Tags Archivesgimmick

PCI Doesn’t Take Vacations standard

I was lucky enough to spend some quality time away from the tubes last week, and while I am not part of a rogue PCI enforcement militia, I do tend to observe how organizations tackle security and compliance issues.  For the first time, I found a rather unique disclaimer that was mere feet away from the Point of Interaction.  It shocked me so much, I snapped a picture to make sure I got the wording correct.  It plainly stated: WARNING: The method used to authenticate credit card transactions for approval is not secure and personal information is subject to being intercepted (the original sticker said ‘intercetped’) by unauthorized personnel. I promptly copied the phone number down and passed it to ...

Continue Reading

Do Small Service Providers Scare You? standard

Take PCI off the table for a minute. Do you get nervous when dealing with a small service provider that performs some niche service for your company?  It doesn’t have to be cardholder data related, but it definitely needs to be some kind of data that is either regulated or is classified as something other than public—data like PII, healthcare, or even intellectual property. Smaller providers can sometimes provide higher or better security than larger ones, and that may be beneficial long term—especially when doing the value proposition. But in some cases, smaller providers are providing a niche service to a larger customer, and are operating on a skeleton crew.  Imagine if a company like Ford Motor Company selected Brando’s ...

Continue Reading

Views on Application Security standard

I had an interesting conversation with a client the other day, and while shocking at first, it made a ton of sense long term when looking at how to apply security controls to assets based on risk.  I’ve blogged and written about things like this in the past, but the concept was interwoven as a theme to a different concept, or all together buried under links to YouTube. The conversation was with a customer that wanted to put out a small informational site in support of a minor product feature, but also wanted to have the ability to dynamically update content through a web browser from anywhere in the world as he and some of his less technical staff thought ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!