Categories ArchivesAdministration

November 2009 Roundup standard

Taking a hint from Anton Chuvakin’s blog, I thought I’d start posting the five most popular posts from the previous month. If you have not had a chance to read everything here, give these five a try! Here are the five most popular posts from last month: To New Beginnings. It was an epic run.  Six years with the same company, seeing it through two acquisitions/divestitures, and working with some of the best in the industry to build a world class consulting organization makes you nostalgic.  It was time to move on, and lots of folks were interested! Will PCI Mandate the Use of Data Discovery Tools? Some views on the ups and downs that DLP and data discovery tools ...

Continue Reading

To New Beginnings standard

Yep, it’s true.  Today is my last day at AT&T/VeriSign where I’ve absolutely enjoyed the last six years of my career. I started thinking back to the last job I left. It was an internet service provider that was local to Dallas (long since gone belly up and litigated to pieces).  It was my second job while building one of those small, two man dot-com start-ups in the mid 1990s.  I left the job in 1998 when we sold our startup.  That’s just over eleven years ago! I’ve been with Guardent/VeriSign/AT&T for six years. Prior to that I was with the investment company that acquired our little startup in 1998 until management decided to unwind it. Things are moving fast.  ...

Continue Reading

October 2009 Roundup standard

Taking a hint from Anton Chuvakin’s blog, I thought I’d start posting the five most popular posts from the previous month.  If you have not had a chance to read everything here, give these five a try! Here are the five most popular posts from last month: MasterCard/Visa Remove Reciprocity. This post details changes made on payment brand websites that appear to remove level reciprocity on merchants.  Regardless of your level, most acquirers (or acquiring functions of payment brands) will accept a higher level of validation.  You should not be forced to complete a ROC and SAQ, submitting only a ROC should suffice. The Problem with Logging. Which kind of logging are you guilty of doing most?  Over-logging?  Under-Logging?   Check ...

Continue Reading

PCI Community Meeting, Vegas! standard

I hope to see many of you next week at the PCI Community Meeting in Las Vegas!  VeriSign will have a booth and is a sponsor for the event.  If you are going, please do stop by our booth and attend our sponsored cocktail hour!  We’ll have some goodies and some exciting news for everyone that stops to chat! At this point, I’m not sure what kind of coverage I’ll be able to provide from the meeting, but more on that soon. Before you arrive for the sessions, I urge you to review the myriad of information available on the PCI Security Standards Council website, including the recently published SIG papers, and prepare your questions.  This is your chance to ...

Continue Reading

PCI Compliance Book! standard

We’re getting REALLY close.  All of the content is in, and the publisher is working toward production!  Anton & I have worked hard to bring you the most technically accurate and useful reference book to carry with you during all of your PCI DSS efforts.  You will notice that the book reads much better than the first edition, and we’ve included some GREAT case studies for you! Well, I think they are great anyway; I wrote almost all of them.  That was my favorite part of this process—writing the case studies.  In fact, I had to put off all case study writing to the end of each chapter and use it as my motivator to get through all of the ...

Continue Reading

Webcast, on July 7, Maintaining PCI Compliance! standard

Please join me on July 7 for an informative webcast on Maintaining PCI Compliance! To register or attend, please go to: http://www.brighttalk.com/webcasts/4431/attend. Now that Level I merchants have undergone a few annual Payment Card Industry (PCI) assessments (and Level 2 merchants are soon to be doing the same), they are addressing the realization that a mature, sustainable compliance program requires more than once-a-year rallying to prepare for, participate in, and pass an assessment. Daily operational focus and ongoing effort are vital to protect investments in compliance, manage risk, and minimize the business disruptions and costs associated with achieving and demonstrating compliance year after year. This presentation discusses best practices for building a compliance program that can be supported and maintained ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!