Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "PCI Compliance", Tony Bradley et al

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Han
    BKPCICPL.RVW 20080306 PCI Compliance , Tony Bradley et al, 2007, 978-1-59749-165-5, U$59.95 %A Tony Bradley %A James D. Burton %A Anton Chuvakin
    Message 1 of 1 , Jul 7, 2008
    • 0 Attachment
      BKPCICPL.RVW 20080306

      "PCI Compliance", Tony Bradley et al, 2007, 978-1-59749-165-5, U$59.95
      %A Tony Bradley
      %A James D. Burton
      %A Anton Chuvakin www.chuvakin.org
      %A Anatoly Elberg
      %A Brian Freedman
      %A David King
      %A Scott Paladino www.eds.com
      %A Paul Schooping
      %C 800 Hingham Street, Rockland, MA 02370
      %D 2007
      %G 978-1-59749-165-5 1-59749-165-9
      %I Syngress Media, Inc.
      %O U$59.95 781-681-5151 fax: 781-681-3585 www.syngress.com
      %O http://www.amazon.com/exec/obidos/ASIN/1597491659/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/1597491659/robsladesinte-21
      %O http://www.amazon.ca/exec/obidos/ASIN/1597491659/robsladesin03-20
      %O Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation)
      %P 329 p.
      %T "PCI Compliance"

      The Payment Card Industry Data Security Standards (PCI DSS, generally
      referred to simply as PCI) document is currently the security
      framework that is of greatest concern to those in the retail sector.

      Chapter one very tersely introduces PCI and states that the book is
      written at a strategic level appropriate for senior managers. This
      assertion of an executive audience is somewhat at odds with the
      declaration, in chapter two, that the book is intended for small and
      medium sized businesses. (The chapter otherwise notes a few instances
      of credit card fraud.) The PCI elements of (and terms for) merchant
      levels, assessors, and the six control objectives (and twelve
      requirements) are given a quick overview in chapter three.

      Chapter four presents general concepts related to firewalls and
      intrusion detection systems, but does not completely fulfill the
      titular promise of suggesting how to build and maintain a secure
      network. (Some additional topics are mentioned, such as a brief
      reference of computer virus scanning.) Most of chapter five, relating
      to protection of cardholder data, concentrates on encryption.
      However, there is a repeat of some of the network material from the
      previous chapter, as well as a rather confused mention of information
      classification. Chapter six deals with log data, both from the
      perspective of requirement 10 (which mandates monitoring) and in
      relation to some of the other requirements as well. The fourth
      control objective, comprising requirements seven, eight, and nine,
      address access control. Chapter seven provides a good, general
      overview of the topic, with the material being padded out by fourteen
      pages of Windows screenshots. Vulnerability management, in chapter
      eight, mentions requirements five (antivirus), six (secure application
      development, and eleven (testing), but in a confused and confusing
      manner. Since monitoring is covered in chapter six, and testing in
      chapter eight, it is difficult to see what purpose chapter nine serves
      in terms of recovery, monitoring and testing. A mostly generic look
      at project management makes up chapter ten. Similarly vague and banal
      is the material on roles and responsibilities, in chapter eleven, and
      advice on how to react to the findings from a security audit, in
      chapter twelve. Chapter thirteen suggests that, once you are
      compliant with the PCI standard, you have a periodic self-assessment.
      (There is also a terse list of areas to check.

      The book could have been considerably shorter, and perhaps more
      helpful, had it concentrated more on the PCI standard and specific
      details. However, given the current interest in PCI, it does provide
      a useful introduction, with a large amount of extraneous padding.

      copyright Robert M. Slade, 2008 BKPCICPL.RVW 20080306


      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      Mass transportation is doomed to failure in North America because
      a person's car is the only place where he can be alone and think.
      - Marshall McLuhan
      victoria.tc.ca/techrev/rms.htm en.wikipedia.org/wiki/Robert_Slade
    Your message has been successfully submitted and would be delivered to recipients shortly.