PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance is now out in its 3rd edition. My review of the 2nd edition is here.
While much of PCI has pretty much stayed the same; in the two years since the 2nd edition came out, the PCI DSS standard itself has moved from version 1.2 to 2.0.
Like the other editions of the book, it provides a comprehensive and clear explanation of the 12 core PCI requires, with an emphasis on the updates to v2.0.
Rather than simply rehash the details of the PCI DSS, the authors bring their real-world experience to the book and much of the benefits can be gleaned through their practical scenarios and advice for compliance. Numerous case studies take the abstract concepts and make them more understandable.
The 3rd-edtion also provides advice on how to manage a PCI assessment project, dealing with QSA’s, compensating controls, and emerging technology and alternate payment schemes.
The book concludes with a chapter on 8 myths and misconceptions of PCI DSS. Of particular interest in myth #5 PCI is all we need for security and myth #6 PCI DSS is really easy.
For those looking to get an understand of what they need to do in order to become PCI compliant,PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance is certainly a great reference to use.