Monthly ArchivesApril 2014

Lizard Brain and Surprise Reactions standard

Have you ever had a moment in your life where you made what you thought was an innocent comment or asked a simple question, but was met with a verbally violent response? This happened multiple times in my career, going back to the PCI DSS assessment days, to living in management, to even personal interactions with individuals. Admittedly, my brain to mouth filter has been maturing over the years—so in some respects that may have been to blame. But recently, I started analyzing these responses and situations when they happened. Kind of a, “how did I get here and what should I do now” analysis. Let’s explore what I have learned. Let’s discuss the concept of Lizard Brain. This is ...

Continue Reading

MasterCard Offers Incident Response Planning Webinar standard

Requirement 12.10 has been present in all versions of PCI DSS and earlier versions of the CISP standard, yet clearly people either struggle with meeting the requirement or with executing an incident response plan. MasterCard announced yesterday a new, upcoming webcast that delves into the details behind requirement 12.10 in PCI DSS 3.0. It’s free, so go register! In the meantime, I have a few older posts that you might enjoy around incident response. Check them out! The Apple Incident Compliant Compromise (Guest post by Frank Castaneira) Boss, I Think Someone Stole our Customer Data Contracts & PCI (Guest post by David Navetta) Man Up MDs! Enjoy! Possibly Related Posts: PCI DSS 4.0 Released plus BOOK DETAILS! PCI Council Loses ...

Continue Reading

Heartbleed and Passwords standard

Right around this same time last week there was a flurry of activity for those responsible for deployments leveraging OpenSSL. Yep, I’m talking about Heartbleed. So after we go through all of the patching and re-keying, it’s now time to consider password changes. This post isn’t about Heartbleed, it’s about passwords and what the bad guys already know. Melanie Pinola from Lifehacker wrote a very interesting piece on Friday about how our password tricks don’t fool the modern hacker. I’m not sure what happened to recommendation number 3 in her piece, 1, 2, and 4 are spot on. What’s the solution? Ultimately it comes down to using some software to help you out. Password managers are now built into some ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!