Implementing the demanding security requirements of the Payment Card Industry Data Security Standard (PCI DSS) is a concern not only for business managers and IT professionals, but also for non-technical directors, managers and staff. New guidance from global IT association ISACA simplifies the process, with a template implementation plan, example self-assessment and an audit/assurance program.
- Concise summaries of PCI DSS requirements
- Consolidated information from numerous PCI DSS publications
- Background advice on challenging requirements
- Techniques to scope and implement the requirements
- PCI DSS requirements mapped to COBIT 5 processes and ISO/IEC 270012 controls
- Risk scenarios
- Detailed explanation of how to design a professional audit/assurance plan
Payment card fraud is an ongoing but changing risk, impacting consumer, merchant and banking institutions, and generating substantial financial loss. PCI DSS is intended to undermine criminal activity through changes in payment card encryption, with corresponding updates in POS technology. A Practical Guide to PCI DSS provides explanation for the necessity of updated security standards along with methods of implementation.
“Though fraudsters will always be out there attempting to hack any and every security measure intended to protect financial stakeholders, PCI DSS helps significantly reduce the risks involved,” said David Lacey, the book’s author. “This guide assists with technical compliance, policy development and ensuring a compliance-aware culture.”
More than half a billion records with sensitive information have been compromised by data breaches, including incidents at notable retail establishments such as TJ Maxx, Target and Home Depot. The popularity of paying products and services via a payment card is only going to increase. ISACA’s reference guide is designed to help improve security, alignment with business strategy, efficiency, clarity and cost-savings.
A Practical Guide to PCI DSS is available at www.isaca.org/pci-dss.
ISACA (isaca.org) helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and world-class knowledge, standards, networking, credentialing and career development. Established in 1969, ISACA is a global nonprofit association of 140,000 professionals in 180 countries. ISACA also offers Cybersecurity Nexus (CSX), a holistic cybersecurity resource, and COBIT, a business framework to govern enterprise technology.
LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial