Tags ArchivesPCI Book

VLANs and Segmentation standard

I was following an email trail from a few colleagues and it dawned on me that I had not written about the use of VLANs with respect to PCI in this blog.  If you purchased Anton & my book, you can get a great, real-life example of VLANs in the second case study in Chapter 4, Building and Maintaining a Secure Network entitled, “The Case of the Large, Flat Corporate Network.” The question that was asked is, “Can a VLAN be used as a way to segment a network?” Of course, the answer (as always) is “It depends on how you are using it.”  If you are using simple 802.1q tagging with no other controls, that is not considered good ...

Continue Reading

To Europe: Have You Found Your QSA? standard

I’m writing this from the lovely (and quite steamy today) Terminal 3 of London’s Heathrow Airport after spending a week talking to clients, partners, and industry professionals about information security issues in Europe.  It’s clear that PCI DSS is one of the biggest issues facing security professionals in Europe, and will likely dominate many of their lives for the next 12-24 months1. My question to you is, “Have you found YOUR QSA?” PCI DSS is something we’ve lived with for many years now in the US, and if there is any piece of advice that I’d like to impart to my friends across the pond, it’s that your most important investment will be a good quality QSA to guide you ...

Continue Reading

Sample Book Chapter posted! standard

Anyone know I didn’t write a book with Anton Chuvakin last year?  If not, I’ll tell you ALL about it. OK, seriously, I know I’ve talked a lot about it here.  If you have not bought it and are still skeptical, go check out the sample chapter we have posted on CSO Online.  This chapter, entitled “The Art of the Compensating Control,” is an expansion of the article of the same name.  There are some case studies at the end, and more details on compensating controls.  If you are like most people dealing with PCI, you probably have lived the compensating control euphoria turned nightmare turned compromise. If you still have not bought one and want a chance to win ...

Continue Reading

So who wins the contest? standard

It’s been a month since our new book was released, and it’s time to make good on the little contest I had going here!  Four people responded with the correct answer, and they were numbered based on the order they entered. Lindsey Brothers Bergert Laroussi And with no further delay, congrats to Mr. Brothers!  He was randomly selected by random.org’s random number generator!  He wins a $30 Gift Certificate to Amazon.com! Congrats, and thanks for reading!

Continue Reading

The Book, It’s OUT baby! standard

That’s right!  If you pre-ordered our (Anton Chuvakin & mine) book, you should be receiving it today!  It’s chocked full of all kinds of fun stuff.  For example, did you know that I worked in the word “brewdog?” In fact, let’s make a contest out of this.  The first five people to email me the page number in the book where that word appears will be entered to win a $30 Amazon.com gift card! Anton has a video in his blog where he talks about the book, and I have something special coming up soon.  I’ve got it half done, but have not recorded the actual video of me talking yet.  Look for that early next week or late on ...

Continue Reading

“PCI Compliance” Book 30% Discount code standard

It’s coming!  Don’t miss getting your copy on December 15th! During the entire “launch month”—December 2009—you can get our book at a 30% discount using the code: “SYNGRESS30“. Here is some more info: Book website (check out a couple of free PCI DSS sample policies there!) Official page of “PCI Compliance” at Amazon Book page at Syngress website (has full book Table of Contents); for the above discount code, you have to buy it from here. My co-author, Anton Chuvakin, and his blog. Anton & I worked VERY hard on this book, and under a very tight deadline.  Of course, the final week of writing occurred during BlackHat, and I distinctly remember late night writing sessions at home while Anton ...

Continue Reading

PCI Compliance Book! standard

We’re getting REALLY close.  All of the content is in, and the publisher is working toward production!  Anton & I have worked hard to bring you the most technically accurate and useful reference book to carry with you during all of your PCI DSS efforts.  You will notice that the book reads much better than the first edition, and we’ve included some GREAT case studies for you! Well, I think they are great anyway; I wrote almost all of them.  That was my favorite part of this process—writing the case studies.  In fact, I had to put off all case study writing to the end of each chapter and use it as my motivator to get through all of the ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!