Table of Content - Volume 4 (PCI DSS 4.0 edition)

Back to books home

Volume 4 - Hypothetical Case Studies - From Jane’s Flower Attic to Jane’s Flower Emporium (PCI DSS 4.0 edition)

• 4.1 Volume Introduction
  • 4.1.1 Assumptions
• 4.2 Jane’s journey - Step 1 - A small side business
  • 4.2.1 Jane’s Flower Attic (JFA) business
  • 4.2.2 Applying SAQ-B-IP using a cellular network connection to the payment device
    • 4.2.2.1 JFA Information Security Policy (simplified example)
• 4.3 - Step 2 - Jane’s Flower Boutique (JFB)
  • 4.3.1 JFB Network Security Control (NSC, e.g. firewall) standard
• 4.4 Step 3 - Jane’s Flower Chain (JFC)
  • 4.4.1 Network level controls
  • 4.4.2 Identification and Authentication controls
  • 4.4.3 Physical security controls
  • 4.4.4 System level controls
  • 4.4.5 Application level controls
  • 4.4.6 Logging and Monitoring
  • 4.4.7 Testing
  • 4.4.8 Governance, Policies, Procedures
  • 4.4.9 Incident Response
• 4.5 - Step 4 - Jane’s Flower Emporium (JFE)
  • 4.5.1 JFE Organizational Structure
  • 4.5.2 Best-practice in information security governance - Information security separate from IT
  • 4.5.3 Payment transactions
  • 4.5.4 Card present payments in stores and at delivery
  • 4.5.5 Customer Service and MOTO transactions
  • 4.5.6 eCommerce
  • 4.5.7 The Information Security Program (based on ISO 27002)
  • 4.5.8 JFE’s Risk Assessment
    • 4.5.8.1 Step 1 (PREPARE / Establish a risk context)
    • 4.5.8.2 Step 2 (CONDUCT / Assess Risk)
    • 4.5.8.3 Step 3 (COMMUNICATE / Respond to Risk)
    • 4.5.8.4 Step 4 (MAINTAIN / Monitor Risk over time)
• End Notes - Volume 4