Monthly ArchivesMarch 2009

NEWS FLASH: RBS WorldPay and Heartland Dropped from CISP Compliant List standard

You’ve probably seen the story by now… it’s out there. Here is one link, and you can likely find MANY others. Here’s my question. If they are taking them off the list versus leaving them under review, are they saying that they never should have been certified in the first place? And if they are saying that, doesn’t this mean they are declaring shenanigans on the review by the QSA of record? Do I sense a trickle down effect here? Possibly Related Posts: PCI Council Loses $600K in Revenue, PO Population on the Decline Why PCI DSS 4.0 Needs to be a Complete Rewrite Equifax is only half the problem, your SSN needs a redesign! Orfei Steps Down Should you ...

Continue Reading

Sanity DOES Exist! standard

I know, it seems rare when we find it. I would have been hauled off along time ago and locked in the loony bin if I had stopped down every insane security discussion I was having by screaming SERENITY NOW! I spoke with a retailer this morning that started a conversation with “We do security in an unconventional way.” At this point, my finger is moving toward the giant eject button I carry with me for situations just like this. Think about the “Easy Button,” but instead of easy, it says EJECT and flies me far, far away. Then the individual surprises me and says, “We treat our network as compromised instead of trusted, and adjust our security practices and ...

Continue Reading

Time to get caught up! standard

I’ve been lazy lately. Well, not lazy, just busy. I forgot to put up links to the Feb edition of Herding Cats! This one is entitled, Cloud Computing is Heavy, where I throw a little spin on the security of Cloud Computing. Fun stuff. Also, look for an upcoming surprise in the next issue of the ISSA Journal! Possibly Related Posts: Top Posts from 2015 October 2015 Roundup September 2015 Roundup August 2015 Roundup June-July 2015 Roundup

Continue Reading

The Problem with PCI standard

Uh oh, is he really going to go there? No way… he can’t go there! YES! HE IS GOING THERE! One thing that cracks me up about reading blogs on PCI is the massive amount of individuals who have no idea what they are talking about. Just like that vendor that you run into at RSA that says “I SOLVE ALL PCI PROBLEMS! I AM A SILVER BULLET,” there are those out in the blogosphere that throw out claims without substance and pure drivel. Some even do it so well that the media will run with the claim. Like the so called “second processor breach” of last month. Actually, that makes me laugh more! There have been people that argue ...

Continue Reading

PCI Council releases Prioritized Approach for v1.2 standard

Sometime over the last two days, the PCI Security Standards Council released their Prioritized Approach guideline for implementing PCI v1.2. Go download it and take a look. This document is probably useful for a merchant who has never heard of PCI. It details the priority they believe merchants should assign to every PCI Requirement and places them in to one of six buckets. For those merchants and service providers that are currently working through their gaps, or are already compliant, this spreadsheet will probably not be useful. The danger with this document is it makes sweeping assumptions that every organization is the same, and therefore should prioritize the same. The provided spreadsheet is locked, so if you want to customize ...

Continue Reading

Funny how??! standard

I’m too tall to even come close to pulling off Joe Pesci. So just think about the scene in Goodfellas where Tommy DeVito is pulling Henry Hill’s leg in the restaurant. How am I funny?! Anyway, if you are looking at my blog and you see a little badge on the upper right with a link to the Social Security Award and are wondering what that funny business is, I’ll tell ya! The Security Blogger Meet-Up at RSA is coming soon, and they are going to have some awards this year! There are five awards that will be given out. They are: Best Security Podcast – Who is the voice you listen to week after week? Best Technical Security Blog ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!