Verfügbarkeit: PCI compliance

PCI compliance: implementing effective PCI data security standards

Gespeichert in:

Bibliographische Detailangaben
Format:	Buch
Sprache:	English
Veröffentlicht:	Burlington, Mass. Syngress 2007
Schlagworte:	Cartes de crédit Protection de l'information (Informatique) - Normes Réseaux d'ordinateurs - Sécurité - Mesures Data protection > Standards Computer networks > Security measures Credit cards Liability for credit information Chipkarte Datensicherung
Online-Zugang:	Publisher description Inhaltsverzeichnis
Beschreibung:	Includes index.
Beschreibung:	xxii, 329 p. ill. 24 cm
ISBN:	1597491659 9781597491655

Internformat

MARC


LEADER	00000nam a2200000zc 4500
001	BV023092147
003	DE-604
005	20140217
007	t
008	080122s2007 xxua\|\|\| \|\|\|\| 00\|\|\| eng d
010			\|a 2007298374
020			\|a 1597491659 \|c pbk. \|9 1-59749-165-9
020			\|a 9781597491655 \|9 978-1-59749-165-5
035			\|a (OCoLC)144227882
035			\|a (DE-599)BVBBV023092147
040			\|a DE-604 \|b ger \|e aacr
041	0		\|a eng
044			\|a xxu \|c US
049			\|a DE-11
050		0	\|a QA76.9.A25
082	0		\|a 005.80218
084			\|a ST 185 \|0 (DE-625)143606: \|2 rvk
245	1	0	\|a PCI compliance \|b implementing effective PCI data security standards \|c Tony Bradley, technical ed. ...
264		1	\|a Burlington, Mass. \|b Syngress \|c 2007
300			\|a xxii, 329 p. \|b ill. \|c 24 cm
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
500			\|a Includes index.
650		4	\|a Cartes de crédit
650		4	\|a Protection de l'information (Informatique) - Normes
650		4	\|a Réseaux d'ordinateurs - Sécurité - Mesures
650		4	\|a Data protection \|x Standards
650		4	\|a Computer networks \|x Security measures
650		4	\|a Credit cards
650		4	\|a Liability for credit information
650	0	7	\|a Chipkarte \|0 (DE-588)4147723-6 \|2 gnd \|9 rswk-swf
650	0	7	\|a Datensicherung \|0 (DE-588)4011144-1 \|2 gnd \|9 rswk-swf
689	0	0	\|a Chipkarte \|0 (DE-588)4147723-6 \|D s
689	0	1	\|a Datensicherung \|0 (DE-588)4011144-1 \|D s
689	0		\|5 DE-604
700	1		\|a Bradley, Tony \|e Sonstige \|4 oth
856	4		\|u http://www.loc.gov/catdir/enhancements/fy0738/2007298374-d.html \|3 Publisher description
856	4	2	\|m Digitalisierung UB Regensburg \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=016295000&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
999			\|a oai:aleph.bib-bvb.de:BVB01-016295000

Datensatz im Suchindex

_version_	1804137345585250304
adam_text	Contents Chapter 1 About PCI and This Book ..................1 Introduction .....................................2 Who Should Read This Book? ....................2 Organization of the Book ........................3 Solutions In This Chapter ......................3 Summary ..................................3 Solutions Fast Track ..........................3 Frequently Asked Questions ....................4 Chapter Descriptions ...........................4 Chapter 2 Introduction to Fraud, ID Theft, and Regulatory Mandates ....................7 Chapter 3 Why PCI Is Important ....................11 Introduction ....................................12 What is PCI? ...................................12 Who Must Comply With the PCI? ................12 Dates to Remember ...........................16 Compliance Process ...........................17 Roots of PCI ................................20 More about PCI Co ...........................21 Approved Assessor and Scanner Companies ..........22 Qualified Security Assessors ......................23 Overview of PCI Requirements .....................23 Risks and Consequences ...........................26 Benefits of Compliance ............................28 Summary ......................................29 Solutions Fast Track ..............................29 Frequently Asked Questions ........................31 Chapter 4 Building & Maintaining a Secure Network ... 33 Introduction ....................................34 Installing and Maintaining a Firewall Configuration .......35 Firewall Overview .............................35 Packet-filtering Firewalls ......................35 Proxy Firewalls .............................36 xi xii Contents Stateful Inspection Firewalls ...................38 Firewall Architectures ..........................39 Dual-Homed Host.......................... 39 Screened Host .............................40 Screened Subnet ............................41 Dual Firewall Configuration ...................42 PCI DSS Requirements ........................43 Establish Firewall Configuration Standards .........43 Build Secure Firewall Configurations .............45 Choosing an Intrusion Detection or Intrusion Prevention System ......................48 Intrusion Detection Systems .....................49 Intrusion Prevention Systems .....................52 Antivirus Solutions ...............................53 Gateway Protection ............................53 Desktop and Server Protection ...................53 System Defaults and Other Security Parameters ..........54 Default Passwords .............................55 SNMP Defaults ...............................56 Delete Unnecessary Accounts ....................56 Wireless Considerations .........................57 Develop Configuration Standards ..................58 Implement Single Purpose Servers ..............59 Configure System Security Parameters ............59 Disable and Remove Unnecessary Services, Protocols and Functionality .............60 Encrypt Non-console Administrative Access ........60 Hosting Providers Must Protect Hosted Environment 61 Summary ......................................62 Solutions Fast Track ..............................63 Frequently Asked Questions ........................65 Chapter 5 Protect Cardholder Data ..................67 Protecting Cardholder Data .........................68 The CIA Triad ...............................68 PCI Requirement 3: Protect Stored Cardholder Data ......69 Encryption Methods for Data at Rest ..............69 File- or Folder-level Encryption ................70 Contents xiii Full Disk Encryption ........................71 Implications ...............................72 Database (Column-level) Encryption .............73 Overview .................................75 Other Encryption Method Considerations .........75 PCI Requirement 4— Encrypt Transmission of Cardholder Data Across Open, Public Networks .........76 Requirement 4.1— Cryptography and Protocols .......76 SSL/TLS .................................77 Securing Wireless Networks Transmitting Cardholder Data ..................78 Defining WiFi .............................79 Using Compensating Controls .......................80 Compensating Controls for Requirement 3.4.........81 Provide Additional Segmentation/ Abstraction (e.g., at the Network Layer) ..........82 Provide Ability to Restrict Access to Cardholder Data or Databases ..........82 Restrict Logical Access to the Database ...........83 Prevent/Detect Common Application or Database Attacks ................84 Overview .................................84 Mapping Out a Strategy ...........................85 Step 1— Identify and Classify Information ...........85 Step 2— Identify Where the Sensitive Data is Located . . .86 Step 3— Determine Who and What Needs Access .....86 Step 4— Develop Policies Based On What You Have Identified ....................86 The Absolute Essentials ............................87 Keep Cardholder Storage to a Minimum ............87 Do Not Store Sensitive Authentication Data Subsequent to Authorization .....87 Mask the PAN When Displayed ...................87 Render PAN (at Minimum) Unreadable Anywhere it is Stored .................88 Protect Encryption Keys Used for Encryption of Cardholder Data Against Both Disclosure and Misuse . . .88 xiv Contents Summary ...................................... Solutions Fast Track ..............................° Frequently Asked Questions ........................91 Chapter 6 Logging Access & Events Chapter ..........93 Introduction to Logging ..........................94 Tools and Traps ...............................96 PCI Relevance of Logs .........................97 Logging in PCI Requirement 10.....................98 Are You Owned ...........................101 Logging in PCI -All Other Requirements ............104 Tools for Logging in PCI ......................... Alerts — Used For Real-time Monitoring of In-scope Servers ................ Reports- Used for Daily Review of Pre-analyzed Data .................11° Case Studies ...................................119 Summary .....................................122 Solutions Fast Track .............................122 Frequently Asked Questions .......................123 Chapter 7 Strong Access Control ...................125 Introduction ...................................126 Principles of Access Control .......................126 Integrity ...................................126 Confidentiality ..............................127 Availability .................................127 How Much Access Should a User Should Have ......127 Authentication and Authorization ...................128 Authentication ..............................128 Multi-factor Authentication ...................129 Passwords ................................129 PCI Compliant Passwords ....................131 Educating Users ...........................131 Authorization ...............................133 PCI and Access Control ..........................134 Processes for PCI Compliance ..................135 Configuring Systems to Enforce PCI Compliance .......138 Contents xv Windows and PCI Compliance ..................140 Windows File Access Control .................140 Creating a New Group Policy Object ...........142 Enforcing a PCI Compliant Password Policy in Windows Active Directory .....142 Configuring Account Lockout in Active Directory . . 144 Setting Session Timeout and Password- protected Screen Savers in Active Directory .......145 Setting File Permissions Using GPOs ............147 Finding Inactive Accounts in Active Directory .....149 Enforcing Password Requirements in Window on Standalone Computers ..........150 Enabling Password Protected Screen Savers on Standalone Windows Computers . .152 Setting File Permissions on Standalone Windows Computers ............153 POSIX (UNIX/Linux-like Systems) Access Control . . .154 Linux Enforce Password Complexity Requirements . . .156 Cisco and PCI Requirements ...................156 CISCO Enforce Session Timeout ..............157 Encrypt Cisco Passwords .....................157 Database Access and PCI Requirements ............157 Physical Security ................................157 Visitors ....................................158 Physical Security and Media ....................159 Summary .....................................161 Solutions Fast Track .............................161 Frequently Asked Questions .......................162 Chapter 8 Vulnerability Management ...............165 Introduction ...................................166 Vulnerability Management in PCI ...................167 Requirement 5 Walkthrough .......................171 Requirement 6 Walkthrough .......................172 Requirement 11 Walkthrough ......................176 Common PCI Vulnerability Management Mistakes ......179 Case Studies ...................................180 PCI at a Retail Chain .........................180 xvi Contents PCI at an E-commerce Site .....................182 Summary .....................................183 Solutions Fast Track .............................183 Frequently Asked Questions .......................184 Chapter 9 Monitoring and Testing .................185 Introduction ...................................186 Monitoring Your PCI DSS Environment ..............186 Establishing Your Monitoring Infrastructure .........187 Time ...................................187 Identity Management .......................189 Event Management Storage ...................190 Determining What You Need to Monitor ...........192 Applications Services .......................192 Infrastructure Components ...................193 Determining How You Need to Monitor ...........195 Deciding Which Tools Will Help You Best ..........197 Auditing Network and Data Access ..................198 Searching Your Logs ...........................198 Testing Your Monitoring Systems and Processes .........199 Network Access Testing ........................199 Penetration Testing ...........................199 Intrusion Detection and Prevention ...............200 Intrusion Detection ........................200 Intrusion Prevention ........................200 Integrity Monitoring ..........................201 What are You Monitoring? ...................201 Solutions Fast Track .............................202 Frequently Asked Questions .......................203 Chapter 10 How to Plan a Project to Meet Compliance 205 Introduction ...................................206 Justifying a Business Case for Compliance .............206 Figuring Out IfYou Need to Comply .............207 Compliance Overlap .......................207 The Level of Compliance ......................209 What is the Cost for Non-compliance? ............210 Penalties for Non-compliance ................210 Bringing All the Players to the Table .................211 Contents xvii Obtaining Corporate Sponsorship ................211 Forming Your Compliance Team .................212 Roles and Responsibilities ofYourTeam .........212 Getting Results Fast ..........................213 Helping to Budget Time and Resources ...............214 Setting Expectations ..........................214 Management s Expectations ...................215 Establishing Goals and Milestones ................215 Having Status Meetings ........................217 How to Inform/Train Staff on Issues .................217 Training Your Compliance Team ..................217 Training the Company on Compliance ............218 Setting Up the Corporate Compliance Training Program .................218 Where to Start: The First Steps .....................220 The Steps ..................................220 Step 1 : Obtain Corporate Sponsorship ...........220 Step 2: Identify and Establish Your Team ..........221 Step 3: Determine your PCI Merchant Level ......221 Step 4: Complete the PCI DSS Self-assessment Questionnaire .............222 Step 5: Get an External Network Scan from an Approved Scanning Vendor .........222 Step 6: Get Validation from a Qualified Security Assessor ...................223 Step 7: Perform a Gap Analysis ................223 Step 8: Create PCI DSS Compliance Plan ........224 Step 9: Prepare for Annual Audit of Compliance Validation ...............224 Summary .....................................226 Solutions Fast Track .............................227 Frequently Asked Questions .......................229 Chapter 11 Responsibilities .......................233 Introduction ...................................234 Whose Responsibility Is It? ........................234 CEO .....................................235 xviii Contents CISO .....................................235 СЮ ......................................239 Security and System Administrators ...............239 Additional Resources ..........................239 Incident Response ..............................240 Incident Response Team .......................241 Incident Response Plan ........................241 Forensics ...................................242 Notification ................................244 Liabilities ..................................245 Business Continuity .............................246 Summary .....................................247 Frequently Asked Questions .......................251 Chapter 12 Planning to Fail Your First Audit .........255 Introduction ...................................256 Remember, Auditors Are There to Help You ...........256 Dealing With Auditor s Mistakes ....................258 Planning for Remediation .........................260 Planning For Your Retest .........................267 Summary .....................................268 Solutions Fast Track .............................268 Frequently Asked Questions .......................269 Chapter 13 You re Compliant, Now What ...........271 Introduction ...................................272 Security is a PROCESS, Not an Event ................272 Plan for Periodic Review and Training, Don t Stop Now! . .273 PCI Self-Audit .................................275 Requirement 1 ..............................276 1.1 Policy Checks ..........................276 1.2 Policy Checks ..........................277 1.2 Hands-on Assessments ....................277 1.3 Policy Checks ..........................278 1.3 Hands-on Assessments ....................279 1.4 Policy Check ..........................279 1.4 Hands-on Assessment ....................279 1.5 Policy Check ..........................280 1.5 Hands-on Assessment ....................280 Contents Requirement 2..............................280 2.1 Policy Checks ..........................280 2.1 Hands-on Assessment ....................280 2.2 Policy Checks ..........................281 2.2 Hands-on Assessments ....................281 2.3 Policy Checks ..........................282 2.3 Hands-on Assessments ....................282 2.4 Policy Checks ..........................282 2.4 Hands-on Assessments ....................282 Requirement 3 ..............................283 3.1 Policy Checks ..........................283 3.1 Hands-on Assessments ....................283 3.2 Policy Checks ..........................284 3.2 Hands-on Assessments ....................284 3.3 Policy Checks ..........................288 3.3 Hands-on Assessments ....................288 3.4 Policy Checks ..........................288 3.4 Hands-on Assessments ....................288 3.5 Policy Checks ..........................289 3.5 Hands-on Assessments ....................289 3.6 Policy Checks ..........................289 3.6 Hands-on Assessments ....................290 Requirement 4..............................290 4.1 Policy Checks ..........................290 4.1 Hands-on Assessments ....................291 4.2 Policy Checks ..........................292 4.2 Hands-on Assessments ....................292 Requirement 5..............................292 5.1 Policy Checks ..........................292 5.1 Hands-on Assessments ....................292 5.2 Policy Checks ..........................292 5.2 Hands-on Assessments ....................292 Requirement 6..............................293 6.1 Policy Checks ..........................293 6.1 Hands-on Assessment ....................293 6.2 Policy Checks ..........................293 6.2 Hands-on Assessment ....................293 xx Contents 6.3 Policy Checks ..........................293 6.3 Hands-on Assessment ....................294 6.4 Policy Checks ..........................295 6.4 Hands-on Assessment ....................295 6.5 Policy Checks ..........................295 6.5 Hands-on Assessment ....................296 6.6 Policy Checks ..........................296 6.6 Hands-on Assessment ....................296 Requirement 7..............................296 7.1 Policy Checks ..........................296 7.1 Hands-on Assessment ....................296 7.2 Policy Checks ..........................297 7.2 Hands-on Assessment ....................297 Requirement 8..............................297 8.1 Policy Checks ..........................297 8.1 Hands-on Assessment ....................297 8.2 Policy Checks ..........................298 8.2 Hands-on Assessment ....................298 8.3 Policy Checks ..........................298 8.3 Hands-on Assessment ....................298 8.4 Policy Checks ..........................298 8.4 Hands-on Assessment ....................298 8.5 Policy Checks ..........................299 8.5 Hands-on Assessment ....................300 Requirement 9..............................301 9.1 Policy Checks ..........................301 9.1 Hands-on Assessment ....................301 9.2 Policy Checks ..........................302 9.2 Hands-on Assessment ....................302 9.3 Policy Checks ..........................302 9.3 Hands-on Assessment ....................302 9.4 Policy Checks ..........................302 9.4 Hands-on Assessment ....................303 9.5 Policy Checks ..........................303 9.5 Hands-on Assessment ....................303 9.6 Policy Checks ..........................303 9.6 Hands-on Assessment ....................303 Contents 9.7 Policy Checks ..........................303 9.7 Hands-on Assessment ....................303 9.8 Policy Checks ..........................304 9.8 Hands-on Assessment ....................304 9.9 Policy Checks ..........................304 9.9 Hands-on Assessment ....................304 9.10 Policy Checks .........................304 9.10 Hands-on Assessment ...................304 Requirement 10 .............................305 10.1 Policy Checks .........................305 10.1 Hands-on Assessment ...................305 10.2 Policy Checks .........................305 10.2 Hands-on Assessment ...................305 10.3 Policy Checks .........................305 10.3 Hands-on Assessment ...................306 10.4 Policy Checks .........................306 10.4 Hands-on Assessment ...................306 10.5 Policy Checks .........................306 10.5 Hands-on Assessment ...................307 10.6 Policy Checks .........................307 10.6 Hands-on Assessment ...................307 10.7 Policy Checks .........................307 10.7 Hands-on Assessment ...................307 Requirement 11 .............................307 11.1 Policy Checks ........................308 11.1 Hands-on Assessment ...................308 11.2 Policy Checks .........................308 11.2 Hands-on Assessment ...................308 11.3 Policy Checks .........................309 11.3 Hands-on Assessment ...................309 11.4 Policy Checks .........................309 11.4 Hands-on Assessment ...................309 11.5 Policy Checks .........................309 11.5 Hands-on Assessment ...................309 Requirement 12.............................310 12.1 Policy Checks .........................310 12.1 Hands-on Assessment ...................310 xxii Contents 12.2 Policy Checks .........................310 12.2 Hands-on Assessment ...................310 12.3 Policy Checks .........................310 12.3 Hands-on Assessment ...................311 12.4 Policy Checks .........................312 12.4 Hands-on Assessment ...................312 12.5 Policy Checks .........................312 12.5 Hands-on Assessment ...................312 12.6 Policy Checks .........................312 12.6 Hands-on Assessment ...................312 12.7 Policy Checks .........................313 12.7 Hands-on Assessment ...................313 12.8 Policy Checks .........................313 12.8 Hands-on Assessment ...................313 12.9 Policy Checks .........................313 12.9 Hands-on Assessment ...................313 12.10 Policy Checks ........................314 12.10 Hands-on Assessment ..................314 Summary .....................................315 Solutions Fast Track .............................315 Frequently Asked Questions .......................316 Index .........................................317
adam_txt	Contents Chapter 1 About PCI and This Book .1 Introduction .2 Who Should Read This Book? .2 Organization of the Book .3 Solutions In This Chapter .3 Summary .3 Solutions Fast Track .3 Frequently Asked Questions .4 Chapter Descriptions .4 Chapter 2 Introduction to Fraud, ID Theft, and Regulatory Mandates .7 Chapter 3 Why PCI Is Important .11 Introduction .12 What is PCI? .12 Who Must Comply With the PCI? .12 Dates to Remember .16 Compliance Process .17 Roots of PCI .20 More about PCI Co .21 Approved Assessor and Scanner Companies .22 Qualified Security Assessors .23 Overview of PCI Requirements .23 Risks and Consequences .26 Benefits of Compliance .28 Summary .29 Solutions Fast Track .29 Frequently Asked Questions .31 Chapter 4 Building & Maintaining a Secure Network . 33 Introduction .34 Installing and Maintaining a Firewall Configuration .35 Firewall Overview .35 Packet-filtering Firewalls .35 Proxy Firewalls .36 xi xii Contents Stateful Inspection Firewalls .38 Firewall Architectures .39 Dual-Homed Host. 39 Screened Host .40 Screened Subnet .41 Dual Firewall Configuration .42 PCI DSS Requirements .43 Establish Firewall Configuration Standards .43 Build Secure Firewall Configurations .45 Choosing an Intrusion Detection or Intrusion Prevention System .48 Intrusion Detection Systems .49 Intrusion Prevention Systems .52 Antivirus Solutions .53 Gateway Protection .53 Desktop and Server Protection .53 System Defaults and Other Security Parameters .54 Default Passwords .55 SNMP Defaults .56 Delete Unnecessary Accounts .56 Wireless Considerations .57 Develop Configuration Standards .58 Implement Single Purpose Servers .59 Configure System Security Parameters .59 Disable and Remove Unnecessary Services, Protocols and Functionality .60 Encrypt Non-console Administrative Access .60 Hosting Providers Must Protect Hosted Environment 61 Summary .62 Solutions Fast Track .63 Frequently Asked Questions .65 Chapter 5 Protect Cardholder Data .67 Protecting Cardholder Data .68 The CIA Triad .68 PCI Requirement 3: Protect Stored Cardholder Data .69 Encryption Methods for Data at Rest .69 File- or Folder-level Encryption .70 Contents xiii Full Disk Encryption .71 Implications .72 Database (Column-level) Encryption .73 Overview .75 Other Encryption Method Considerations .75 PCI Requirement 4— Encrypt Transmission of Cardholder Data Across Open, Public Networks .76 Requirement 4.1— Cryptography and Protocols .76 SSL/TLS .77 Securing Wireless Networks Transmitting Cardholder Data .78 Defining WiFi .79 Using Compensating Controls .80 Compensating Controls for Requirement 3.4.81 Provide Additional Segmentation/ Abstraction (e.g., at the Network Layer) .82 Provide Ability to Restrict Access to Cardholder Data or Databases .82 Restrict Logical Access to the Database .83 Prevent/Detect Common Application or Database Attacks .84 Overview .84 Mapping Out a Strategy .85 Step 1— Identify and Classify Information .85 Step 2— Identify Where the Sensitive Data is Located . . .86 Step 3— Determine Who and What Needs Access .86 Step 4— Develop Policies Based On What You Have Identified .86 The Absolute Essentials .87 Keep Cardholder Storage to a Minimum .87 Do Not Store Sensitive Authentication Data Subsequent to Authorization .87 Mask the PAN When Displayed .87 Render PAN (at Minimum) Unreadable Anywhere it is Stored .88 Protect Encryption Keys Used for Encryption of Cardholder Data Against Both Disclosure and Misuse . . .88 xiv Contents Summary ."' Solutions Fast Track .°" Frequently Asked Questions .91 Chapter 6 Logging Access & Events Chapter .93 Introduction to Logging .94 Tools and Traps .96 PCI Relevance of Logs .97 Logging in PCI Requirement 10.98 Are You Owned .101 Logging in PCI -All Other Requirements .104 Tools for Logging in PCI . Alerts — Used For Real-time Monitoring of In-scope Servers . Reports- Used for Daily Review of Pre-analyzed Data .11° Case Studies .119 Summary .122 Solutions Fast Track .122 Frequently Asked Questions .123 Chapter 7 Strong Access Control .125 Introduction .126 Principles of Access Control .126 Integrity .126 Confidentiality .127 Availability .127 How Much Access Should a User Should Have .127 Authentication and Authorization .128 Authentication .128 Multi-factor Authentication .129 Passwords .129 PCI Compliant Passwords .131 Educating Users .131 Authorization .133 PCI and Access Control .134 Processes for PCI Compliance .135 Configuring Systems to Enforce PCI Compliance .138 Contents xv Windows and PCI Compliance .140 Windows File Access Control .140 Creating a New Group Policy Object .142 Enforcing a PCI Compliant Password Policy in Windows Active Directory .142 Configuring Account Lockout in Active Directory . . 144 Setting Session Timeout and Password- protected Screen Savers in Active Directory .145 Setting File Permissions Using GPOs .147 Finding Inactive Accounts in Active Directory .149 Enforcing Password Requirements in Window on Standalone Computers .150 Enabling Password Protected Screen Savers on Standalone Windows Computers . .152 Setting File Permissions on Standalone Windows Computers .153 POSIX (UNIX/Linux-like Systems) Access Control . . .154 Linux Enforce Password Complexity Requirements . . .156 Cisco and PCI Requirements .156 CISCO Enforce Session Timeout .157 Encrypt Cisco Passwords .157 Database Access and PCI Requirements .157 Physical Security .157 Visitors .158 Physical Security and Media .159 Summary .161 Solutions Fast Track .161 Frequently Asked Questions .162 Chapter 8 Vulnerability Management .165 Introduction .166 Vulnerability Management in PCI .167 Requirement 5 Walkthrough .171 Requirement 6 Walkthrough .172 Requirement 11 Walkthrough .176 Common PCI Vulnerability Management Mistakes .179 Case Studies .180 PCI at a Retail Chain .180 xvi Contents PCI at an E-commerce Site .182 Summary .183 Solutions Fast Track .183 Frequently Asked Questions .184 Chapter 9 Monitoring and Testing .185 Introduction .186 Monitoring Your PCI DSS Environment .186 Establishing Your Monitoring Infrastructure .187 Time .187 Identity Management .189 Event Management Storage .190 Determining What You Need to Monitor .192 Applications Services .192 Infrastructure Components .193 Determining How You Need to Monitor .195 Deciding Which Tools Will Help You Best .197 Auditing Network and Data Access .198 Searching Your Logs .198 Testing Your Monitoring Systems and Processes .199 Network Access Testing .199 Penetration Testing .199 Intrusion Detection and Prevention .200 Intrusion Detection .200 Intrusion Prevention .200 Integrity Monitoring .201 What are You Monitoring? .201 Solutions Fast Track .202 Frequently Asked Questions .203 Chapter 10 How to Plan a Project to Meet Compliance 205 Introduction .206 Justifying a Business Case for Compliance .206 Figuring Out IfYou Need to Comply .207 Compliance Overlap .207 The Level of Compliance .209 What is the Cost for Non-compliance? .210 Penalties for Non-compliance .210 Bringing All the Players to the Table .211 Contents xvii Obtaining Corporate Sponsorship .211 Forming Your Compliance Team .212 Roles and Responsibilities ofYourTeam .212 Getting Results Fast .213 Helping to Budget Time and Resources .214 Setting Expectations .214 Management's Expectations .215 Establishing Goals and Milestones .215 Having Status Meetings .217 How to Inform/Train Staff on Issues .217 Training Your Compliance Team .217 Training the Company on Compliance .218 Setting Up the Corporate Compliance Training Program .218 Where to Start: The First Steps .220 The Steps .220 Step 1 : Obtain Corporate Sponsorship .220 Step 2: Identify and Establish Your Team .221 Step 3: Determine your PCI Merchant Level .221 Step 4: Complete the PCI DSS Self-assessment Questionnaire .222 Step 5: Get an External Network Scan from an Approved Scanning Vendor .222 Step 6: Get Validation from a Qualified Security Assessor .223 Step 7: Perform a Gap Analysis .223 Step 8: Create PCI DSS Compliance Plan .224 Step 9: Prepare for Annual Audit of Compliance Validation .224 Summary .226 Solutions Fast Track .227 Frequently Asked Questions .229 Chapter 11 Responsibilities .233 Introduction .234 Whose Responsibility Is It? .234 CEO .235 xviii Contents CISO .235 СЮ .239 Security and System Administrators .239 Additional Resources .239 Incident Response .240 Incident Response Team .241 Incident Response Plan .241 Forensics .242 Notification .244 Liabilities .245 Business Continuity .246 Summary .247 Frequently Asked Questions .251 Chapter 12 Planning to Fail Your First Audit .255 Introduction .256 Remember, Auditors Are There to Help You .256 Dealing With Auditor's Mistakes .258 Planning for Remediation .260 Planning For Your Retest .267 Summary .268 Solutions Fast Track .268 Frequently Asked Questions .269 Chapter 13 You're Compliant, Now What .271 Introduction .272 Security is a PROCESS, Not an Event .272 Plan for Periodic Review and Training, Don't Stop Now! . .273 PCI Self-Audit .275 Requirement 1 .276 1.1 Policy Checks .276 1.2 Policy Checks .277 1.2 Hands-on Assessments .277 1.3 Policy Checks .278 1.3 Hands-on Assessments .279 1.4 Policy Check .279 1.4 Hands-on Assessment .279 1.5 Policy Check .280 1.5 Hands-on Assessment .280 Contents Requirement 2.280 2.1 Policy Checks .280 2.1 Hands-on Assessment .280 2.2 Policy Checks .281 2.2 Hands-on Assessments .281 2.3 Policy Checks .282 2.3 Hands-on Assessments .282 2.4 Policy Checks .282 2.4 Hands-on Assessments .282 Requirement 3 .283 3.1 Policy Checks .283 3.1 Hands-on Assessments .283 3.2 Policy Checks .284 3.2 Hands-on Assessments .284 3.3 Policy Checks .288 3.3 Hands-on Assessments .288 3.4 Policy Checks .288 3.4 Hands-on Assessments .288 3.5 Policy Checks .289 3.5 Hands-on Assessments .289 3.6 Policy Checks .289 3.6 Hands-on Assessments .290 Requirement 4.290 4.1 Policy Checks .290 4.1 Hands-on Assessments .291 4.2 Policy Checks .292 4.2 Hands-on Assessments .292 Requirement 5.292 5.1 Policy Checks .292 5.1 Hands-on Assessments .292 5.2 Policy Checks .292 5.2 Hands-on Assessments .292 Requirement 6.293 6.1 Policy Checks .293 6.1 Hands-on Assessment .293 6.2 Policy Checks .293 6.2 Hands-on Assessment .293 xx Contents 6.3 Policy Checks .293 6.3 Hands-on Assessment .294 6.4 Policy Checks .295 6.4 Hands-on Assessment .295 6.5 Policy Checks .295 6.5 Hands-on Assessment .296 6.6 Policy Checks .296 6.6 Hands-on Assessment .296 Requirement 7.296 7.1 Policy Checks .296 7.1 Hands-on Assessment .296 7.2 Policy Checks .297 7.2 Hands-on Assessment .297 Requirement 8.297 8.1 Policy Checks .297 8.1 Hands-on Assessment .297 8.2 Policy Checks .298 8.2 Hands-on Assessment .298 8.3 Policy Checks .298 8.3 Hands-on Assessment .298 8.4 Policy Checks .298 8.4 Hands-on Assessment .298 8.5 Policy Checks .299 8.5 Hands-on Assessment .300 Requirement 9.301 9.1 Policy Checks .301 9.1 Hands-on Assessment .301 9.2 Policy Checks .302 9.2 Hands-on Assessment .302 9.3 Policy Checks .302 9.3 Hands-on Assessment .302 9.4 Policy Checks .302 9.4 Hands-on Assessment .303 9.5 Policy Checks .303 9.5 Hands-on Assessment .303 9.6 Policy Checks .303 9.6 Hands-on Assessment .303 Contents 9.7 Policy Checks .303 9.7 Hands-on Assessment .303 9.8 Policy Checks .304 9.8 Hands-on Assessment .304 9.9 Policy Checks .304 9.9 Hands-on Assessment .304 9.10 Policy Checks .304 9.10 Hands-on Assessment .304 Requirement 10 .305 10.1 Policy Checks .305 10.1 Hands-on Assessment .305 10.2 Policy Checks .305 10.2 Hands-on Assessment .305 10.3 Policy Checks .305 10.3 Hands-on Assessment .306 10.4 Policy Checks .306 10.4 Hands-on Assessment .306 10.5 Policy Checks .306 10.5 Hands-on Assessment .307 10.6 Policy Checks .307 10.6 Hands-on Assessment .307 10.7 Policy Checks .307 10.7 Hands-on Assessment .307 Requirement 11 .307 11.1 Policy Checks .308 11.1 Hands-on Assessment .308 11.2 Policy Checks .308 11.2 Hands-on Assessment .308 11.3 Policy Checks .309 11.3 Hands-on Assessment .309 11.4 Policy Checks .309 11.4 Hands-on Assessment .309 11.5 Policy Checks .309 11.5 Hands-on Assessment .309 Requirement 12.310 12.1 Policy Checks .310 12.1 Hands-on Assessment .310 xxii Contents 12.2 Policy Checks .310 12.2 Hands-on Assessment .310 12.3 Policy Checks .310 12.3 Hands-on Assessment .311 12.4 Policy Checks .312 12.4 Hands-on Assessment .312 12.5 Policy Checks .312 12.5 Hands-on Assessment .312 12.6 Policy Checks .312 12.6 Hands-on Assessment .312 12.7 Policy Checks .313 12.7 Hands-on Assessment .313 12.8 Policy Checks .313 12.8 Hands-on Assessment .313 12.9 Policy Checks .313 12.9 Hands-on Assessment .313 12.10 Policy Checks .314 12.10 Hands-on Assessment .314 Summary .315 Solutions Fast Track .315 Frequently Asked Questions .316 Index .317
any_adam_object	1
any_adam_object_boolean	1
building	Verbundindex
bvnumber	BV023092147
callnumber-first	Q - Science
callnumber-label	QA76
callnumber-raw	QA76.9.A25
callnumber-search	QA76.9.A25
callnumber-sort	QA 276.9 A25
callnumber-subject	QA - Mathematics
classification_rvk	ST 185
ctrlnum	(OCoLC)144227882 (DE-599)BVBBV023092147
dewey-full	005.80218
dewey-hundreds	000 - Computer science, information, general works
dewey-ones	005 - Computer programming, programs, data, security
dewey-raw	005.80218
dewey-search	005.80218
dewey-sort	15.80218
dewey-tens	000 - Computer science, information, general works
discipline	Informatik
discipline_str_mv	Informatik
format	Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01934nam a2200505zc 4500</leader><controlfield tag="001">BV023092147</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20140217 </controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">080122s2007 xxua\|\|\| \|\|\|\| 00\|\|\| eng d</controlfield><datafield tag="010" ind1=" " ind2=" "><subfield code="a">2007298374</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1597491659</subfield><subfield code="c">pbk.</subfield><subfield code="9">1-59749-165-9</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781597491655</subfield><subfield code="9">978-1-59749-165-5</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)144227882</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV023092147</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">aacr</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="044" ind1=" " ind2=" "><subfield code="a">xxu</subfield><subfield code="c">US</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-11</subfield></datafield><datafield tag="050" ind1=" " ind2="0"><subfield code="a">QA76.9.A25</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.80218</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 185</subfield><subfield code="0">(DE-625)143606:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">PCI compliance</subfield><subfield code="b">implementing effective PCI data security standards</subfield><subfield code="c">Tony Bradley, technical ed. ...</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Burlington, Mass.</subfield><subfield code="b">Syngress</subfield><subfield code="c">2007</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">xxii, 329 p.</subfield><subfield code="b">ill.</subfield><subfield code="c">24 cm</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Includes index.</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Cartes de crédit</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Protection de l'information (Informatique) - Normes</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Réseaux d'ordinateurs - Sécurité - Mesures</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Data protection</subfield><subfield code="x">Standards</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Credit cards</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Liability for credit information</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Chipkarte</subfield><subfield code="0">(DE-588)4147723-6</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Datensicherung</subfield><subfield code="0">(DE-588)4011144-1</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Chipkarte</subfield><subfield code="0">(DE-588)4147723-6</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Datensicherung</subfield><subfield code="0">(DE-588)4011144-1</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Bradley, Tony</subfield><subfield code="e">Sonstige</subfield><subfield code="4">oth</subfield></datafield><datafield tag="856" ind1="4" ind2=" "><subfield code="u">http://www.loc.gov/catdir/enhancements/fy0738/2007298374-d.html</subfield><subfield code="3">Publisher description</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Regensburg</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=016295000&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-016295000</subfield></datafield></record></collection>
id	DE-604.BV023092147
illustrated	Illustrated
index_date	2024-07-02T19:41:28Z
indexdate	2024-07-09T21:10:49Z
institution	BVB
isbn	1597491659 9781597491655
language	English
lccn	2007298374
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-016295000
oclc_num	144227882
open_access_boolean
owner	DE-11
owner_facet	DE-11
physical	xxii, 329 p. ill. 24 cm
publishDate	2007
publishDateSearch	2007
publishDateSort	2007
publisher	Syngress
record_format	marc
spelling	PCI compliance implementing effective PCI data security standards Tony Bradley, technical ed. ... Burlington, Mass. Syngress 2007 xxii, 329 p. ill. 24 cm txt rdacontent n rdamedia nc rdacarrier Includes index. Cartes de crédit Protection de l'information (Informatique) - Normes Réseaux d'ordinateurs - Sécurité - Mesures Data protection Standards Computer networks Security measures Credit cards Liability for credit information Chipkarte (DE-588)4147723-6 gnd rswk-swf Datensicherung (DE-588)4011144-1 gnd rswk-swf Chipkarte (DE-588)4147723-6 s Datensicherung (DE-588)4011144-1 s DE-604 Bradley, Tony Sonstige oth http://www.loc.gov/catdir/enhancements/fy0738/2007298374-d.html Publisher description Digitalisierung UB Regensburg application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=016295000&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis
spellingShingle	PCI compliance implementing effective PCI data security standards Cartes de crédit Protection de l'information (Informatique) - Normes Réseaux d'ordinateurs - Sécurité - Mesures Data protection Standards Computer networks Security measures Credit cards Liability for credit information Chipkarte (DE-588)4147723-6 gnd Datensicherung (DE-588)4011144-1 gnd
subject_GND	(DE-588)4147723-6 (DE-588)4011144-1
title	PCI compliance implementing effective PCI data security standards
title_auth	PCI compliance implementing effective PCI data security standards
title_exact_search	PCI compliance implementing effective PCI data security standards
title_exact_search_txtP	PCI compliance implementing effective PCI data security standards
title_full	PCI compliance implementing effective PCI data security standards Tony Bradley, technical ed. ...
title_fullStr	PCI compliance implementing effective PCI data security standards Tony Bradley, technical ed. ...
title_full_unstemmed	PCI compliance implementing effective PCI data security standards Tony Bradley, technical ed. ...
title_short	PCI compliance
title_sort	pci compliance implementing effective pci data security standards
title_sub	implementing effective PCI data security standards
topic	Cartes de crédit Protection de l'information (Informatique) - Normes Réseaux d'ordinateurs - Sécurité - Mesures Data protection Standards Computer networks Security measures Credit cards Liability for credit information Chipkarte (DE-588)4147723-6 gnd Datensicherung (DE-588)4011144-1 gnd
topic_facet	Cartes de crédit Protection de l'information (Informatique) - Normes Réseaux d'ordinateurs - Sécurité - Mesures Data protection Standards Computer networks Security measures Credit cards Liability for credit information Chipkarte Datensicherung
url	http://www.loc.gov/catdir/enhancements/fy0738/2007298374-d.html http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=016295000&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT bradleytony pcicomplianceimplementingeffectivepcidatasecuritystandards

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Fernleihe Bestellen Achtung: Nicht im THWS-Bestand! Inhaltsverzeichnis

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge