Book Series

The goal of this book series is to provide a common understanding for business and technical people alike, and to provide a way for those people to communicate better about PCI DSS compliance, and information security in general. These books are not for dummies. I believe that PCI DSS can be explained to laymen if properly presented.

The [list of changes to the 4.0 edition][/book/40-changes] is available.


Physical Book

The physical paperback copy of the book, called PCI DSS Made Easy, is a compilation of the first 3 digital volumes. The physical books can be bought from Amazon (produced by CreateSpace, an Amazon subsidiary) in multiple countries worldwide.


Digital Volumes

The digital edition on Amazon Kindle Platform and on the Apple iBooks platform.

The first 3 volumes were initially release in 2015 for PCI DSS 3.1, and updated for PCI DSS 3.2 in summer 2016. Volume 4, written for PCI DSS 3.2, was released in July 2017. They were also later updated to version 3.2.1 on 2018. A major update (including portions rewrite) to cover the changes to PCI DSS 4.0 in summer 2022.

The volumes are:

  1. The Business Case for PCI DSS - explains what PCI DSS is, where it comes from, and why it matters (TOC)

  2. PCI DSS Scoping - explains how scope is defined and documented (TOC)

  3. Building a PCI DSS Information Security Program - explains how organizations should approach the standard effectively and efficiently, and apply it to their in-scope environment (people, processes, and technology) (TOC)

  4. Hypothetical Case Studies - Follow the fictitious Jane Doe has she groes Jane’s Flower Attick to Jane’s Flower Emporium while never missing a beat on remaining compliant with PCI DSS (TOC)

Note: Amazon Kindle is a platform and not just a physical reader device. Kindle reader applications exist for iPhone/iPad, Android, PC, Mac, and even on the web. Apple iBooks is available on all Apple devices including iPhones, iPads and Mac computers.