Branden R. Williams, Business Security Specialist

Don’t forget to Vote! standard

The Bloggers at RSA are doing awards this year! The Social Security Awards need your nominations. Your nominations are due by March 31, so go vote now! As a reminder, what you need to do to vote is as follows. Go to the link above, then click Next. Under the Most Entertaining Security Blog, put my name, the url (http://blogs.verisign.com/securityconvergence/) and that you think I’m WACKY! Possibly Related Posts: Top Posts from 2015 October 2015 Roundup September 2015 Roundup August 2015 Roundup June-July 2015 Roundup

NEWS FLASH: Visa Lists Dates standard

Last night, Visa, Inc. collected a list of dates for upcoming compliance and published them on their website as “Key Dates.” If you ever wondered what dates you needed to hit for Visa, Inc., they are all listed right there! Some of the dates are news to this blogger, so it’s nice to see something official and published, not just things we hear through the grapevine or by talking to various pundits in the industry. The next deadline they list is on March 31, U.S. Level 1 and Level 2 Merchants Prohibited Data Retention Attestation Deadline (applies to newly identified Level 1 and Level 2 merchants late 2007 and early 2008). Possibly Related Posts: PCI DSS 4.0 Released plus BOOK ...

May have to pick up a new hobby… standard

From the greatness of xkcd.com. Possibly Related Posts: What an IRS Scam Sounds Like Pleeeeze Stop Exposing Weaknesses in my Code! Mystery Shopper Scams Getting Aggressive Neutral vs. Agnostic Happy Thanksgiving, and Travel Tips!

Check out my interview on the Imperva Podcast! standard

I recently did an interview with Brian Contos, Chief Security Strategist for Imperva on key issues surrounding PCI. Go check it out! Possibly Related Posts: PCI DSS 4.0 Released plus BOOK DETAILS! PCI Council Loses $600K in Revenue, PO Population on the Decline Why PCI DSS 4.0 Needs to be a Complete Rewrite Orfei Steps Down Should you be a PCI Participating Organization?

What SHOULD Keep You Up At Night standard

Times are tough. Unless you are just now coming out of your winter hibernation, you are probably so beaten by that phrase that you are not far off from striking the next person that vomits it upon your day. Listen up executives, this one is for you. Breaches cost money. OK fine, I know that is not paradigm shattering knowledge I just dropped like it was hot. Still, executives miss the mark when trying to securely manage or grow their business. We know this because of the nearly daily additions to the breach list that PrivacyRights.org manages. Executives have been failing at managing long term expectations for years. Any of us that work for a public company know that an ...

Companies need PCI++ (not just PCI) to be safe! standard

Going through some email over here and looked through the recent edition of The Aegis from the Society of Payment Security Professionals, and found a great little snippet from Chris Mark entitled “Wear Your Seatbelt…and Maybe a Helmet.” In it, he pulls a quote from the PCI SSC that seems directed at detractors of the PCI DSS. They state: “The PCI SSC believes that the best way to protect cardholder data that is stored, transmitted, and processed is by implementing the PCI DSS and remaining in full compliance.” Chris points out that this seems to imply that PCI DSS is the high water mark, not the baseline from which you should build a program. It may just be that a ...

PCI Validated, But Not Secure: Real-Life Stories of a PCI QSA standard

Did you miss the webcast? No worries, the good folks at Imperva now have an archived copy to review! You can check it out here. Possibly Related Posts: PCI DSS 4.0 Released plus BOOK DETAILS! PCI Council Loses $600K in Revenue, PO Population on the Decline Why PCI DSS 4.0 Needs to be a Complete Rewrite Orfei Steps Down Should you be a PCI Participating Organization?

NEWS FLASH: RBS WorldPay and Heartland Dropped from CISP Compliant List standard

You’ve probably seen the story by now… it’s out there. Here is one link, and you can likely find MANY others. Here’s my question. If they are taking them off the list versus leaving them under review, are they saying that they never should have been certified in the first place? And if they are saying that, doesn’t this mean they are declaring shenanigans on the review by the QSA of record? Do I sense a trickle down effect here? Possibly Related Posts: PCI DSS 4.0 Released plus BOOK DETAILS! PCI Council Loses $600K in Revenue, PO Population on the Decline Why PCI DSS 4.0 Needs to be a Complete Rewrite Equifax is only half the problem, your SSN needs ...

Sanity DOES Exist! standard

I know, it seems rare when we find it. I would have been hauled off along time ago and locked in the loony bin if I had stopped down every insane security discussion I was having by screaming SERENITY NOW! I spoke with a retailer this morning that started a conversation with “We do security in an unconventional way.” At this point, my finger is moving toward the giant eject button I carry with me for situations just like this. Think about the “Easy Button,” but instead of easy, it says EJECT and flies me far, far away. Then the individual surprises me and says, “We treat our network as compromised instead of trusted, and adjust our security practices and ...

Time to get caught up! standard

I’ve been lazy lately. Well, not lazy, just busy. I forgot to put up links to the Feb edition of Herding Cats! This one is entitled, Cloud Computing is Heavy, where I throw a little spin on the security of Cloud Computing. Fun stuff. Also, look for an upcoming surprise in the next issue of the ISSA Journal! Possibly Related Posts: Top Posts from 2015 October 2015 Roundup September 2015 Roundup August 2015 Roundup June-July 2015 Roundup