This review of PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance originally appeared in the October 2010 issue of Security Management magazine.
Six years ago, the Payment Card Industry Security Standards Council created the Payment Card Industry Data Security Standard (PCI DSS, or PCI for short) in an effort to have card data better protected by card processors. Some high profile data breaches led to the move. The standard offers strong security practices that the council hopes will be widely adopted, though implementation is not mandatory.
For companies wanting to adopt the protocols, PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance is a good place to start. It provides a solid overview of what the PCI standard is and why it is so important. The book covers each of the 12 main PCI standard requirements and details the specifics needed to achieve compliance. The material is quite technical in nature and primarily meant for individuals who will be involved in actual PCI work.
Each chapter provides a comprehensive overview of a specific PCI requirement, plus highly detailed and technical guidance, followed by a case study to concretize the topic. The authors provide real-world advice regarding dos and don’ts. The book also looks at the business and people side of PCI compliance.
Overall, PCI Compliance is a valuable book for one of the most sensible security standards ever put forth. Anyone who has PCI responsibilities or wants to gain a quick understanding of the PCI DSS requirements will find it quite valuable.