Everand Logo

Welcome to Everand!

  • Discover millions of ebooks, audiobooks, and so much more with a free trial

    Only $11.99/month after trial. Cancel anytime.

    PCI DSS A Complete Guide - 2020 Edition
    PCI DSS A Complete Guide - 2020 Edition
    PCI DSS A Complete Guide - 2020 Edition
    Ebook322 pages2 hours

    PCI DSS A Complete Guide - 2020 Edition

    By Gerardus Blokdyk

    ()

    Read preview

    About this ebook

    Is the serial number printed on the label correct? Does the scope of work include Contractor to manage systems storing data governed by PCI-DSS? Has an incident response plan been created to be implemented in the event of a system breach? What if you outsource the handling, transmission or storage of cardholder data to a third party organization? What is PCI DSS and what does it do?

    Defining, designing, creating, and implementing a process to solve a challenge or meet an objective is the most valuable role… In EVERY group, company, organization and department.

    Unless you are talking a one-time, single-use project, there should be a process. Whether that process is managed and implemented by humans, AI, or a combination of the two, it needs to be designed by someone with a complex enough perspective to ask the right questions. Someone capable of asking the right questions and step back and say, 'What are we really trying to accomplish here? And is there a different way to look at it?'

    This Self-Assessment empowers people to do just that - whether their title is entrepreneur, manager, consultant, (Vice-)President, CxO etc... - they are the people who rule the future. They are the person who asks the right questions to make PCI DSS investments work better.

    This PCI DSS All-Inclusive Self-Assessment enables You to be that person.

    All the tools you need to an in-depth PCI DSS Self-Assessment. Featuring 2206 new and updated case-based questions, organized into seven core areas of process design, this Self-Assessment will help you identify areas in which PCI DSS improvements can be made.

    In using the questions you will be better able to:

    - diagnose PCI DSS projects, initiatives, organizations, businesses and processes using accepted diagnostic standards and practices

    - implement evidence-based best practice strategies aligned with overall goals

    - integrate recent advances in PCI DSS and process design strategies into practice according to best practice guidelines

    Using a Self-Assessment tool known as the PCI DSS Scorecard, you will develop a clear picture of which PCI DSS areas need attention.

    Your purchase includes access details to the PCI DSS self-assessment dashboard download which gives you your dynamically prioritized projects-ready tool and shows your organization exactly what to do next. You will receive the following contents with New and Updated specific criteria:

    - The latest quick edition of the book in PDF

    - The latest complete edition of the book in PDF, which criteria correspond to the criteria in...

    - The Self-Assessment Excel Dashboard

    - Example pre-filled Self-Assessment Excel Dashboard to get familiar with results generation

    - In-depth and specific PCI DSS Checklists

    - Project management checklists and templates to assist with implementation

    INCLUDES LIFETIME SELF ASSESSMENT UPDATES

    Every self assessment comes with Lifetime Updates and Lifetime Free Updated Books. Lifetime Updates is an industry-first feature which allows you to receive verified self assessment updates, ensuring you always have the most accurate information at your fingertips.

    LanguageEnglish
    Publisher5STARCooks
    Release dateSep 6, 2019
    ISBN9780655967040
    PCI DSS A Complete Guide - 2020 Edition

    Read more from Gerardus Blokdyk

    Related to PCI DSS A Complete Guide - 2020 Edition

    Related ebooks

    Business For You

    View More
    View More

    Related podcast episodes

    Related articles

    • Article

      Staying Safe In The Cloud

      Jul 22, 2019

      Staying Safe In The Cloud
      4 min read

    • Article

      Refreshed Practice Notes By The DIA For All Designers

      Feb 17, 2023

      Over the years, the Design Institute of Australia’s (DIA) Practice Notes have been a helpful resource allowing designers to gain access to vital professional design information. As part of the recent refresh of all DIA resources planned around the la

      3 min read

    • Article

      Refreshed Practice Notes By The DIA For All Designers

      Feb 17, 2023

      Over the years, the Design Institute of Australia’s (DIA) Practice Notes have been a helpful resource allowing designers to gain access to vital professional design information. As part of the recent refresh of all DIA resources planned around the la

      3 min read

    • Article

      Analytics Adolescent Or Mature Metrics Master?

      Jun 25, 2020

      An analytics company that specialise in advanced web analytics, Absolute Analytics, operates on the premise that every business has the right to actionable data and measurable results. From audit stage and set-up to training and reporting, these Alph

      4 min read

    • Article

      Data Security Standards

      Aug 24, 2021

      A lot of engineers like to rail against standards as pointless box-checking and in some cases they are. Especially when it comes to things like PCI-DSS. Fundamentally, any engineer can look at PCI-DSS and say honestly that it’s obvious, and that all

      1 min read

    • Article

      3 Ways to Increase the Enterprise Value of Your Family Business

      Aug 31, 2022

      Many entrepreneurs focus on revenue, innovation and people to lead their enterprise forward in the future – but business tends to get in the way.  Finding, recruiting and hiring talent, maintaining relationships with key customers and vendors, dealin

      3 min read

    • Article

      Getting The edge

      Feb 25, 2021

      Getting The edge
      7 min read

    • Article

      Principles of Technical Leadership

      Mar 1, 2022

      IT staff is more than just a number on a spreadsheet. This information is valuable, but it does not tell the whole story. We’ll also need to know about your team’s project history, current (non-hired) CV, and the skills and positions they have—and wa

      2 min read

    • Article

      How To Lead The Market In CX

      Feb 11, 2018

      Great customer experiences don’t happen by accident. They require a vision, a plan and flawless cross functional execution. In Avanade’s ‘Is your customer experience making an impact or not?’ this plan is broken down into a three-step ‘CX Trek’ of di

      3 min read

    • Article

      Jobs Of The Future

      Jan 26, 2023

      Jobs Of The Future
      5 min read

    • Article

      Q&A

      May 1, 2023

      Describe the capability that companies like Netflix, UPS, Amazon and Caesars Entertainment have in common. These are all leading firms in their industries with respect to leveraging analytics as a source of competitive advantage. We now have so much

      7 min read

    • Article

      Leadership Forum: Making Digital Transformation A Reality

      Jan 1, 2018

      Glenda Crisp Senior Vice President and Chief Data Officer, TD Bank Group + Connie Bonello Associate Partner, Financial Services, IBM Canada IN MOST OF TODAY’S ORGANIZATIONS, data underpins every transaction, operation and interaction. And yet, the ab

      8 min read

    • Article

      Professional Perspective

      Nov 17, 2023

      Professional Perspective
      2 min read

    • Article

      The Road Best Travelled

      Feb 25, 2018

      The Road Best Travelled
      3 min read

    • Article

      Standing Out As A DIA Accredited Designer

      Nov 13, 2022

      Design Institute of Australia (DIA) welcomes membership from designers in all design disciplines. It introduced its Accredited Designer program in 2003. For two decades now, the program has championed learning and development as a way for design prac

      2 min read

    • Article

      Five Steps To Deploying AI

      Jul 21, 2021

      Step 1: Start with a business case: Choose a business problem that can be resolved with improved insight, information, and data. Specify the minimum viable product (MVP) and test its viability quickly, even if on a small scale. Step 2: Decide whethe

      1 min read

    Related categories

    Reviews for PCI DSS A Complete Guide - 2020 Edition

    0 ratings

    0 ratings0 reviews

    What did you think?

    Tap to rate

    Review must be at least 10 words

      Book preview

      PCI DSS A Complete Guide - 2020 Edition - Gerardus Blokdyk

      PCI DSS

      Complete Self-Assessment Guide

      The guidance in this Self-Assessment is based on PCI DSS best practices and standards in business process architecture, design and quality management. The guidance is also based on the professional judgment of the individual collaborators listed in the Acknowledgments.

      Notice of rights

      You are licensed to use the Self-Assessment contents in your presentations and materials for internal use and customers without asking us - we are here to help.

      All rights reserved for the book itself: this book may not be reproduced or transmitted in any form by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher.

      The information in this book is distributed on an As Is basis without warranty. While every precaution has been taken in the preparation of he book, neither the author nor the publisher shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the instructions contained in this book or by the products described in it.

      Trademarks

      Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations appear as requested by the owner of the trademark. All other product names and services identified throughout this book are used in editorial fashion only and for the benefit of such companies with no intention of infringement of the trademark. No such use, or the use of any trade name, is intended to convey endorsement or other affiliation with this book.

      Copyright © by The Art of Service

      http://theartofservice.com

      service@theartofservice.com

      About The Art of Service

      The Art of Service, Business Process Architects since 2000, is dedicated to helping stakeholders achieve excellence.

      Defining, designing, creating, and implementing a process to solve a stakeholders challenge or meet an objective is the most valuable role… In EVERY group, company, organization and department.

      Unless you’re talking a one-time, single-use project, there should be a process. Whether that process is managed and implemented by humans, AI, or a combination of the two, it needs to be designed by someone with a complex enough perspective to ask the right questions.

      Someone capable of asking the right questions and step back and say, ‘What are we really trying to accomplish here? And is there a different way to look at it?’

      With The Art of Service’s Standard Requirements Self-Assessments, we empower people who can do just that — whether their title is marketer, entrepreneur, manager, salesperson, consultant, Business Process Manager, executive assistant, IT Manager, CIO etc... —they are the people who rule the future. They are people who watch the process as it happens, and ask the right questions to make the process work better.

      Contact us when you need any support with this Self-Assessment and any help with templates, blue-prints and examples of standard documents you might need:

      http://theartofservice.com

      service@theartofservice.com

      Included Resources - how to access

      Included with your purchase of the book is the PCI DSS Self-Assessment Spreadsheet Dashboard which contains all questions and Self-Assessment areas and auto-generates insights, graphs, and project RACI planning - all with examples to get you started right away.

      How? Simply send an email to

      access@theartofservice.com

      with this books’ title in the subject to get the PCI DSS Self Assessment Tool right away.

      You will receive the following contents with New and Updated specific criteria:

      •The latest quick edition of the book in PDF

      •The latest complete edition of the book in PDF, which criteria correspond to the criteria in...

      •The Self-Assessment Excel Dashboard, and...

      •Example pre-filled Self-Assessment Excel Dashboard to get familiar with results generation

      •In-depth specific Checklists covering the topic

      •Project management checklists and templates to assist with implementation

      INCLUDES LIFETIME SELF ASSESSMENT UPDATES

      Every self assessment comes with Lifetime Updates and Lifetime Free Updated Books. Lifetime Updates is an industry-first feature which allows you to receive verified self assessment updates, ensuring you always have the most accurate information at your fingertips.

      Get it now- you will be glad you did - do it now, before you forget.

      Send an email to access@theartofservice.com with this books’ title in the subject to get the PCI DSS Self Assessment Tool right away.

      Purpose of this Self-Assessment

      This Self-Assessment has been developed to improve understanding of the requirements and elements of PCI DSS, based on best practices and standards in business process architecture, design and quality management.

      It is designed to allow for a rapid Self-Assessment to determine how closely existing management practices and procedures correspond to the elements of the Self-Assessment.

      The criteria of requirements and elements of PCI DSS have been rephrased in the format of a Self-Assessment questionnaire, with a seven-criterion scoring system, as explained in this document.

      In this format, even with limited background knowledge of PCI DSS, a manager can quickly review existing operations to determine how they measure up to the standards. This in turn can serve as the starting point of a ‘gap analysis’ to identify management tools or system elements that might usefully be implemented in the organization to help improve overall performance.

      How to use the Self-Assessment

      On the following pages are a series of questions to identify to what extent your PCI DSS initiative is complete in comparison to the requirements set in standards.

      To facilitate answering the questions, there is a space in front of each question to enter a score on a scale of ‘1’ to ‘5’.

      1 Strongly Disagree

      2 Disagree

      3 Neutral

      4 Agree

      5 Strongly Agree

      Read the question and rate it with the following in front of mind:

      ‘In my belief,

      the answer to this question is clearly defined’.

      There are two ways in which you can choose to interpret this statement;

      1.how aware are you that the answer to the question is clearly defined

      2.for more in-depth analysis you can choose to gather evidence and confirm the answer to the question. This obviously will take more time, most Self-Assessment users opt for the first way to interpret the question and dig deeper later on based on the outcome of the overall Self-Assessment.

      A score of ‘1’ would mean that the answer is not clear at all, where a ‘5’ would mean the answer is crystal clear and defined. Leave emtpy when the question is not applicable or you don’t want to answer it, you can skip it without affecting your score. Write your score in the space provided.

      After you have responded to all the appropriate statements in each section, compute your average score for that section, using the formula provided, and round to the nearest tenth. Then transfer to the corresponding spoke in the PCI DSS Scorecard on the second next page of the Self-Assessment.

      Your completed PCI DSS Scorecard will give you a clear presentation of which PCI DSS areas need attention.

      PCI DSS

      Scorecard Example

      Example of how the finalized Scorecard can look like:

      PCI DSS

      Scorecard

      Your Scores:

      BEGINNING OF THE

      SELF-ASSESSMENT:

      Table of Contents

      About The Art of Service10

      Included Resources - how to access10

      Purpose of this Self-Assessment12

      How to use the Self-Assessment13

      PCI DSS

      Scorecard Example15

      PCI DSS

      Scorecard16

      BEGINNING OF THE

      SELF-ASSESSMENT:17

      CRITERION #1: RECOGNIZE18

      CRITERION #2: DEFINE:26

      CRITERION #3: MEASURE:43

      CRITERION #4: ANALYZE:49

      CRITERION #5: IMPROVE:65

      CRITERION #6: CONTROL:74

      CRITERION #7: SUSTAIN:90

      PCI DSS and Managing Projects, Criteria for Project Managers:137

      1.0 Initiating Process Group: PCI DSS138

      1.1 Project Charter: PCI DSS140

      1.2 Stakeholder Register: PCI DSS142

      1.3 Stakeholder Analysis Matrix: PCI DSS143

      2.0 Planning Process Group: PCI DSS145

      2.1 Project Management Plan: PCI DSS147

      2.2 Scope Management Plan: PCI DSS149

      2.3 Requirements Management Plan: PCI DSS151

      2.4 Requirements Documentation: PCI DSS153

      2.5 Requirements Traceability Matrix: PCI DSS155

      2.6 Project Scope Statement: PCI DSS157

      2.7 Assumption and Constraint Log: PCI DSS159

      2.8 Work Breakdown Structure: PCI DSS161

      2.9 WBS Dictionary: PCI DSS163

      2.10 Schedule Management Plan: PCI DSS165

      2.11 Activity List: PCI DSS167

      2.12 Activity Attributes: PCI DSS169

      2.13 Milestone List: PCI DSS171

      2.14 Network Diagram: PCI DSS173

      2.15 Activity Resource Requirements: PCI DSS175

      2.16 Resource Breakdown Structure: PCI DSS176

      2.17 Activity Duration Estimates: PCI DSS178

      2.18 Duration Estimating Worksheet: PCI DSS180

      2.19 Project Schedule: PCI DSS182

      2.20 Cost Management Plan: PCI DSS184

      2.21 Activity Cost Estimates: PCI DSS186

      2.22 Cost Estimating Worksheet: PCI DSS188

      2.23 Cost Baseline: PCI DSS190

      2.24 Quality Management Plan: PCI DSS192

      2.25 Quality Metrics: PCI DSS194

      2.26 Process Improvement Plan: PCI DSS196

      2.27 Responsibility Assignment Matrix: PCI DSS198

      2.28 Roles and Responsibilities: PCI DSS200

      2.29 Human Resource Management Plan: PCI DSS202

      2.30 Communications Management Plan: PCI DSS204

      2.31 Risk Management Plan: PCI DSS206

      2.32 Risk Register: PCI DSS208

      2.33 Probability and Impact Assessment: PCI DSS210

      2.34 Probability and Impact Matrix: PCI DSS212

      2.35 Risk Data Sheet: PCI DSS214

      2.36 Procurement Management Plan: PCI DSS216

      2.37 Source Selection Criteria: PCI DSS218

      2.38 Stakeholder Management Plan: PCI DSS220

      2.39 Change Management Plan: PCI DSS222

      3.0 Executing Process Group: PCI DSS224

      3.1 Team Member Status Report: PCI DSS226

      3.2 Change Request: PCI DSS228

      3.3 Change Log: PCI DSS230

      3.4 Decision Log: PCI DSS232

      3.5 Quality Audit: PCI DSS234

      3.6 Team Directory: PCI DSS237

      3.7 Team Operating Agreement: PCI DSS239

      3.8 Team Performance Assessment: PCI DSS241

      3.9 Team Member Performance Assessment: PCI DSS243

      3.10 Issue Log: PCI DSS245

      4.0 Monitoring and Controlling Process Group: PCI DSS247

      4.1 Project Performance Report: PCI DSS249

      4.2 Variance Analysis: PCI DSS251

      4.3 Earned Value Status: PCI DSS253

      4.4 Risk Audit: PCI DSS255

      4.5 Contractor Status Report: PCI DSS257

      4.6 Formal Acceptance: PCI DSS259

      5.0 Closing Process Group: PCI DSS261

      5.1 Procurement Audit: PCI DSS263

      5.2 Contract Close-Out: PCI DSS265

      5.3 Project or Phase Close-Out: PCI DSS267

      5.4 Lessons Learned: PCI DSS269

      PCI DSS and Managing Projects, Criteria for Project Managers:271

      1.0 Initiating Process Group: PCI DSS272

      1.1 Project Charter: PCI DSS274

      1.2 Stakeholder Register: PCI DSS276

      1.3 Stakeholder Analysis Matrix: PCI DSS277

      2.0 Planning Process Group: PCI DSS279

      2.1 Project Management Plan: PCI DSS281

      2.2 Scope Management Plan: PCI DSS283

      2.3 Requirements Management Plan: PCI DSS285

      2.4 Requirements Documentation: PCI DSS287

      2.5 Requirements Traceability Matrix: PCI DSS289

      2.6 Project Scope Statement: PCI DSS291

      2.7 Assumption and Constraint Log: PCI DSS293

      2.8 Work Breakdown Structure: PCI DSS295

      2.9 WBS Dictionary: PCI DSS297

      2.10 Schedule Management Plan: PCI DSS300

      2.11 Activity List: PCI DSS302

      2.12 Activity Attributes: PCI DSS304

      2.13 Milestone List: PCI DSS306

      2.14 Network Diagram: PCI DSS308

      2.15 Activity Resource Requirements: PCI DSS310

      2.16 Resource Breakdown Structure: PCI DSS312

      2.17 Activity Duration Estimates: PCI DSS314

      2.18 Duration Estimating Worksheet: PCI DSS316

      2.19 Project Schedule: PCI DSS318

      2.20 Cost Management Plan: PCI DSS320

      2.21 Activity Cost Estimates: PCI DSS322

      2.22 Cost Estimating Worksheet: PCI DSS324

      2.23 Cost Baseline: PCI DSS326

      2.24 Quality Management Plan: PCI DSS328

      2.25 Quality Metrics: PCI DSS330

      2.26 Process Improvement Plan: PCI DSS332

      2.27 Responsibility Assignment Matrix: PCI DSS334

      2.28 Roles and Responsibilities: PCI DSS336

      2.29 Human Resource Management Plan: PCI DSS338

      2.30 Communications Management Plan: PCI DSS340

      2.31 Risk Management Plan: PCI DSS342

      2.32 Risk Register: PCI DSS344

      2.33 Probability and Impact Assessment: PCI DSS346

      2.34 Probability and Impact Matrix: PCI DSS348

      2.35 Risk Data Sheet: PCI DSS350

      2.36 Procurement Management Plan: PCI DSS352

      2.37 Source Selection Criteria: PCI DSS354

      2.38 Stakeholder Management Plan: PCI DSS356

      2.39 Change Management Plan: PCI DSS358

      3.0 Executing Process Group: PCI DSS360

      3.1 Team Member Status Report: PCI DSS362

      3.2 Change Request: PCI DSS364

      3.3 Change Log: PCI DSS366

      3.4 Decision Log: PCI DSS368

      3.5 Quality Audit: PCI DSS370

      3.6 Team Directory: PCI DSS373

      3.7 Team Operating Agreement: PCI DSS375

      3.8 Team Performance Assessment: PCI DSS377

      3.9 Team Member Performance Assessment: PCI DSS379

      3.10 Issue Log: PCI DSS381

      4.0 Monitoring and Controlling Process Group: PCI DSS383

      4.1 Project Performance Report: PCI DSS385

      4.2 Variance Analysis: PCI DSS387

      4.3 Earned Value Status: PCI DSS389

      4.4 Risk Audit: PCI DSS391

      4.5 Contractor Status Report: PCI DSS393

      4.6 Formal Acceptance: PCI DSS395

      5.0 Closing Process Group: PCI DSS397

      5.1 Procurement Audit: PCI DSS399

      5.2 Contract Close-Out: PCI DSS402

      5.3 Project or Phase Close-Out: PCI DSS404

      5.4 Lessons Learned: PCI DSS406

      Index408

      CRITERION #1: RECOGNIZE

      INTENT: Be aware of the need for change. Recognize that there is an unfavorable variation, problem or symptom.

      In my belief, the answer to this question is clearly defined:

      5 Strongly Agree

      4 Agree

      3 Neutral

      2 Disagree

      1 Strongly Disagree

      1. Does an accountant in the you automobile industry need to know about PCI DSS?

      <--- Score

      2. Why does your business need to be PCI Compliant?

      <--- Score

      3. Roles, responsibilities, and communication and contact strategies in the event of a compromise including notification of the payment brands, at a minimum?

      <--- Score

      4. What would happen if PCI DSS weren’t done?

      <--- Score

      5. PCI compliance that will need to be accounted for?

      <--- Score

      6. Does everyone in your large mail group really need to see your response?

      <--- Score

      7. What is personal identifiable information ?

      <--- Score

      8. Who needs to be compliant?

      <--- Score

      9. Who needs to be compliant with the PCI DSS?

      <--- Score

      10. If you use

      Enjoying the preview?
      Page 1 of 1