Tags Archivesrisk management

PCI Council Releases Risk Assessment Guidelines standard

The PCI Security Standards Council announced today a new set of guidelines for risk assessments, as output from one of the major Special Interest Groups selected by the Participating Organizations in 2011. This topic is one I have written about before, and in fact it was one of the SIGs that I voted for. I’ve been through the output and I must say, I don’t see it as any different from any other risk guidance out there. It’s fairly comprehensive when it comes to listing common risk methodologies, it gives some sample frameworks and processes, and aims to give some clarity to the larger 12.1.2 subrequirement of PCI DSS. As with most risk-related topics, you will have people hailing its ...

Continue Reading

What Security Professionals can learn from BP Oil Spill standard

One of my favorite things to do is take a case study or real world situation and apply it to our industry or my job.  The first time I did this in earnest, I wrote Data Flows Made Easy. I was inspired by an article published in the Harvard Business Review that described the disconnect between different groups of designers and engineers ((Sosa, Manual E., Steven D. Eppinger, and Craig M. Rowles. “Are Your Engineers Talking to One Another When They Should?” Harvard Business Review, Volume 85, Number 11 (November 2007): 133-142.)).  I was somewhere on a plane (SURPRISED!?!?) and as I read through the article, it struck me that this method could be directly applied to data security and ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!