PCI Resources
A structured approach to the PCI standards
hero_pattern.png

PCI Resources

A structured approach to the PCI standards

 

Information on Payment Card Industry (PCI) standards including PCI DSS since 2015

The Payment Card Industry (PCI) standards maintained by the PCI SSC have the stated goal to protect card information. My experience that most users can interpret most individual requirements, but lack the overall structured approach (the big picture) to meeting the standards intent.

This site will provide PCI resources to the community, starting with a series of volumes (digital books as well a physical compilations of the volumes) explaining the various facets of the PCI DSS, the main standard maintained by the PCI SSC. Links to other valuable resources will also be provided within each page.

The physical books can be bought on Amazon (through CreateSpace, an Amazon subsidiary). The digital books can be purchased on the Amazon kindle store* or the Apple iBooks store (for iPad, iPhone and Mac computers). 

The scoping model and approach I use is available here (for free under a creative commons license) and further described and detailed in volume 2.

For more on the PCI DSS, please start with the overview, which links to description of the intent (the objective) of the PCI DSS high-level requirements.

* Note: Amazon Kindle is a platform and not just a physical reader device. Kindle reader applications exist for iPhone/iPad, Android, PC, Mac, and even on the web.

 

Contact

CONTACT

info@pciresources.com
 

 

Most referred content


PCI DSS Scoping Model and Approach

Distributed under a Creative Commons license, the model aims to address a lack of understanding on what people, process and technologies of an organization fall under PCI DSS scope, the generally least understood part of PCI DSS.


BLOG

The goal of PCI DSS is to protect cardholder data from theft or unauthorized disclosure. This section presents an overview of how the PCI DSS is structured to


Books on PCI DSS

TThe goal of this book series (digital and physical) is to provide a common understanding for business and technical people alike, and to provide a way for those people to communicate better about PCI DSS compliance, and information security in general. These books are not for dummies. I believe that PCI DSS can be explained to laymen if properly presented.



PCI DSS Overview

The goal of PCI DSS is to protect cardholder data from theft or unauthorized disclosure. This section presents an overview of how the PCI DSS is structured to meet this goal.


 

 
 
Remember, if you don’t need it, don’t store it!
— PCI DSS 3.2 Standard, p.37