Categories ArchivesHeadlines

Facebook isn’t Professional Networking standard

I was checking into the happenings on Facebook last night and had a very strange request come up. Someone that I know and respect sent me a request through a product called BranchOut. While their about page does more to confuse than to clarify, what I understand it to be is a way to create a professional network of contacts with Facebook—or in easier terms, think about LinkedIn-type functionality sitting on top of your Facebook network of contacts. Frankly, this is a terrible idea. For those of us that use social media in our jobs, we tend to have things we keep professional (LinkedIn or Facebook Page), things we have that are personal (Facebook personal profile), and things we make ...

Continue Reading

Herding Cats: Trust in the System (September 2011) standard

It’s September, and you know what that means! It’s time for another edition of Herding Cats! Last month’s, entitled “Walk that Walk,” is available here, and this month’s edition is titled Trust in the System. For regular readers, you might wonder why I am not talking about ISSA Connect and reading it over there. This month there was so much good stuff in the ISSA Journal, that my column didn’t make the cut. But I spent time writing it, and I’m not breaking my streak! DO take the time to go check out the articles on ISSA Connect this month, though, as there are quite a few great ones to comment about. Also, if you are not a member, join ...

Continue Reading

Visa Kills PCI Assessments and Wants Your Processor to Support EMV standard

Visa made a few new changes public yesterday on their Key Program Dates for their Cardholder Information Security Program. It’s been a Visa heavy month as we watch them push EMV here in the US. Two other posts you should read: Chip and PIN on the Way Why Visa’s TIP Doesn’t Matter (to you) Now, what did Visa announce yesterday? It looks like the Technology Innovation Program (TIP) is coming to the US. But as you already know (because you read the second post above), this doesn’t matter to you. From this release: Effective 1 October 2012, Visa will expand the Technology Innovation Program (TIP) to the U.S. TIP will eliminate the requirement that eligible merchants annually validate their compliance ...

Continue Reading

PCI Council Revokes QSA Status (Finally?) standard

You readers know that I used to run one of the larger QSAs, and I took pride in the team we built, the work we did, and what our customers said about our experience. Yes, we actually had customers tell us that they LIKED their QSA. How rare is that today? Since getting out of that business, I have spent quite a bit of time helping my customers operate more securely, and in conjunction with that, comply with various standards like PCI DSS. The only time I’ve heard more colorful language describing someone is when my wife screams at the TV during football. BARELY more colorful. Earlier this month, the PCI SSC announced they were revoking the QSA and PA-QSA ...

Continue Reading

Why Visa’s TIP Doesn’t Matter standard

On Thursday, I posted about a memo released by Visa, Inc. last week discussing the acceleration of EMV adoption. There is much buzz going on right now as merchants now have a false sense of hope. PCI Assessments aren’t going anywhere any time soon. Why? One of the fundamental rules about PCI DSS is that you are dealing with five competing payment brands that handle their own enforcement. This means that as a merchant you can be a different level with a different payment brand, which may or may not affect how you validate compliance. A move by any one payment brand does not necessarily represent all five brands, nor does it guarantee that you will see the effects in ...

Continue Reading

PCI Board of Advisors Voting Open! standard

If you are a participating organization or other stakeholder in the PCI Security Standards Council, you should have received your voting ballot for the next Board of Advisors today. RSA is listed as one of the vendors, and I hope that we contribute enough value to the security community to be considered one of your top three! Voting closes on Friday, April 8. Possibly Related Posts: Equifax is only half the problem, your SSN needs a redesign! Orfei Steps Down Two reports, many questions The Beginning of the End, No PCI DSS 4.0 in 2016 We Should Question Bold Claims that PCI Is “Highly Effective”

Continue Reading

Where’s the Breach? standard

All we need to top off this post is a little old lady screaming “Where’s the Breach?” God bless 80’s marketing. A merchant out of Austin, Texas is claiming that a breach in their network came from Heartland Payment Systems (HPS), thus it must be their fault. While I am sure this is not the first merchant to be caught off guard, he’s certainly a creative one. Our culture in America seems to relish deflecting blame from oneself on to others. Why, it couldn’t be me, it must be that guy over there. What’s interesting about this particular case is that the quotes in the article are being interpreted in a manner that is inconsistent with these kinds of breaches ...

Continue Reading

2010 Verizon Business Data Breach Report Released standard

Verizon Business released their 2010 Data Breach report hours ago, and with the combination of Secret Service data for the 2010 report, there is a ton of interesting things in here.  Here are a few of the highlights that I took from the report: Financial & Hospitality Beware: These two categories represent 56% of the groups involved in breaches1.  Those of us in the industry know the ridiculously poor state of security in the hospitality sector.  Now with the economy on its way to recovery, these businesses will once again see an uptick and criminals will see an opportunity to capture valuable data. Medium-Sized Businesses are in the Crosshairs: The grouping of victims had between 1,001 and 10,000 employees. In ...

Continue Reading

What Security Professionals can learn from BP Oil Spill standard

One of my favorite things to do is take a case study or real world situation and apply it to our industry or my job.  The first time I did this in earnest, I wrote Data Flows Made Easy. I was inspired by an article published in the Harvard Business Review that described the disconnect between different groups of designers and engineers1.  I was somewhere on a plane (SURPRISED!?!?) and as I read through the article, it struck me that this method could be directly applied to data security and the challenges that my clients lived through. When there is a major event not directly related to information security, I like to think about what types of things I can ...

Continue Reading

Securing your Social Networking Brand standard

This post originally appeared on Jennifer Leggio’s Social Business blog at ZDNet (now with more links!). Social networking sites as innocent as LinkedIn and as provocative as Twitter (have you seen my stream?) have now become a personal branding vehicle for many professionals. Some of us have had the unfortunate experience of losing a job we barely had thanks to social networking. Others have seen it as the boost to their career they have been wanting for years. Let’s talk about security in the context of the latter. When I moved my blog to a setup I administered, I made two commitments to myself. The first is that I would make frequent backups because there has yet to be a ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!