Monthly ArchivesAugust 2009

PCI DSS Goes v1.2.1 standard

Don’t worry, you don’t need to tear up your existing compliance assessment.  Troy Leach recently alerted the world, via press release, that PCI DSS version 1.2.1 is now the most recent version of PCI DSS, though he states, “As there are no changes to the intention or requirements of the DSS, your compliance programs will be unaffected by the change from DSS 1.2 to DSS 1.2.1.”  This change is minor in nature, and does not constitute a new version per the PCI Lifecycle document released earlier this year.  Most of the changes are typos or alterations in the document, some based on new policies or fees.  Let’s walk through the changes. Three documents were modified with this new version.  For PCI ...

Continue Reading

Visa Sets Payment Application Security Mandates standard

As many of us in the industry had suspected, Visa has delayed its payment application security mandates two years to 2010 (newly boarded merchants) and 2012 (all merchants).  The information was officially released on June 24, but I certainly did not see any public reference to it until recently.  This is rumored to be largely in response to a low supply and high demand issue in the fuel industry. So those of you that were dealing with unrealistic deadlines, you’ve got a reprieve!  Keep pushing though, don’t be one of those guys limping in at the eleventh hour! Possibly Related Posts: PCI Council Loses $600K in Revenue, PO Population on the Decline Why PCI DSS 4.0 Needs to be a ...

Continue Reading

Featured on the SecureLexicon Podcast standard

Steven Fox, blogger for CSO Online and fellow columnist in the ISSA Journal, interviewed me for his Art of War Podcast where I discuss the parallels between Sun Tzu’s teachings and PCI Compliance.  Of the podcasts I’ve done, this one was particularly fun for me because I had to grab my Art of War book off the shelf and study up for it! Sun Tzu’s teachings apply to PCI and Information Security (it is a war, people) when you read his book in the light of an information security perspective.  Go check out Steven’s column in the Journal, his excellent podcast, and Sun Tzu’s Art of War! Possibly Related Posts: PCI Council Loses $600K in Revenue, PO Population on the ...

Continue Reading

How PCI Can Ruin You standard

No, this is not one of those posts poo-pooing PCI because it is the popular thing to do. But after my marathon writing sessions working on the book, I started to think about all the customers that I had visited over the years, and all the problems I have seen, and how even today the problems that come up are essentially caused by common root issues. BTW, I’m hoping you guys all LOVE the case studies. Some of you readers might even be business owners or playing a part in them!  That was, by far, my favorite part of writing the book.  Maybe I’ll try some bad fiction writing next? (FAIL) Anyway, one of the things that the information security ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!