Chapter 1: An Evolving Regulatory Perspective
Overview of the changes that have occurred in regard to personal data regulatory compliance and the implication for PCI DSS.
- Data Privacy and PCI DSS
Chapter 2: Data the 'Life Blood' of Business
Understand the true value of data to modern digital business
Chapter 3: An Integrated Cyber/InfoSec Strategy
Demonstrates the links between various Cyber/InfoSec terms
- Synchronized Defenses: o Information Systems & Connected Technologies
o Security Culture
§ Roles
§ Responsibilities
- Complimentary Defense Nodes
o Data Security
o Cyber Security
o Information Security
o Physical Security
o Resilience
- Knowing you enemies
o Tactics, Techniques and Protocols (TTPs)
o External Threat
o Internal Threat
Chapter 4: The Importance of Risk Management
Explains the integral importance of risk management for an effective Cyber/InfoSec Strategy
- Risk Management
1. Vulnerability Management
2. Threat Management
3. Business Impact Management
Chapter 5: Compliance Versus Risk-The Differentiator
Chapter 6: The Evolution of PCI DSS
Provides an overview of the PCI DSS evolution
Chapter 7: PCI DSS Applicability
Explains the purpose and benefits of PCI DSS
- PCI DSS Overview
1. Structure
2. Scoping
Chapter 8: An introduction to PCI DSS Controls Framework
Describes the structure and interdependencies of PCI DSS
- Six Goals
1. Fortress Design
2. Secure Silos
3. Secure Maintenance
4. Gate Keeping
5. Routine Assurance
6. People & Process
- 12 Requirements
Requirement 12: People Management
Requirement 1: Layering The Network
Requirement 2: Secure By Design/Default
Requirement 3: The Vault
Requirement 4: Secure In Motion
Requirement 5: Entry Search
Requirement 6: Build & Maintain
Requirement 7: Role Based Restrictions
Requirement 8: Logical Entry Control
Requirement 9: Physical Entry Control
Requirement 10: Detection
Requirement 11: Assurance Testing
Chapter 9: Payment Channel Attack Vectors
Provides an understanding of the potential avenues of attack, associated to a business' payment operations
- Online
- Face To Face
- Telephone-Based
- 3rd Parties
About the Author:
James (Jim) Seaman has been dedicated to the pursuit of security for his entire adult life. He served 22 years in the RAF Police, covering a number of specialist areas including physical security, aviation security, information security management, IT security management, cybersecurity management, security investigations, intelligence operations, and incident response and disaster recovery. He has successfully transitioned his skills to the corporate environment and now works in areas such as financial services, banking, retail, manufacturing, e-commerce, and marketing. He helps businesses enhance their cybersecurity and InfoSec defensive measures and work with various industry security standards.
