Summary
Welcome to the PCI DSS 3.2.1 edition of this book series on PCI DSS. If you’re looking at this book, then you must have either an interest (in the field of PCI DSS compliance) or a need (your organization must become compliant, or currently has issues with PCI DSS compliance) to gain a better understanding of PCI DSS. The Payment Card Industry (PCI) standards maintained by the PCI SSC have the stated goal to protect card information.
My experience is that most users can interpret most individual requirements, but lack the overall structured approach (the big picture) to meeting the standard’s intent.
The goal of this book is to provide a common understanding for business and technical people alike, and to provide a way for those people to communicate better about PCI DSS compliance, and information security in general. This is not a book for dummies. I believe that PCI DSS can be explained to laymen if properly presented.
This book is the physical compilation of the 4 volumes initially produced only in digital formats. It follows the digital edition’s structure and addresses the following ideas:
1. The Business Case for PCI DSS – What PCI DSS is and why it matters
2. PCI DSS Scoping – How scope is defined and documented
3. Building a PCI DSS Information Security Program – How organizations should approach the standard effectively and efficiently, and apply it to their in-scope environment (people, processes, and technology)
4. Hypothetical Case Studies – Examples of 4 fictitious but plausible companies’ PCI compliance program.