This book is your go-to reference on how to achieve PCI compliance. With more than 400 PCI requirements, the updated PCI Data Security Standard (PCI DSS) v4.0 does not detail the specific documentation that a PCI auditor—known as a Qualified Security Assessor (QSA)—needs to know. This book is the first reference to detail the specific documentation needed for every PCI requirement. The authors provide real-world examples of complying with the 12 main PCI requirements and clarify many of the gray areas within the PCI DSS. Any merchant or service provider that stores, processes, or transmits credit card data must comply with the PCI Data Security Standard. PCI DSS 1.0 was first published in 2004, yet many of those tasked with PCI compliance still encounter difficulties when trying to make sense of it. PCI DSS version 4 was published in March 2022, and at 360 pages, it has numerous additional requirements, leaving many people struggling to know what they need to do to comply.PCI DSS v4.0 has a transition period in which PCI DSS version 3.2.1 will remain active for two years from the v4.0 publication date. Although the transition period ends on March 31, 2024, and may seem far away, those tasked with PCI compliance will need every bit of the time to acquaint themselves with the many news updates, templates, forms, and more, that PCI v4.0 brings to their world. What You’ll Learn Know what it takes to be PCI compliant Understand and implement what is in the PCI DSS Get rid of cardholder data Everything you need to know about segmenting your cardholder data network Know what documentation is needed for your PCI compliance efforts Leverage real-world experience to assist PCI compliance work Who This Book Is For                                                  Compliance managers and those tasked with PCI compliance, information security managers, internal auditors, chief security officers, chief technology officers, and chief information officers. Readers should have a basic understanding of how credit card payment networks operate, in addition to basic security concepts. 

As a CISO, my job is to protect corporate information assets while ensuring security obligations are met for the business. My job is to ensure shareholders, investors, employees, our customers and their interests are protected. My job is to provide the appropriate level of security for data and data transactions in preventing, detecting and responding to breaches. Regulations have brought information security issues to the forefront expanding funding for technologies, staffing and training. More and more we see exposure of data and leakage of sensitive information. Do corporate boards and the C-Level management staff really understand what it takes to secure customer information? Are they more concerned with perceptions than resolving issues? Being a security professional is a formidable career choice. Security professionals do in fact live by a code of ethics, an ethos that demands we do what is right. To do it right you must take an oath of allegiance to your craft that is not welcome in the corporate world that ultimately employs you. The very credentials that make you marketable are, in the end, the very thing that can put you in the job market, again, and again. Taking ethical stands to live up to the code of the CISSP and the CISM takes courage, tenacity, thick skin and the willingness to walk away from an employer. What do you do when placed in a potentially compromising position? What do you do when ethical behavior, integrity, corporate due diligence and attorney client privilege collide in a cacophony of opinion and negligence? How do you survive when you find yourself in the absolute middle of this vortex? These are true stories of sex, threats of physical harm, impersonation, legal quandaries, embezzlement and lying. How do you keep your job and maintain personal and professional integrity? Should someone go to jail? Do you violate your own ethical canons to protect yourself? Are you wanted for conspiracy for trying to commit security?

Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product. Securing corporate resources and data in the workplace is everyone's responsibility. Corporate IT security strategies are only as good as the employee's awareness of his or her role in maintaining that strategy. This book presents the risks, responsibilities, and liabilities (known and unknown) of which every employee should be aware, as well as simple protective steps to keep corporate data and systems secure. Inside this easy-to-follow guide, you'll find 20 lessons you can use to ensure that you are doing your part to protect corporate systems and privileged data. The topics covered include: Phishing and spyware Identity theft Workplace access Passwords Viruses and malware Remote access E-mail Web surfing and Internet use Instant messaging Personal firewalls and patches Hand-held devices Data backup Management of sensitive information Social engineering tactics Use of corporate resources Ben Rothke, CISSP, CISM, is a New York City-based senior security consultant with ThruPoint, Inc. He has more than 15 years of industry experience in the area of information systems security and privacy.