Branden R. Williams, Business Security Specialist

PCI Council announces DSS Lifecycle standard

I have to admit, I needed some coffee and cobweb remover to decode this message from the Council this morning. They posted their Lifecycle Statement on the standard yesterday. After reading it a few times (and having a cuppa), I believe what they are trying to say is that there will be a new version of the PCI-DSS every 24 months. If you see a major number incremented (say 2.0 from 1.X), it is considered a new version. If a minor number is incremented (say 1.1 to 1.2) it is a revision. Regardless, you still have to do it and you will have some amount of time to implement. The next revision is due out on October 1, 2008 and ...

Confused about DLP? standard

Don’t worry, you are not alone. A partnership of several companies released DLP In Depth today, a website that is set off to unravel the mystery of Digital Loss Prevention (DLP). DLP technologies have been around for some time, but last year we saw a fury of activity in that market as RSA picked up Tablus, and Symantec picked up Vontu. At VeriSign, we regularly recommend using DLP products as part of your security strategy. Knowing where your data lives is the first step to being able to secure it. So if you are looking for more info on DLP, go check out www.dlpindepth.org! Possibly Related Posts: Equifax is only half the problem, your SSN needs a redesign! Orfei Steps ...

Thanks to the EUCI! standard

Thanks to everyone at EUCI and their great hospitality in Vail. I’m looking forward to working with some of you soon! Possibly Related Posts: PCI DSS 4.0 Released plus BOOK DETAILS! PCI Council Loses $600K in Revenue, PO Population on the Decline Why PCI DSS 4.0 Needs to be a Complete Rewrite Orfei Steps Down Should you be a PCI Participating Organization?

Are you in Vail for the EUCI Conference? standard

If so, drop me a line! I’m leaving the home base here in a few hours to head there for the conference. I will be discussing personally identifiable information and why it is important to secure. After I speak, I’ll be high-tailing it to Denver International to catch a return flight home. Hope to see you there! Possibly Related Posts: Top Posts from 2015 October 2015 Roundup September 2015 Roundup August 2015 Roundup June-July 2015 Roundup

Looking for a career as a QSA? standard

Well look no further! Come join VeriSign’s Premier Global PCI Consulting practice!! If you are a current QSA in good standing, take a look at the job listings below. If you are a security professional that wants to get into PCI related work, we can train you! Click here and enter keywords “qualified security assessor” to learn more! Possibly Related Posts: Top Posts from 2015 October 2015 Roundup September 2015 Roundup August 2015 Roundup June-July 2015 Roundup

Herding Cats, July 2008 is out! standard

Before you click on the link to read the article, I should warn you. Things got a little silly with this one. I even had to edit a cleverly-placed word as my editor threw up a little when he hit publish on this one. SILLY. Anyway… I hope you enjoy the July edition of Herding Cats entitled, The Forward Looking Future! Oh, and it looks like Twitter lost me. I’m there, but you can’t see my updates. *shrug* Possibly Related Posts: Equifax is only half the problem, your SSN needs a redesign! Orfei Steps Down Two reports, many questions The Beginning of the End, No PCI DSS 4.0 in 2016 We Should Question Bold Claims that PCI Is “Highly Effective”

Mind the Storefront! standard

Dave Taylor has another guest post on StoreFrontBackTalk, this one alluding to a lack of audit resources to mind the storefront (like Minding the Gap!). Store front security continues to be an issue for retailers even outside of PCI. Take physical security for example. Realize that a major retailer’s data center tends to be a hardened facility that is not easily accessed (with the exception of a few notable ones that are for another post). There are security guards, badged access, and sometimes even man traps. Now visit that same retailer’s store front. You might find accessible Ethernet jacks, or worse, a system room door that is unlocked or left wide open. Walk into there with an official ID and ...

Enjoy the Holiday! standard

It’s time to celebrate American Independence! I’ll be taking a holiday for a few days, but will return next week. I will have a post hit on Monday though, so keep your eyes peeled (ouch?)! Possibly Related Posts: Top Posts from 2015 October 2015 Roundup September 2015 Roundup August 2015 Roundup June-July 2015 Roundup

PCI Requirement 6.6 in the news! standard

The deadline has passed, do you know where your children web application firewalls are? If you scratched your head and then saw a shiny object fly by to steal your attention, you are not alone. Information Security Magazine interviewed me for an article on this topic. Go check it out! Possibly Related Posts: Equifax is only half the problem, your SSN needs a redesign! Orfei Steps Down Two reports, many questions The Beginning of the End, No PCI DSS 4.0 in 2016 We Should Question Bold Claims that PCI Is “Highly Effective”

Not all QSAs are created equal! standard

The PCI landscape is pretty scary out there. If you are a merchant or service provider that is looking for assistance, there is a long line of companies that are ready to help. What should you expect from your QSA? What should your assessment look like to get the best results? VeriSign reviewed our findings from our customers and wrote a white paper entitled, “Not All QSAs Are Created Equal: What You Should Know Before You Buy” that talk about what you should expect. This paper is a FREE download! Go check it out! Possibly Related Posts: PCI DSS 4.0 Released plus BOOK DETAILS! PCI Council Loses $600K in Revenue, PO Population on the Decline Why PCI DSS 4.0 Needs ...