.

[Article]-Book Review: PCI Compliance

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Mon Jan 04, 2010 5:22 pm

[Article]-Book Review: PCI Compliance

Old friend and former MS MVP, Joel Dubin (The IT Security Guy), has tons of experience dealing with PCI working with Trustwave. So I thought he was the perfect person to review this book. Thankfully he said yes. Much appreciated.

Permanent link: [Article]-Book Review: PCI Compliance


Review by Joel Dubin, CISSP

The Payment Card Industry Data Security Standard (PCI DSS) has taken it on the chin recently.  With several high profile breaches of credit card numbers, some critics of the industry standard have said it either isn’t strong enough, or should be abolished altogether.  But as Dr. Anton Chuvakin and Branden Williams correctly point out in the second edition of their book, PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance, PCI is here to stay.

This is no ordinary field manual to the PCI standard.  It isn’t a book, for example, that a PCI auditor, called a Qualified Security Assessor (QSA), would have open on their lap as a reference while working with a client.  Instead it carefully weaves together PCI, which is considered compliance, with IT security.  In fact, it also discusses PCI in the universe of other regulatory compliance standards, like SOX and HIPAA, which also give IT managers plenty of headaches.

The book correctly notes that compliance isn’t the same as security, a common misconception of PCI critics, but that it is part of a sound IT security program covering both bases, compliance and security, and not narrowly focused on PCI, but other standards, as well.  That’s good news for IT managers suffering from compliance fatigue and looking for a single path to handle not just security but all the other regulations they face.  PCI might not be a cure-all, but the IT security it requires can go a long way toward that single path.



Don
CISSP, MCSE, CSTA, Security+ SME
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Tue Jan 05, 2010 10:46 am

Re: [Article]-Book Review: PCI Compliance

Nice review Joel, I was in two minds whether to pick this one up as I was concerned it might just be a re-hash of the PCI requirements with some 'explanation' that didn't go beyond what you would already know.

Sounds like it goes beyond what I was concerned about, I'll add it to my already increasing To Read list.

P.S. On a side note one of Joel's examples jogged my memory; I was waiting for the missus outside a shop bored recently and fired up my phone's wireless scanner to be nosey. Didn't want to poke around too much but found an SSID of 'epos' running WEP, could be interesting...
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed Feb 24, 2010 11:46 am

Re: [Article]-Book Review: PCI Compliance

CISSP, MCSE, CSTA, Security+ SME

Return to Book Reviews

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software