The Payment Card Industry Data Security Standard (PCI DSS) isn’t dramatically different to the requirements of the Best Practice Security Standard – ISO27001, except that PCI doesn’t mention any of the prerequisites required for a management framework, e.g. management commitment and ongoing improvement plans, whereas ISO27001 leaves alone a lot of the detail around how controls are actually implemented. So, therefore, one could be forgiven for believing that MasterCard and Visa assumed PCI would be additional security requirements to sit on top of an already established information security management system (ISMS).

There is no getting away from the fact that this is good news for industry as a whole. Any new ...

Get PCI DSS: A Practical Guide to implementing and maintaining compliance, Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.