Monthly ArchivesDecember 2010

Five Ways to Get it Right from the START standard

I was sitting in one of my thousands of mobile offices yesterday (i.e., the Starbucks down the way to one of my new favorite local hang-outs) wrapping up the year1 and I couldn’t help but overhear the gaggle of ladies sitting at the table in front of me talking about negotiating some kind of credit card processing agreement for their new business. This was, of course, AFTER the extremely loud gift exchange. I think one of them might have been a gag gift, unless this nice middle aged lady really did want Cookin’ with Coolio for Christmas. I find his measurements hard to follow. How much is a “dime bag of salt” anyway? So picture this scene: It’s some kind ...

Continue Reading

Five things to do for PCI during the freeze standard

IT and security professional that work in the retail and banking space tend to go into lock down during the last half of November, all of December, and the first part of January. We’re all saying our little prayers, and doing whatever rituals we do to keep those systems running worry and breach free until the cash flows come back to normal. So what kinds of things can you do to be productive and prepare for 2011? Get on those quarterly scan results! Hopefully you got a clean scan right before the freeze happened, so you could spend this time planning for your next one to ensure you have clean execution and quick remediation for any items found. Examine data ...

Continue Reading

New PCI Services from EMC/RSA standard

EMC Corporation, in conjunction with EMC Consulting and RSA, announced expanded consulting services to assist companies with PCI Compliance, as a subset of our larger GRC and Information Security initiatives. The three new services are: PCI Program Strategy and Implementation – Organizations leveraging this service not only remedy their PCI compliance issues, but develop a security and compliance program that is aligned with business objectives. New services offered include program development and management, design of strategic frameworks for PCI program, assessment and development of processes and best practices, and PCI training to security teams, data owners, key stakeholders, and internal audit team. PCI Readiness Assessments – This service evaluates an organization’s current PCI DSS posture and helps develop a remediation ...

Continue Reading

Herding Cats December, Brave Old World standard

Have you checked out ISSA Connect yet? The next issue is up there with my column, Brave Old World. This one is all about bucking the trend, going against the grain, swimming up stream, and any other number of clichés that you might want to use. Much of what we are doing today is done without thinking strategically first—especially with respect to compliance initiatives like PCI DSS. If you are a member, log into ISSA Connect and join the discussion! Interact with great professionals globally as well as the authors that you enjoy reading every month. If you are not a member, sign up today!

Continue Reading

Physical Security begets Infosec Problems standard

Have you ever noticed how the things we do in the electronic security world mirror the things we do in the physical world? We deploy firewalls at our network perimeter like we put fences near our property lines. We make rules in firewalls to allow certain traffic through just like we have guards that allow authorized parties access to physical assets. In the physical world, visible security controls could take the form of an employee with a badge or a visitor that is escorted. It’s remarkably similar. But what about the bad side of security? You know, those dumb things that smart people do to cause incidents? Most corporate networks are incredibly flat and operate more like a university and ...

Continue Reading

November 2010 Roundup standard

What was popular in November? It was all about PCI 2.0 in November, I cooked for #BSidesDFW (check out my apron), and we discussed mixed-mode virtualization with respect to PCI DSS! Look for some fun PCI stuff this month as well! Here are the five most popular posts from last month: PCI DSS 2.0 Release and Review. For the second month in a row, this post took the number 1 spot. This one is two years in the making, and the next one won’t happen for three more years. I threw together a few notes along with links to the document. Scoping Fun with PCI DSS 2.0. How do you know what you need to do for PCI DSS unless ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!