Monthly ArchivesNovember 2010

What about Mobile Payments? standard

Thanks to a reader who gave me an idea for a blog post! You can suggest your own topics here. Mobile payments means a lot of things to a lot of people. Is it paying for things with that fancy iPhone app? Is it a Wi-Fi or cellular linked payment terminal? Is it paying for things with your cell phone using either an SMS-based payment or a Near-Field Communication (NFC) transaction? For the purposes of this post, I want to focus solely on SMS-Based or NFC transactions that would originate from the buyer’s cell phone. AT&T, T-Mobile, and Verizon announced last week the formation of ISIS, a mobile payment network that looks to capitalize on the per-transaction revenue that can ...

Continue Reading

Happy Thanksgiving, and Travel Tips! standard

First off, Happy Thanksgiving to everyone! If you are traveling today, here are a few tips that have served me well over the years. Read your airline’s policy on carry-on bags (size and weight) BEFORE you pack Carry everything on if you can Convert large liquid toiletries into small travel sizes for your trip Ship anything bulky or any large quantities of liquids instead of bringing them on the plane Research the airport layout and probable location for your departure gate so you know exactly where to go, how to get there, and nearby food and drink options If you are not checking a bag, check in online the day before (within 24-hours of departure) and ensure your seat selection ...

Continue Reading

PCI SSC Releases 2.0 Versions of SAQs standard

Man, I’m falling into the EMC culture nicely. It’s an acronym laden Friday (INSANE IN THE MEMBRANE)! Last night I received an email from the PCI SSC PR team about the new Self-Assessment Questionnaires. You can get them here. While they were not released on the same day as the 2.0 version of PCI DSS, they were quickly ushered out the door. Kudos to the Council for getting these done in a timely manner! I know I’ve had NUMEROUS questions from the 7+million merchant community that deals with SAQs over the last three weeks on the pending release of these. One of the biggest adjustments to the SAQ process is the recognition (or segmentation maybe) of the virtual terminal. If ...

Continue Reading

Mixed Mode and PCI DSS 2.0 standard

One way to get the spidey sense of a savvy security professional tingling is to mention the use of “Mixed Mode” virtualization in some kind of IT initiative related to compliance. Companies are trying to figure out how to build security into their virtualized environments in a way that will cover themselves from both a security and compliance perspective, and the industry in general is quite divided over this issue. Mixed mode, in the context of this post, is a term used to describe a virtual infrastructure that hosts both guests with PCI DSS data on them, and those without. Before we delve into the issues associated with the security concerns here, let’s levelset. PCI DSS, in it’s purest sense, is ...

Continue Reading

Silverado Wrap standard

It takes a massive tortilla to make a Silverado Wrap, but here’s a recipe on how you do it. First, start with a blogger. Next, give the blogger a 2011 Chevrolet Silverado. Finally, wrap it up in a giant tortilla with some videos, blog posts, Twitter and Facebook comments, and enjoy! Here’s what we got when I was the key ingredient above (blogger): The Silverado Extended Cab… uh… CAB!  How big is this thing? CHeck out the kids in the back! Being a Good Samaritan. Calling OnStar is not only for when you get in a crash!  See how I used it to call in a road hazard. Off to the Fair! We loaded up the kids and headed down ...

Continue Reading

Herding Cats November, Is there an App for This? standard

Have you checked out ISSA Connect yet? The next issue is up there with my column, Is there an App for This?. What happens when you push your customer experience into a smartphone? It’s a question that is asked in two different camps—starting with the business and marketing sides and ending with the security teams. Many phones are extremely forensic friendly, and a physical theft could easily lead to full identity theft. If you are a member, log into ISSA Connect and join the discussion! Interact with great professionals globally as well as the authors that you enjoy reading every month. If you are not a member, sign up today!

Continue Reading

Where is Cloud in PCI DSS 2.0? standard

It doesn’t take a keen observer to notice that the term cloud doesn’t even exist in PCI DSS 2.0. In fact, the “Find” feature will do that for you. Sure, strides were made to include Virtualization into the fold (even in spite of many individuals arguing you don’t need to include it, just apply the standard to it), but that is only the first of many steps on the journey to the cloud. If you are on the very front edge of the cloud transformational wave, you may have had to discuss how you use cloud with your QSA. My bet? It was a painful discussion that left both parties leery of the other. My comments in this month’s Digital ...

Continue Reading

October 2010 Roundup standard

What was popular in October? We saw the PCI Security Standards Council release PCI 2.0, I became a shill for Chevrolet (ending Nov 8) and posted a link to my flying blog, I am cooking at #BSidesDFW, and I was on TV! Running around D/FW doing missions for Chevy in the Silverado was fun, but alas, I return the truck on Friday. Here are the five most popular posts from last month: PCI DSS 2.0 Release and Review. This one is two years in the making, and the next one won’t happen for three more years. I threw together a few notes along with links to the document. Full Review of the 2010 PCI Community Meeting. This one held the ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!