo; <br /> <br /><em>PCI DSS: A Practical Guide to Implementation</em> is available in hard copy (ISBN 978-1-905356-45-4) or e-book format (ISBN 978-1-905356-46-1). <br /></p>

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone


Posted in Archive|