The Definitive Guide to PCI Dss Version 4: Documentation, Compliance, and Management
暫譯: PCI DSS 4.0 完整指南：文件、合規性與管理

這本書是您達成 PCI 合規性的首選參考資料。更新後的 PCI 數據安全標準 (PCI DSS) v4.0 包含超過 400 項 PCI 要求，但並未詳細說明 PCI 審核員（稱為合格安全評估師，Qualified Security Assessor, QSA）需要了解的具體文件。本書是第一本詳細說明每項 PCI 要求所需具體文件的參考資料。作者提供了遵循 12 項主要 PCI 要求的實際案例，並釐清了 PCI DSS 中的許多灰色地帶。

任何存儲、處理或傳輸信用卡數據的商家或服務提供商都必須遵守 PCI 數據安全標準。PCI DSS 1.0 於 2004 年首次發布，但許多負責 PCI 合規性的人在試圖理解它時仍然遇到困難。PCI DSS 版本 4 於 2022 年 3 月發布，長達 360 頁，增加了許多新要求，讓許多人在了解他們需要做什麼以達成合規時感到困惑。

PCI DSS v4.0 有一個過渡期，在此期間 PCI DSS 版本 3.2.1 將在 v4.0 發布日期後的兩年內保持有效。雖然過渡期將於 2024 年 3 月 31 日結束，似乎還有一段時間，但負責 PCI 合規性的人將需要充分利用這段時間來熟悉 PCI v4.0 帶來的許多新更新、模板、表單等。

您將學到的內容：

- 知道達成 PCI 合規性所需的條件
- 理解並實施 PCI DSS 中的內容
- 消除持卡人數據
- 有關劃分持卡人數據網絡所需了解的一切
- 知道您在 PCI 合規性工作中所需的文件
- 利用實際經驗協助 PCI 合規性工作

本書的讀者對象：

合規經理及負責 PCI 合規性的人員、資訊安全經理、內部審計員、首席安全官、首席技術官和首席資訊官。讀者應對信用卡支付網絡的運作有基本了解，並具備基本的安全概念。

Arthur B. Cooper Jr. ("Coop") is Principal Security Consultant at TrustedSec. He has 44 years of experience in information technology with the last 17 years focused on the security of payment systems and architectures, ecommerce, payment application assessments, forensic investigations, compliance security assessments, development of secure network architectures, risk management programs, security governance initiatives, and regulatory compliance. Coop was a member of the US Air Force for most of his young adult life and had direct experience with the original ARPANET and ARPANET 1822 Protocols. He was directly involved with the original DoD X.25 networks, the Defense Data Network (DDN), and the Automatic Digital Information Network (AUTODIN). He was directly involved with the original BBN Packet Switch Node (PSN) systems and has witnessed every major information technology "leap" or development since that time.

Coop was the Standards Trainer for the Payment Card Industry Security Standards Council (PCI SSC) for three years from 2010 to 2013 and has been a consultant to some of the largest retail companies and financial institutions in the world. He has worked with businesses to improve their overall security posture and to meet compliance regulations such as PCI, HIPAA, GLBA, and SOX. Coop is an experienced team leader and IT security expert who can ensure timely and successful completion of projects, as well as an enthusiastic security engineer researching emerging security technologies, trends, and tools. His certifications include: Security +, CEH, CISA, CDPSE, CISSP, PCIP, and PCI QSA.

Jeff Hall is Principal Security Consultant at Truvantis, Inc. He has over 30 years of technology and compliance project experience. Jeff has done a significant amount of work with financial institutions, and the health care, manufacturing, and distribution industries, including security assessments, strategic technology planning, and application implementation. He is part of the PCI Dream Team and is the writer of the PCI Guru blog, the definitive source for PCI DSS information.

David Mundhenk is Principal Security Consultant at the Herjavec Group, as an information security, governance, risk, and compliance consultant with extensive multi-organizational experience providing a myriad of professional security services to business and government entities worldwide. He has worked as a computer and network systems security professional for more than 30 years. David's experience covers a broad spectrum of security disciplines, including security compliance assessments, security product quality assurance, vulnerability scanning, penetration testing, application security assessments, network and host intrusion detection/prevention, disaster and recovery planning, protocol analysis, formal security training instruction, and social engineering. He has successfully completed 200+ PCI DSS assessments, and scores of PA-DSS assessments.

Ben Rothke, CISSP, CISM, CISA is a New York city-based Senior Information Security Manager with Tapad and has over 20 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, design and implementation of systems security, encryption, cryptography, and security policy development. Ben is the author of the book Computer Security - 20 Things Every Employee Should Know, and writes security and privacy book reviews for the RSA Conference blog and Security Management. He is a frequent speaker at industry conferences, such as RSA and MISTI, is a member of ASIS, and InfraGard, and holds many security certifications, besides being an ISO 27001 lead auditor.

Arthur B. Cooper Jr.（「Coop」）是TrustedSec的首席安全顧問。他在資訊科技領域擁有44年的經驗，最近17年專注於支付系統和架構的安全性、電子商務、支付應用評估、法醫調查、合規安全評估、安全網路架構的開發、風險管理計畫、安全治理倡議以及法規遵循。Coop在年輕時期大部分時間都是美國空軍的成員，並且對原始的ARPANET和ARPANET 1822協議有直接的經驗。他直接參與了原始的國防部X.25網路、國防數據網路（DDN）和自動數位資訊網路（AUTODIN）。他直接參與了原始的BBN封包交換節點（PSN）系統，並見證了自那時以來每一個主要的資訊科技「飛躍」或發展。

Coop在2010年至2013年間擔任支付卡產業安全標準委員會（PCI SSC）的標準培訓師，並且為一些全球最大的零售公司和金融機構提供顧問服務。他與企業合作以改善其整體安全姿態，並滿足如PCI、HIPAA、GLBA和SOX等合規法規。Coop是一位經驗豐富的團隊領導者和IT安全專家，能夠確保專案的及時和成功完成，同時也是一位熱情的安全工程師，研究新興的安全技術、趨勢和工具。他的證照包括：Security +、CEH、CISA、CDPSE、CISSP、PCIP和PCI QSA。

Jeff Hall是Truvantis, Inc.的首席安全顧問。他擁有超過30年的技術和合規專案經驗。Jeff在金融機構以及醫療保健、製造和分銷行業中做了大量的工作，包括安全評估、戰略技術規劃和應用實施。他是PCI夢想團隊的一員，也是PCI Guru部落格的撰寫者，該部落格是有關PCI DSS資訊的權威來源。

David Mundhenk是Herjavec Group的首席安全顧問，作為資訊安全、治理、風險和合規顧問，擁有廣泛的多組織經驗，為全球的商業和政府實體提供各種專業安全服務。他在計算機和網路系統安全領域工作了超過30年。David的經驗涵蓋了廣泛的安全學科，包括安全合規評估、安全產品質量保證、漏洞掃描、滲透測試、應用安全評估、網路和主機入侵檢測/預防、災難和恢復計畫、協議分析、正式安全培訓指導以及社會工程。他成功完成了200多次PCI DSS評估，以及數十次PA-DSS評估。

Ben Rothke，CISSP、CISM、CISA，是一位位於紐約市的高級資訊安全經理，任職於Tapad，擁有超過20年的資訊系統安全和隱私行業經驗。他的專業領域包括風險管理和緩解、安全和隱私法規問題、系統安全的設計和實施、加密、密碼學以及安全政策的發展。Ben是書籍《Computer Security - 20 Things Every Employee Should Know》的作者，並為RSA Conference部落格和Security Management撰寫安全和隱私書評。他經常在行業會議上發言，如RSA和MISTI，是ASIS和InfraGard的成員，並持有多項安全證照，此外還是ISO 27001的首席審核員。