PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance

Posted on by Ben Rothke

This review of PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance originally appeared in the October 2010 issue of Security Management magazine. 

Six years ago, the Payment Card Industry Security Standards Council created the Payment Card Industry Data Security Standard (PCI DSS, or PCI for short) in an effort to have card data better protected by card processors. Some high profile data breaches led to the move. The standard offers strong security practices that the council hopes will be widely adopted, though implementation is not mandatory.  

For companies wanting to adopt the protocols, PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance is a good place to start. It provides a solid overview of what the PCI standard is and why it is so important. The book covers each of the 12 main PCI standard requirements and details the specifics needed to achieve compliance. The material is quite technical in nature and primarily meant for individuals who will be involved in actual PCI work. 

Each chapter provides a comprehensive overview of a specific PCI requirement, plus highly detailed and technical guidance, followed by a case study to concretize the topic. The authors provide real-world advice regarding dos and don’ts. The book also looks at the business and people side of PCI compliance. 

Overall, PCI Compliance is a valuable book for one of the most sensible security standards ever put forth. Anyone who has PCI responsibilities or wants to gain a quick understanding of the PCI DSS requirements will find it quite valuable.

Ben Rothke

Senior Information Security Manager, Tapad

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community