Categories ArchivesHeadlines

PCI Requirement 6.6 in the news! standard

The deadline has passed, do you know where your children web application firewalls are? If you scratched your head and then saw a shiny object fly by to steal your attention, you are not alone. Information Security Magazine interviewed me for an article on this topic. Go check it out! Possibly Related Posts: Equifax is only half the problem, your SSN needs a redesign! Orfei Steps Down Two reports, many questions The Beginning of the End, No PCI DSS 4.0 in 2016 We Should Question Bold Claims that PCI Is “Highly Effective”

Continue Reading

See you at the Gartner IT Security Summit! standard

Are you making the trek to DC next week for the Gartner IT Security Summit? VeriSign will be there, and I’ll be speaking on Monday, June 2, at 4:15PM in Potomac 6. It’s time to discuss the classic transmogrification, changing the tactical PCI approach to strategery. Phew! Anyway… Come see my presentation or stop by the VeriSign booth! Possibly Related Posts: Equifax is only half the problem, your SSN needs a redesign! Orfei Steps Down Two reports, many questions The Beginning of the End, No PCI DSS 4.0 in 2016 We Should Question Bold Claims that PCI Is “Highly Effective”

Continue Reading

Brando, On Writing standard

Greetings everyone! Go check out my guest post on Karen Swim’s fantastic blog, Words for Hire. “Step 1: Extinguish the precipitous rubescent LED-based luminosity!” Possibly Related Posts: Equifax is only half the problem, your SSN needs a redesign! Orfei Steps Down Two reports, many questions The Beginning of the End, No PCI DSS 4.0 in 2016 We Should Question Bold Claims that PCI Is “Highly Effective”

Continue Reading

Are we ever safe? standard

The Register is reporting that McAfee’s “Hacker Safe” sites are not so much. In the security industry, we typically refrain from saying things are 100% secure, simply because the only 100% secure computer is the one that does not exist. Possibly Related Posts: Equifax is only half the problem, your SSN needs a redesign! Orfei Steps Down Two reports, many questions The Beginning of the End, No PCI DSS 4.0 in 2016 We Should Question Bold Claims that PCI Is “Highly Effective”

Continue Reading

Tee Hee – Eee Pee Cee standard

GloboTV (via Gizmodo) has a story (in Brazilian Portuguese) about some crooks that used the Eee PC to steal customer’s debit information at ATMs. Tee Hee. Possibly Related Posts: Equifax is only half the problem, your SSN needs a redesign! Orfei Steps Down Two reports, many questions The Beginning of the End, No PCI DSS 4.0 in 2016 We Should Question Bold Claims that PCI Is “Highly Effective”

Continue Reading

Herding Cats, April 2008 is out! standard

If you are not a member if the ISSA, click here to go sign up! I am a monthly columnist in the ISSA Journal–the publication for the association. This month I tell you how you can learn something from the Department of Homeland Security and Ron “Tater Salad” White. Possibly Related Posts: Equifax is only half the problem, your SSN needs a redesign! Orfei Steps Down Two reports, many questions The Beginning of the End, No PCI DSS 4.0 in 2016 We Should Question Bold Claims that PCI Is “Highly Effective”

Continue Reading

VeriSign wins “Best Security Company of the Year!” standard

Thanks SC Magazine! We’ve been recognized as the Best Security Company in 2008! Here’s the part of VeriSign that I represent! VeriSign’s Enterprise Security Group (ESG) provides a best of breed suite of solutions for global companies. Beginning with our iDefense Intelligence Service that provides detailed threat information in advance. Vendors are notorious for taking anywhere from 90-180 days to patch discovered vulnerabilities. iDefense can help you understand how to mitigate before patches are available. From there, our Managed Security Services (MSS) group provides some of the best managed security services to customers according to the Gartner Magic Quadrant. Why not let your security staff concentrate on adding real security value and outsource your security device management to us? Finally, ...

Continue Reading

Electronic “Muddy” Footprints? standard

Sharon Gaudin at Computerworld writes about a new way to use RFID tags. In this article, a new physical security technique is discussed where a worker who walks into a restricted area would pick up hundreds of tiny RFID sensors on their shoes. As they track their feet across the doormat on the way out, sensors pick up that this employee has entered a restricted area, and then release the hounds. Cooler than LED Throwies? You be the judge. Possibly Related Posts: Equifax is only half the problem, your SSN needs a redesign! Orfei Steps Down Two reports, many questions The Beginning of the End, No PCI DSS 4.0 in 2016 We Should Question Bold Claims that PCI Is “Highly ...

Continue Reading

All QSA’s Are NOT Created Equal! standard

In an unpublished (and scrapped to my knowledge) Top 10 Security Predictions for 2008, I predicted that we would see a breach in 2008 from an entity that had validated compliance (hey, come on…. It’s true, I promise). Does that mean that the standard is not tough enough? Or that companies validating compliance are having a hard time maintaining it? Or possibly that a QSA is not doing their job properly? The first has been discussed at length in the industry. While there are loud detractors to the standard, insiders agree that compliance does not equal security. Compliance is a baseline and security should be layered on top. The PCI standard as it stands is GOOD. Getting companies to comply ...

Continue Reading

Rerouting the Boss’s Luggage? standard

StorefrontBackTalk’s Evan Schuman writes about a serious hole in an airport wireless network that could allow people to reroute luggage. Oops… More reasons to carry-on. As it relates to PCI, VeriSign has extensive experience in the travel industry and has dealt with some of the challenges that airlines have. Like a few other industries, it is very unique in its constraints around compliance and security. For instance, something you may not know is that the airports typically own all of the networking and computing equipment used by their tenants. So unlike most companies that have control over the chain of systems that deal with sensitive data, airlines may be forced to start off with a lack of control at the ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!