PCI Compliance, 5th Edition
Welcome to the support site for PCI Compliance, 5th Edition! We're glad you're here. Scroll to the bottom for our contact info.
Items up First
Did you find an issue in the book or want to suggest something for the site? Submit issues here! We have published the Errata here. Interested in a discussion? Start one here. Join our Discord!
What This Book is About
If you are like most information technology and information security professionals, the idea of becoming compliant with PCI DSS or countless other regulations doesn't sound fun. It's much more common to associate compliance efforts with pain. Whether it's the pain of not knowing what to do, pain of failing your first assessment, or pain of complying without any budget, there are plenty of challenges for anyone tasked with doing this well.
We faced a challenge, to write a fun, useful, and insightful book about PCI DSS. We are committed to the challenge! We’d like to invite you, our reader, to travel with us in the hopes that when you turn the last page, you would come to realize that PCI DSS compliance can indeed be fun!
How to Use the Book in Your Daily Job
You can use the book during the entire lifecycle from complete PCI unawareness to ultimate security and compliance enlightenment. Specifically, you can use it to:
- Learn what PCI DSS is and why it is here to stay
- Figure out how it applies to you and your organization
- Learn what to do about each of the 12 main requirements to get compliant
- Gain knowledge about dealing with PCI assessors and how to make your compliance validation as painless as possible
- Learn how to plan and manage a PCI DSS compliance project
- Understand all the technologies referenced by PCI DSS
- Understand what Visa and MasterCard really want from you
- Get the best experience out of what can be seen as a painful assessment process
- Build your plans even if you are a small business
Book materials
- View Table of Contents for “PCI Compliance”, 3rd edition
- Download free sample chapter Chapter 3 “Why is PCI Here?”[PDF]
Useful PCI DSS materials
- The PCI Security Standards Council Website
- PCI DSS 4.0
- Summary of Changes from 3.2.1 to 4.0
- PCI DSS 4.0 At a Glance
- PCI DSS FAQs
- Sample Cybersecurity Policy Option 1
- Sample Cybersecurity Policy Option 2
Papers by the authors on PCI DSS
Even though Anton was not a part of the 5th Edition of this book, we wanted to bring his links forward from previous editions.
- “Data Flows Made Easy” by Branden
- “The Seven Deadly Sins of a QSA” by Branden
- “The Art of the Compensating Control” by Branden
- "Consumer Attitudes Toware Breaches, How Consumers React to Retail Breaches", by Branden
- “How Tokenization and Encryption can enable PCI DSS compliance,” Information Security Technical Report (ISTR2187), Elsevier (February 2011), by Branden Williams
- “Security First or Compliance First?” by Anton
- “How to Stay Compliant? or Ongoing Tasks in PCI DSS” by Anton
- “More on PCI DSS and Logging” by Anton
- “PCI DSS logging: A must for compliance” (part 1) by Anton
- “Practical priorities in PCI DSS logging” (part 2) by Anton
- All blog posts about PCI DSS from Branden’s blog
Presentations by the authors on PCI DSS:
- “The Mistakes QSAs Make” by Branden
PCI DSS Videos
This section contains videos of exciting PCI DSS compliance discussions – with the PCI book authors playing a role:
- Tips to Get Ahead of PCI Compliance, RSA Conference 2013.
- PCI Done Right and Wrong, SOURCE Boston 2010.
PCI DSS tips
- Brando’s PCI Requirements Review: Sampling
- Brando’s Guide to Making a Mobile App Comply with PCI DSS
- The Great PCI Security Debate of 2010
Other Helpful PCI DSS Content
- The PCI Guru
- Merchant Resources from the Council
Meet the authors:
- Dr. Branden R. Williams
- James K. Adamson
Check each author’s website for upcoming talks, but expect to see them at RSA Conference, mWISE, and lots of local events.