PCI Report 2011 and PCI Community Meeting 2011
Everybody who has any relation to PCI DSS and payment data security has probably already read the “2011 PCI Compliance Report” report. You have not?! Well, you have a fine choice then: enjoy my...
View ArticleOn LARGE Scale Vulnerability Management
Vulnerability management is very easy, really. Get a scanner, scan a system, peruse the report listing all the flaws, then go and fix them. Done! Risk is presumably reduced and/or compliance is...
View ArticleClik here to view.
Is Cloud Secure? WTFC!
“Is cloud secure?” Seriously, why are you asking this? Ask: is MY USE of cloud computing secure? Or, if you want to be a bit fancy, you can add “… secure enough for my purposes?” Do ask “is my...
View ArticleClik here to view.
How Are We Doing Compared To Peers?
I learned something new the other day (yes, I love my job a lot for that reason). A high percentage of people I take inquiries from (called “dialogs” in our team due to its Burton roots) ask me: how...
View ArticleClik here to view.
Finally, PCI DSS In The Cloud Guidance
As all of you already know, PCI Council has finally released an official “Information Supplement: PCI DSS Cloud Computing Guidelines” [PDF] aka “PCI DSS in the cloud.” Here are some of my favorite...
View ArticleBriefly On PCI DSS 3.0
So I’ve been sleeping on my copy of PCI DSS 3.0 for a few weeks already and now that it is finally public, I am ready to comment on it here. As you can guess, I start my assessment from the position of...
View ArticleHighlights From Verizon PCI Report 2014
Separate from the Data Breach Investigations Report (latest was in 2013), Verizon PCI report is another awesome resource for security practitioners. Grab your copy here [PDF]! Here are some of my...
View ArticleIf You Use Window XP – You Are NOT PCI DSS Compliant!
It should be *painfully* obvious to anybody that in a few short weeks [or maybe now, depending on how you interpret it] any merchant using Windows XP systems or devices inside the cardholder data...
View ArticleClik here to view.
Security And/Or/Vs/Not Compliance?
When I got this Gartner blog, I made a promise to myself to avoid rants, as a matter of personal policy. I’ve done my share of rants on my previous blog (examples), and while they are fun to write...
View Article
