Stay Classy, San Diego!

Stay Classy, San Diego!

2011 is in the books, and we’re looking ahead to what promises to be an interesting year for everyone. Economic uncertainty promotes crime, and more of our assets are migrating to an electronic medium every day. We saw big breaches. BIG breaches. Hactivisim and state sponsored cyber-warfare lead the pack on the biggest and most devastating breaches of 2011.

This year we talked about PCI DSS as we normally do, but later in the year we made a decided shift in our focus to security—something I hope anyone dealing with PCI DSS has already done. I think you all liked the shift as well, considering the top four were written in the last half of the year.

Here are the top posts from last year:

  1. Attack the Humans First. Even though this post was written in mid-October, it took the top spot by almost double the next one on the list. Social engineering isn’t new, but it consistently proves its usefulness as technical controls get tighter. The attackers are changing their focus, and we’re not changing fast enough to combat them. Check out this post that goes through the human element of information security.
  2. Where is your Chaos Monkey? I was inspired by a HBR article that touched on the IT function of a company and thought that this would apply directly to Information Security. Netflix has a chaos monkey, but do you? Should you? If we are to be in a state of readiness, we certainly need one.
  3. PCI Council Revokes QSA Status (Finally?). Anyone who has had the pleasure of working with a QSA at some point in their career has an opinion on them—and most are unfavorable in nature. This year was the first time we saw a public display associated with a QSA’s status changing. QSAs have come and go, but this one sent ripples.
  4. Visa Kills PCI Assessments and Wants Your Processor to Support EMV. Visa made big moves toward promoting the deployment and investment in EMV here in the US. Those of you reading from Europe or Canada are probably thinking, “Jeez, it’s about time.” In order to get companies to think about adopting this technology, Visa had to create some kind of incentive. Did they inadvertently call for the end of PCI Assessments? Visa threw out some new timelines and program details that you need to know about. There are several posts on the topic, but you should definitely also read this one with the final word.
  5. Seven Deadly Sins of a QSA. Boy, this was a fun one to write. What started as a rant turned into a presentation that I gave in late 2010. 7,000 words later, we have this exposé on the top goofs that QSAs make. It’s worth the read for no other reason than to get a nice laugh at the expense of a few bad apples. You can download the entire article in one PDF here.

Thanks for stopping by!

This post originally appeared on BrandenWilliams.com.