Branden R. Williams, Business Security Specialist

The Power of Service standard

There is a book called The Ultimate Question by Fred Reichheld that discusses how all customer satisfaction can be boiled down to one question: How likely is it that you would recommend this company to a friend or colleague? Using the data received from a survey of your customers a metric called the Net Promoter Score (NPS) is created, measuring your customer satisfaction. This book was a hit last year, and I even saw the NPS formula used in a kickoff presentation last week. I spent the day yesterday on the road, and had an interesting conversation when I returned my rental car. Interesting only because I have never been asked the following question before, the topic was fresh on ...

So who wins the contest? standard

It’s been a month since our new book was released, and it’s time to make good on the little contest I had going here! Four people responded with the correct answer, and they were numbered based on the order they entered. Lindsey Brothers Bergert Laroussi And with no further delay, congrats to Mr. Brothers! He was randomly selected by random.org’s random number generator! He wins a $30 Gift Certificate to Amazon.com! Congrats, and thanks for reading! Possibly Related Posts: Top Posts from 2015 October 2015 Roundup September 2015 Roundup August 2015 Roundup June-July 2015 Roundup

Forrester Unleashes PCI standard

John Kindervag, prominent analyst from Forrester, released a report this week entitled PCI Unleashed, where he talks history, dispels myths, and gives practical tips for companies trying to get a handle on PCI DSS. John doesn’t waste any time getting started, and throws out a couple of points to shock the reader. In fact, I’m kind of shocked they are in there, but it’s refreshing to see an organization of Forrester’s stature putting them into writing. While many agree that PCI DSS should be blamed on the payment brands, John asserts that it should not. While I agree that the result (the standard itself) should not necessarily be blamed on the payment brands, its evolution is a direct result of ...

The Yes/No PCI Assessment standard

Chris Mark over at the PCI Answers blog wrote a fantastic post on The Rise of the Defensive PCI Assessment toward the end of last year. I read it right after he posted it, and knew that I wanted to add to his thoughts. It’s taken me about this long to get my thoughts together. I’ve been busy! I totally agree with his assessment, and I have run into some situations where this has come up with other QSAs. Some QSAs have altered their interpretations (or made them more literal, I should say) because they realized that they were interpreting the standard incorrectly, or they priced the assessments so low to get the business that they can’t afford to understand ...

Do Mainframes Get A Pass? standard

When I first started doing PCI DSS work under the then CISP and SDP standards, one of the biggest problems I ran into was what to do with one of those fancy mainframes. In this job, you see ALL manner of mainframes. I’ve seen super shiny, brand new z/OS multiplexes to aging, but functional Tandems to an OS/390 system that literally had no changes performed on it in more than two years. How does anti-virus apply to those again? I recently fielded a question about mainframes, and if they still “get a pass” when it comes to certain requirements like anti-virus (Req 5), and encryption (Req 3.4). As is with most of PCI DSS interpretation questions, it certainly depends on ...

December 2009 Roundup standard

What was popular in December? There sure was a lot to talk about. MasterCard Here are the five most popular posts from last month: MasterCard’s Got Its Flippy-Floppies. OK guys, I’m not picking on them. Seriously. It’s just been a newsworthy year from MasterCard. This was a hot topic for companies faced with PCI DSS, including the multitude of new QSAs that started based on their original announcement. The Book, It’s Out Baby! See! I wasn’t kidding when I said I was working on a book with Anton Chuvakin. It’s finally out, and we’re really proud of it! Click the link above to figure out how you could win a $30 Amazon.com gift card! Hackers Love Social Media. Social media ...

4th of January, 2010
In: Enterprise Security, Headlines, RSAC
0
0

Kicking Off 2010! standard

Greetings everyone! 2010 is going to be a pretty interesting year if we can keep this economic momentum going. Here are a few things to start your year off! Check out my new article “Will End to End Encryption Save Us All?” where I attempt to define various forms of End to End Encryption (E2EE) and figure out how they could be used to secure PCI DSS related data. EMC/RSA buys Archer. This one is a game changer, folks. The January issue of Herding Cats is also available! “Corned-Beef PCI DSS” expands and refines a blog post I did here about using hashing as a data protection method, specifically as it relates to PCI DSS (PCI DSS is the focus ...

The Best of 2009 standard

2009 was an interesting year for all of us in information security. We lived through one of the largest breaches in our short history on this spinning blue ball eclipsed only by the inauguration of a unique president-elect. Anton Chuvakin & I published a book. I moved my blog here amidst a divestiture of my business at VeriSign. Apple released a new version of their operating system and a new iPhone. MasterCard went all crazy on us. I wanted to take the opportunity to thank all of you for an amazing 2009, and I’m looking forward to fantastic things in 2010! Here are the five most popular posts in 2009: Upgrading to Snow Leopard. Ironically enough, the most popular post ...

Wireless On a Plane? standard

Go-go-gadget WI-FI ON A PLANE! I imagine that the next two weeks will see a significant amount of Wi-Fi trials or sales as parents and children alike take to the skies to visit loved ones over the holidays. While I am sure it has happened already, you don’t find too many documented cases of wireless attacks happening on airplanes. There are a couple of ways that attacks can happen. The first attack does not even require an internet connection, just a lazy passenger that does not follow their airline’s electronic device policy. I’ve seen tons of weary road warriors working on their laptops without removing their 3G data card or with that little Wi-Fi light blinking furiously. While going after ...

MasterCard’s Got Its Flippy-Floppies standard

The PCI DSS world was shocked yet again this week when MasterCard backed off its position from earlier this year, requiring Level 2 merchants to obtain validation from a QSA, and publicly are aligning its levels directly with Visa—including setting reciprocity with their levels. The reason I put “publicly” in there is because the merchant operating regulations are NOT public for MasterCard like they are with Visa, but I understand that level reciprocity remains in those regulations even though they were removed from the public facing information. This is why merchants and service providers alike don’t take deadlines seriously. Visa has (in the US anyway) at least tried (and mostly succeeded) to stick by their deadlines, though I’m not sure ...