New Book Offers Merchants A Practical Guide To PCI DSS Compliance
To help merchants achieve compliance with the Payment Card Industry Data Security Standard ('PCI DSS') IT Governance has launched a new book that offers focused advice on how to build and maintain a sustainable PCI DSS compliance programme.
Ely, England (PRWEB) April 11, 2008 -- Achieving compliance with the Payment Card Industry Data Security Standard ('PCI DSS') is a priority issue for all merchants accepting credit and debit cards. To help project managers, executives and security officers tasked with delivering compliance, IT Governance has launched 'PCI DSS: A Practical Guide to Implementation' (http://www.itgovernance.co.uk/products/1633), which offers focused advice on how to build and maintain a sustainable PCI DSS compliance programme.
The PCI DSS (http://www.itgovernance.co.uk/pci_dss.aspx) must be met by all merchants that accept credit and debit cards issued by the major credit card companies. It is a contractual obligation applied and enforced directly by the payment providers, and a failure by a merchant to comply can result in fines, restrictions and significant brand damage.
The Standard requires merchants and member service providers to adopt a number of specific measures to ensure data security. These include building and maintaining a secure IT network, protecting cardholder data, and maintaining a vulnerability management programme and information security policy. As described on the IT Governance website, the Standard's compliance requirements are ranked in four levels, and the level of compliance required of a merchant is based upon the volume of payment card transactions it processes annually.
'PCI DSS: A Practical Guide to Implementation' is intended as a complementary resource for those responsible for PCI DSS compliance, helping the reader to interpret and utilise other publicly available information about the Standard. Over 184 pages, it provides a helpful nine-step programme for creating a compliance regime and discusses the relationship of PCI DSS to ISO27001 (http://www.itgovernance.co.uk/iso27001.aspx), the international best practice standard for information security management. Topics addressed include project initiation, gap analysis, auditing, and maintaining and demonstrating compliance. Also provided in the appendices are a project checklist, project plan and details of recommended further reading.
PCI DSS: A Practical Guide to Implementation is written by Steve Wright, a consultant and lecturer with extensive experience in the design and implementation of security architecture and information security governance frameworks, including PCI DSS. Steve has successfully executed information security projects for several UK government agencies and has completed many consulting engagements for global corporations in sectors including business process outsourcing, manufacturing, telecoms, IT and healthcare. He currently manages a successful security management practice and is active as a lecturer and trainer on Information Risk Management and many British Computer Society ISEB courses.
Alan Calder, Chief Executive of IT Governance, comments, "Building a PCI DSS programme from scratch can be a daunting task. This new book helps those with direct responsibility to accelerate their learning and chart the most direct course to sustainable compliance."
PCI DSS: A Practical Guide to Implementation is priced at £39.95/$79.10/€51.94 and is available in hard copy (ISBN 978-1-905356-45-4) or e-book format (ISBN 978-1-905356-46-1). To purchase a copy, visit http://www.itgovernance.co.uk/products/1633.
NOTES TO EDITORS
IT Governance Ltd is the one-stop shop for books, tools, training and consultancy for Governance, Risk Management and Compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is 'non-geek', approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.
Alan Calder is an international authority on IT governance and information security management. He led the world's first successful implementation of BS7799, the information security management standard upon which ISO27001 is based, and wrote the definitive compliance guide for this standard, IT Governance: A Manager's Guide to Data Security and BS7799/ISO17799. The third edition of this book is the basis for the UK Open University's postgraduate course on Information Security. He is a consultant to companies including Cisco. He regularly blogs on IT security issues at http://alancalder.blogspot.com/.
###
|
