- Database and Business Intelligence
- Desktop Management
- Disaster Recovery and High Availability
- Enterprise Application Development
- Identity Management
- IT Automation and Service Management
- IT Management
- IT Monitoring
- Messaging
- Networking
- Security and Compliance
- Storage Management
- Unified Communications
- Virtualization and Application Deployment
- Windows Administration
-
NEED HELP?
-
Visit our FAQ if you run into problems downloading our eBooks. If you are wondering why all of the chapters aren't available for some of the eBooks, we'll explain it here!
-
PAGE FEEDBACK
- Having a problem with this page? Please let us know!
|
|
 |
Chapter 1: Overview of Payment Card Industry Data Security Standards |
|
Chapter 2: Overview of SSL Certificates |
|
Chapter 3: What Is Required by PCI Data Standards? |
|
Chapter 4: PCI Compliance Checklist |
|
Complete Book (ZIP file) |
The Payment Card Industry (PCI) Data Standards were designed to help protect consumers, merchants, and banks from costly fraud due to insufficient security. To comply with PCI regulations, those involved with the payment card industry have to implement measures to protect credit card data, such as encrypting credit card data during transmission and locking down servers used in payment processing. SSL certificates are used to authenticate servers and enable data encryption. The Shortcut Guide to PCI Compliance and How SSL Certificates Fit provides an overview of PCI regulations, describes the structure and function of SSL certificates and how SSL fits into the compliance picture. The final chapter of the guide is a checklist on how to implement SSL certificates and prepare for PCI audits.
Chapter 1: Overview of Payment Card Industry Data Security Standards
The payment card industry is the target of substantial fraud. Organized cybercrime groups are sophisticated and well established to the point of having created underground markets for credit card fraud software, data, and supporting services. Legitimate businesses have responded with efforts to improve the security of a highly-distributed and decentralized payment card system. SSL certificates play key roles in preserving the confidentiality and integrity of payment card data.
Chapter 2: Overview of SSL Certificates
SSL certificates are an important element of the security infrastructure that protects systems and communications. In that role, they also enable customers to trust businesses that customers might otherwise be unfamiliar with. What is it about SSL certificates that enable these properties? To answer this question, we must understand the components of an SSL certificate and how they are used for authentication and encryption. We also need to understand different uses of SSL certificates and how they enable the formation of trust. This chapter is organized into five sections that will address these issues:
- Components of an SSL certificate
- Authenticating servers with SSL certificates
- Encryption and SSL
- Different uses of SSL certificates
- Trust and SSL security
Chapter 3: What Is Required by PCI Data Standards?
The PCI Data Security Standards Council publishes a number of documents for businesses, IT professionals, software developers, and others who participate in implementing the PCI Data Security Standard (PCI DSS). One of these, the Requirements and Security Assessment Procedures (version 2.0), describes a set of requirements for businesses working with payment card data. The document describes a set of high-level requirements organized into six functional tasks:
- Build and maintain a secure network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
This chapter will describe these requirements in a slightly different structure, organized more around clusters of requirements that would be addressed by different groups within an IT department, for example, developers and systems administrators. These are not hard and fast divisions. Some of the requirements necessitate collaboration between developers, systems administrators, application architects, and application managers. Keeping in mind the need for multiple skill sets, we will discuss the requirements organized around:
- Data collection and storage practices
- Infrastructure security
- Vulnerability assessment
- Monitoring and reporting
We begin with the most basic of tasks: collecting data.
Chapter 4: PCI Compliance Checklist
The Payment Card Industry Data Security Standard (PCI DSS) contains more than just recommended best practices—they are required policies, procedures, and technical requirements for businesses that use payment cards. The PCI Security Standards Council provides a number of documents that describe requirements in detail along with FAQs and guidelines; these are available in the council’s documents library. This chapter highlights key compliance areas with a focus on the use of SSL certificates, including:
- Self-assessment activities
- Security of servers and data transmission with SSL
- Essential security policies related to SSL certificates
- SSL certificate life cycle management
Sign up for our Realtime Nexus newsletters and book alerts and discover when new books on your favorite IT topics are available!
By sponsoring a book with Realtime Publishers, you will connect your technology company with thousands of IT professionals who need information on the technology topic of your choice. Realtime Publishers works with only the best authors in the IT field to produce expert-level publications that appeal to and educate the IT professional audience.
Visit sponsorships.realtimepublishers.com to learn more about our wide array of sponsorship and content marketing opportunities.
- © 2013 Realtime Publishers
- // Google Analytics Tracking