Administration | Branden R. Williams, Business Security Specialist

November 2009 Roundup standard

Taking a hint from Anton Chuvakin’s blog, I thought I’d start posting the five most popular posts from the previous month. If you have not had a chance to read everything here, give these five a try! Here are the five most popular posts from last month: To New Beginnings. It was an epic run. Six years with the same company, seeing it through two acquisitions/divestitures, and working with some of the best in the industry to build a world class consulting organization makes you nostalgic. It was time to move on, and lots of folks were interested! Will PCI Mandate the Use of Data Discovery Tools? Some views on the ups and downs that DLP and data discovery tools ...

To New Beginnings standard

Yep, it’s true. Today is my last day at AT&T/VeriSign where I’ve absolutely enjoyed the last six years of my career. I started thinking back to the last job I left. It was an internet service provider that was local to Dallas (long since gone belly up and litigated to pieces). It was my second job while building one of those small, two man dot-com start-ups in the mid 1990s. I left the job in 1998 when we sold our startup. That’s just over eleven years ago! I’ve been with Guardent/VeriSign/AT&T for six years. Prior to that I was with the investment company that acquired our little startup in 1998 until management decided to unwind it. Things are moving fast. ...

October 2009 Roundup standard

Taking a hint from Anton Chuvakin’s blog, I thought I’d start posting the five most popular posts from the previous month. If you have not had a chance to read everything here, give these five a try! Here are the five most popular posts from last month: MasterCard/Visa Remove Reciprocity. This post details changes made on payment brand websites that appear to remove level reciprocity on merchants. Regardless of your level, most acquirers (or acquiring functions of payment brands) will accept a higher level of validation. You should not be forced to complete a ROC and SAQ, submitting only a ROC should suffice. The Problem with Logging. Which kind of logging are you guilty of doing most? Over-logging? Under-Logging? Check ...

PCI Community Meeting, Vegas! standard

I hope to see many of you next week at the PCI Community Meeting in Las Vegas! VeriSign will have a booth and is a sponsor for the event. If you are going, please do stop by our booth and attend our sponsored cocktail hour! We’ll have some goodies and some exciting news for everyone that stops to chat! At this point, I’m not sure what kind of coverage I’ll be able to provide from the meeting, but more on that soon. Before you arrive for the sessions, I urge you to review the myriad of information available on the PCI Security Standards Council website, including the recently published SIG papers, and prepare your questions. This is your chance to ...

Webcast, on July 7, Maintaining PCI Compliance! standard

Please join me on July 7 for an informative webcast on Maintaining PCI Compliance! To register or attend, please go to: http://www.brighttalk.com/webcasts/4431/attend. Now that Level I merchants have undergone a few annual Payment Card Industry (PCI) assessments (and Level 2 merchants are soon to be doing the same), they are addressing the realization that a mature, sustainable compliance program requires more than once-a-year rallying to prepare for, participate in, and pass an assessment. Daily operational focus and ongoing effort are vital to protect investments in compliance, manage risk, and minimize the business disruptions and costs associated with achieving and demonstrating compliance year after year. This presentation discusses best practices for building a compliance program that can be supported and maintained ...

Are you at the Gartner Summit? standard

If so, go find the VeriSign booth, and ask for Rob Harvey. He is challenging attendees to a game of Blackjack! Beat Rob, and you win!

Herding Cats and The Art of the Compensating Control standard

OK folks, two biggies from the April issue of the ISSA. The first is this month’s issue of Herding Cats entitled, Get Compliant on the Cheap, where I review some of the fantastic commentary provided at the end of last year by JD Smith, one of our esteemed PCI Consultants. The feature of the April journal is my article, The Art of the Compensating Control. I hope that this article helps to clear up some of the fog that clouds compensating controls. Hope you enjoy, and Happy Monday!

Join me for a Compliance Week webcast! standard

What are you doing at 2pm eastern today? If you have that annoying budget meeting, or maybe one of those late lunches with the group of folks that bug you, how about joining me for a webcast on PCI? Click here to register, and I’ll be on Twitter during the event if you guys want to interact!

Hello Chicago!! standard

I’m sitting in the Starbucks (a.k.a., my mobile office with thousands of locations world wide) on Ohio and State in Chicago preparing for our event this evening. I am moderating a round table discussion with some prominent industry experts around PCI, one of which is the venerable security pundit Anton Chuvakin. If you have a minute, please go read his recent post from his panel in Denver last night. He posed a very interesting question that I think we will be posing to our audience tonight! Check it out!

Don’t forget to Vote! standard

The Bloggers at RSA are doing awards this year! The Social Security Awards need your nominations. Your nominations are due by March 31, so go vote now! As a reminder, what you need to do to vote is as follows. Go to the link above, then click Next. Under the Most Entertaining Security Blog, put my name, the url (http://blogs.verisign.com/securityconvergence/) and that you think I’m WACKY!

Categories ArchivesAdministration