Late December 2017, the updated versions of the of the PCI Resources book series on PCI DSS were released (links at the end of this post). I received the first paperback copies in early January 2018, and other than tweaks to the cover page for a design issue (weird things can happen when you go from 312 to 458 pages), the book is unchanged from its December 2017 release. The physical book has a new ISBN number, while digital editions kept the same one.


As a reminder, the physical paperback book (PCI DSS made easy) is a compilation of the 4 individual digital-only (Kindle and iBooks) volumes; there were 3 volumes until July 2017’s volume 4 introduction. Digital editions on Kindle and iBooks should be available to those who had previously purchased the books.

I want to thank Jeff Man for the amazing foreword he wrote for this edition of the book which captures the need I felt is met by the book. I feel blessed to have the privilege of interacting with like-minded individuals of this caliber.

While no version change has occured, this release was updated with the following changes (volume sections in parenthesis):

*Volume 1. The Business Case for PCI DSS : added feedback on timeline from the PCI SSC at the 2017 PCI Community Meetings (1.8.6) and Verizon 2017 Data Breach Investigation Report (DBIR) and PCI compliance report (it’s back after skipping 2016!!!) (1.9)

*Volume 2. PCI DSS Scoping : adapted the model to changes from the PCI SSC (2.5, model is released separately) and added more sub-sections in advanced scoping (2.7)

*Volume 3. Building a PCI DSS Information Security Program : updated volume structure, increased content on Risk Assessments (3.6), added a mapping to COBIT 5 (3.14) and my own PCI DSS matrix mapping (3.15)

*Volume 4. Hypothetical Case Studies : Added a Risk Assessment example (4.5.8)

Many graphic elements, from the cover to individual diagrams, were also updated.

Now that this version is out, work on the French and Spanish translations can begin in earnest. I will not be doing these translations myself, but instead focus on working with the translators and reviewing the end results to ensure that meaning is not lost in translation. I hope to have these updates available in the late winter or early spring 2018.

Note, that based on current information here and here, I don’t expect major changes in 2018 but would update if required (or at least document on this blog). 2019 may see a major update (maybe 4.0) and that would likely call for major redesign.

The PCI Resources PCI DSS Scoping Model and Approach will be updated shortly based on the changes in volume 2 (including PDF versions in A4 format for my friends across the pond). Other derivatives from the book will roll throughout 2018.

*Amazon paperback link

*Amazon Author Page