James (Jim) Seaman has been dedicated to the pursuit of security for his entire adult life. He served 22 years in the RAF Police, covering a number of specialist areas including physical security, aviation security, information security management, IT security management, cybersecurity management, security investigations, intelligence operations, and incident response and disaster recovery. He has successfully transitioned his skills to the corporate environment and now works in areas such as financial services, banking, retail, manufacturing, e-commerce, and marketing. He helps businesses enhance their cybersecurity and InfoSec defensive measures and work with various industry security standards.

Demystifies PCI DSS so you can develop an effective cybersecurity and information security (InfoSec) strategy for the protection of payment card data

Shows you how to implement an integrated defensive model that can be applied against the PCI DSS controls framework

Provides you with new insight into PCI DSS so you know how it applies to specific businesses, and how to implement and manage your compliance obligations

Chapter 1: An Evolving Regulatory Perspective

Overview of the changes that have occurred in regard to personal data regulatory compliance and the implication for PCI DSS.

· Data Privacy and PCI DSS

Chapter 2: Data the 'Life Blood' of Business

Understand the true value of data to modern digital business

Chapter 3: An Integrated Cyber/InfoSec Strategy

Demonstrates the links between various Cyber/InfoSec terms

o Information Systems & Connected Technologies

o Security Culture

§ Roles

§ Responsibilities

· Complimentary Defense Nodes

o Data Security

o Cyber Security

o Information Security

o Physical Security

o Resilience

· Knowing you enemies

o Tactics, Techniques and Protocols (TTPs)

o External Threat

o Internal Threat

Chapter 4: The Importance of Risk Management

Explains the integral importance of risk management for an effective Cyber/InfoSec Strategy

· Risk Management

1. Vulnerability Management

2. Threat Management

3. Business Impact Management

Chapter 5: Compliance Versus Risk-The Differentiator

Chapter 6: The Evolution of PCI DSS

Provides an overview of the PCI DSS evolution

Chapter 7: PCI DSS Applicability

Explains the purpose and benefits of PCI DSS

· PCI DSS Overview

1. Structure

2. Scoping

Chapter 8: An introduction to PCI DSS Controls Framework

Describes the structure and interdependencies of PCI DSS

· Six Goals

1. Fortress Design

2. Secure Silos

3. Secure Maintenance

4. Gate Keeping

5. Routine Assurance

6. People & Process

· 12 Requirements

Requirement 12: People Management

Requirement 1: Layering The Network

Requirement 2: Secure By Design/Default

Requirement 3: The Vault

Requirement 4: Secure In Motion

Requirement 5: Entry Search

Requirement 6: Build & Maintain

Requirement 7: Role Based Restrictions

Requirement 8: Logical Entry Control

Requirement 9: Physical Entry Control

Requirement 10: Detection

Requirement 11: Assurance Testing

Chapter 9: Payment Channel Attack Vectors

Provides an understanding of the potential avenues of attack, associated to a business' payment operations

· Online

· Face To Face

· Telephone-Based

· 3rd Parties

Chapter 10: Compliance-A Team Effort

Recommendations for making PCI DSS an integral component of business operations

· In house

· Outsourced

· Shared

Chapter 11: PIE FARM-A Project Managed Approach

Provides insight into a project managed approach to simplify Cyber/InfoSec strategies

Chapter 12: Proactive Defense

Provides insight into the five pillars for Proactive Defense

Chapter 13: People, People, People

Describes the benefits of enhancing the security culture.

Chapter 14: The Ripple Effect

Provides a description on why the implementation of PCI DSS causes a positive 'Ripple Effect' across business.

Chapter 15: Quick Fire Round-Your Starter For 10

The author's response to commonly asked questions

Appendices

· Useful Resources