Review of the 2010 ____ ____ Meeting standard

PCI 2.0 is just around the corner, and what better way to discuss it than by reviewing the ____ ____ ____ that just wrapped in ____! Much of the information we received was classified as confidential or embargoed, so unless you are a stakeholder (like a ____ ____, ____, ____, or described by any other of the acronyms we have come to love) you are missing out. Of course, the first thing we all heard was the ban on social media. Ironically, there was a press table in the back, so I’m not sure what those guys are going to be able to do with the info if they cannot write about it. Anyway, here’s my take: Wednesday’s session kicked ...

Continue Reading

MasterCard Service Provider Registration Explained standard

Edit (July 2, 2022): A very helpful reader let me know the PDF linked below was removed from the MasterCard site. I found the PDF and have re-linked to the latest version. It appears that MasterCard has removed the details on their registration program, which suggests it may no longer be active. MasterCard released (or re-released) a guide on how to become a registered and approved Member Service Provider (MSP) as a requirement to be listed as a compliant MasterCard Service Provider. The PDF linked above has a detailed process for completing this, including two major tasks spread out over several days. The first step is to apply for and receive your user ID under the MasterCard Registration Program. After ...

Continue Reading

How Desktop as a Service (DaaS) can Benefit You standard

Among all the fancy “as a service” cloud acronyms, one that is particularly interesting to me is the Desktop as a Service (DaaS). It seems like most information workers have a personal device and internet connection for their intertube browsing needs—many of those personal devices easily outperforming their corporate issued bretheren. So why do corporations insist on issuing laptops to road warriors when many of us end up carrying multiple devices (even if one of those is an iPad)? One big reason why I see this being an issue is support. IT support centers cannot be expected to efficiently troubleshoot problems on machines where they are unfamiliar with the build (i.e., non-standard builds or non-gold builds). Anyone out there who ...

Continue Reading

Do you know your IT? standard

This post is mostly going to apply to smaller companies as I would HOPE (tongue in cheek a bit here) that larger merchants wouldn’t have this problem. Small- and Medium-sized businesses (SMBs) have more advanced software tools available to them today than ever before. Cloud-based solutions allow for multi-million dollar software packages to be available to SMBs at affordable monthly subscription prices. This level of business analytics, automation, and intelligence can make a big difference in how a business competes.  What once would take dedicated headcount can now be automated and scaled. But with great power, comes great responsibility. SMBs that entrust their business or data to these third parties must invest time and effort to understand not only what ...

Continue Reading

What’s the Value? standard

If you were to give someone the task of protecting a room that holds anywhere from $10,000 to $100,000 in cash, the yearly spend to protect that room (in basic risk management theory) should not exceed the Annualized Loss Expectancy (ALE).  ALE is a simple representation that contains an extremely complex portion of applied mathematics called probability. ALE = Impact of the event in Dollars * Probability of that event occurring on an annualized basis ((Meaning if the event probability is once every three years, you would use (1/3) here.)) Why is this complex? How hard is it to multiply a couple of numbers together? Imagine if someone tried to explain the complex dynamics of Football to you by saying, ...

Continue Reading

Herding Cats September, Trusting Trust standard

Have you checked out ISSA Connect yet? The next issue is up there with my column, Trusting Trust. What would we do without a little bit of trust? Our lives would certainly be much less convenient, and has the potential to be more secure. If you are a member, log into ISSA Connect and join the discussion! Interact with great professionals globally as well as the authors that you enjoy reading every month. If you are not a member, sign up today! Possibly Related Posts: Top Posts from 2015 October 2015 Roundup September 2015 Roundup August 2015 Roundup June-July 2015 Roundup

Continue Reading

August 2010 Roundup standard

What was popular in August? I personally closed out the month with a huge milestone, corrective surgery that should hopefully remove my requirement for glasses and contacts. I am in recovery, and can SORTA see this post, so I disclaim any responsibility for the content herein.  Actually, should probably do that for the whole blog. Here are the five most popular posts from last month: Why QSAs Should Not Be Your Security Partner. That’s right, folks. It’s time to separate your consultants from your assessors. Do you know what motivates QSAs?  Here is an inside scoop on what goes on inside your QSAs head, and why he doesn’t have your best interests in mind. Where’s the Breach? Is this the ...

Continue Reading

PCI DSS versus Y2K standard

It’s been an interesting week in the PCI DSS world. I was a contributor to a Webcast from First Data on scope reduction using Tokenization.  We had the webcasts from the Council about the changes in PCI DSS coming on October 28, and I seem to have gotten a flood of emails reminding me about the community meetings in Orlando and Barcelona. From a global perspective, PCI DSS is slowly making strides in several locales, to the point where I often adjust my daily schedule to help customers in the pacific rim, middle east, Asia, and Europe. Australian and New Zealand based companies seem to be taking particular interest in PCI DSS, equivalent to the levels we saw in early ...

Continue Reading

Check me out on the Network Security Podcast! standard

I met up with Martin Mckeay out at BlackHat this year, and we found what we thought was a quiet corner to chat about security.  Go check out the Network Security Podcast here! Possibly Related Posts: Level Up Cybersecurity with Kasm Workspaces Let’s Encrypt for non-webservers Selective Domain Filtering with Postfix and a SPAM Filtering Service PCI DSS 4.0 Released plus BOOK DETAILS! Preventing Account Takeover, Enable MFA!

Continue Reading

Hey Friends, I’m Over Here! standard

I recently gave a presentation to a graduate advertising class about social media with ideas on how it might be used as a part of an overall marketing and advertising strategy ((I’ll get this posted soon. I’ve just gotten my templates fixed (Thank you Angry Porcupine!) and will be able to move the material shortly.)). One of the things I covered was the concept of geo-tagging and how it relates to social media. There are tremendous privacy concerns related to geo-tagging, but also interesting market opportunities as well. We ignored the unintended geo-tagging that occurs when people use location services in their mobile phones, or use cameras that are location aware and focused on check-in applications.  Some examples of these ...

Continue Reading