Monthly ArchivesSeptember 2010

Full Review of the 2010 PCI Community Meeting standard

Note: After my last post, I received a phone call giving me permission to fill in the blanks. So here’s what I really wanted to say! It’s almost like a madlib.  In fact, you should try that with the last post, I bet it would be fun! PCI 2.0 is just around the corner, and what better way to discuss it than by reviewing the PCI Community Meeting that just wrapped in Orlando! Much of the information we received was classified as confidential or embargoed, so unless you are a stakeholder (like a Participating Organization, QSA, ASV, or described by any other of the acronyms we have come to love) you are missing out. Of course, the first thing we ...

Continue Reading

Review of the 2010 ____ ____ Meeting standard

PCI 2.0 is just around the corner, and what better way to discuss it than by reviewing the ____ ____ ____ that just wrapped in ____! Much of the information we received was classified as confidential or embargoed, so unless you are a stakeholder (like a ____ ____, ____, ____, or described by any other of the acronyms we have come to love) you are missing out. Of course, the first thing we all heard was the ban on social media. Ironically, there was a press table in the back, so I’m not sure what those guys are going to be able to do with the info if they cannot write about it. Anyway, here’s my take: Wednesday’s session kicked ...

Continue Reading

MasterCard Service Provider Registration Explained standard

MasterCard released (or re-released) a guide on how to become a registered and approved Member Service Provider (MSP) as a requirement to be listed as a compliant MasterCard Service Provider. The PDF linked above has a detailed process for completing this, including two major tasks spread out over several days. The first step is to apply for and receive your user ID under the MasterCard Registration Program. After you complete the six step process outlined in the PDF, you take a week vacation (or just wait five to seven business days). Once you get your ID, just run through the second set of five steps (though that last one is a doozy) and take another short vacation (or again, wait ...

Continue Reading

How Desktop as a Service (DaaS) can Benefit You standard

Among all the fancy “as a service” cloud acronyms, one that is particularly interesting to me is the Desktop as a Service (DaaS). It seems like most information workers have a personal device and internet connection for their intertube browsing needs—many of those personal devices easily outperforming their corporate issued bretheren. So why do corporations insist on issuing laptops to road warriors when many of us end up carrying multiple devices (even if one of those is an iPad)? One big reason why I see this being an issue is support. IT support centers cannot be expected to efficiently troubleshoot problems on machines where they are unfamiliar with the build (i.e., non-standard builds or non-gold builds). Anyone out there who ...

Continue Reading

Do you know your IT? standard

This post is mostly going to apply to smaller companies as I would HOPE (tongue in cheek a bit here) that larger merchants wouldn’t have this problem. Small- and Medium-sized businesses (SMBs) have more advanced software tools available to them today than ever before. Cloud-based solutions allow for multi-million dollar software packages to be available to SMBs at affordable monthly subscription prices. This level of business analytics, automation, and intelligence can make a big difference in how a business competes.  What once would take dedicated headcount can now be automated and scaled. But with great power, comes great responsibility. SMBs that entrust their business or data to these third parties must invest time and effort to understand not only what ...

Continue Reading

What’s the Value? standard

If you were to give someone the task of protecting a room that holds anywhere from $10,000 to $100,000 in cash, the yearly spend to protect that room (in basic risk management theory) should not exceed the Annualized Loss Expectancy (ALE).  ALE is a simple representation that contains an extremely complex portion of applied mathematics called probability. ALE = Impact of the event in Dollars * Probability of that event occurring on an annualized basis1 Why is this complex? How hard is it to multiply a couple of numbers together? Imagine if someone tried to explain the complex dynamics of Football to you by saying, “Well, the person that scores the most wins the game.” That’s, of course, technically correct, ...

Continue Reading

Herding Cats September, Trusting Trust standard

Have you checked out ISSA Connect yet? The next issue is up there with my column, Trusting Trust. What would we do without a little bit of trust? Our lives would certainly be much less convenient, and has the potential to be more secure. If you are a member, log into ISSA Connect and join the discussion! Interact with great professionals globally as well as the authors that you enjoy reading every month. If you are not a member, sign up today!

Continue Reading

August 2010 Roundup standard

What was popular in August? I personally closed out the month with a huge milestone, corrective surgery that should hopefully remove my requirement for glasses and contacts. I am in recovery, and can SORTA see this post, so I disclaim any responsibility for the content herein.  Actually, should probably do that for the whole blog. Here are the five most popular posts from last month: Why QSAs Should Not Be Your Security Partner. That’s right, folks. It’s time to separate your consultants from your assessors. Do you know what motivates QSAs?  Here is an inside scoop on what goes on inside your QSAs head, and why he doesn’t have your best interests in mind. Where’s the Breach? Is this the ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!