• 11 Nov 2008

    New book on PCI worth checking out

    Here's a new book fresh off the press written by my friend and colleague Tim Virtue. Very good insight into the world of PCI DSS compliance.I reviewed it for the publisher before it went to print and got my name imprinted forever on the back cover!...

    Continue Reading...
  • 04 Sep 2008

    PCI v1.2 = 802.1x for wireless? Yeah right!

    Apparently the new changes in PCI DSS v1.2 (due out in October) are going to require more robust wireless security. As if no new WEP implementations after March 2009 and none at all after June 2010 weren't enough...Wireless must now be "implemented according to industry best practices (e.g., IEEE 802.1x) using strong encryption for authentication and transmission".Yeah right!! So people using WEP not only have to upgrade their hardware but ...

    Continue Reading...
  • 15 Aug 2008

    Access to one card at a time isn’t a bad thing?

    I'm writing an article series that includes some information about PCI DSS. In my research, I noticed something interesting - almost comical - about Requirement 12.7:Screen potential employees to minimize the risk of attacks from internal sources. For those employees such as store cashiers who only have access to one card number at a time when facilitating a transaction, this requirement is a recommendation only.So, "access to one card number ...

    Continue Reading...
  • 27 Jun 2008

    What does “qualified third party” mean in PCI 6.6?

    There's been a lot of hoopla surrounding the PCI DSS requirement 6.6 compliance next week. Even with all the noise, there is some good news for both covered entities and independent security professionals such as yours truly. In the PCI DSS requirement 6.6 Information Supplement document, the first sentence at the top of page 3 states "Manual reviews/assessments may be performed by a qualified internal resource or a qualified third ...

    Continue Reading...
  • 23 Jun 2008

    My security content from last week

    I was out the latter part of last week so I missed my 'deadline'. Here's an article hot off the press that you may be interested in:The realities of using WAFs for PCI DSS 6.6 complianceEnjoy!As always, check out www.principlelogic.com/resources.html for all of my past articles, webcasts, podcasts, and more.Publish Post...

    Continue Reading...
  • 13 Jun 2008

    New PCI assessor quality assurance program!?

    What? You mean that when an organization pays thousands and thousands of dollars to become a PCI assessor it doesn't guarantee the quality of their work is going to be top notch!!?? An assessor quality assurance program is in the works....? Is the marketing machine failing these vendors?I'm shocked. ;-)...

    Continue Reading...
  • 13 Jun 2008

    My security content from this week

    Here's an information security article of mine that was published this week:The realities of PCI DSS 6.6 application code reviewsI'll have a follow-up to this one on the realities of Web application firewalls coming soon.As always, for my past information security content be sure to check out www.principlelogic.com/resources.html.Enjoy!...

    Continue Reading...
  • 08 Jun 2008

    Why PCI DSS gets the attention of management

    I was thinking about all the hype surrounding PCI DSS requirement 6.6 compliance. The deadline is just three weeks away. I do a lot of compliance-related work and have seen the interpretation of 'compliance' all over the map. Why is PCI DSS any different?Well, for the most part, it's not like other regulations such as HIPAA and GLBA where many in management give it lip service but don’t really do ...

    Continue Reading...
  • 28 May 2008

    What do you do for Web site security…?

    I received an email yesterday from Redmond Magazine (a good trade rag) that caught my attention. The title of the email said "Trust in Web Site Security is Declining. What Should You Do?" I thought, really!?...are you serious? and well, I don't know what to do, let me see just what the solution is. [tongue in cheek]Low and behold it was an email sponsored by Verisign about their whitepaper entitled ...

    Continue Reading...

Success expert Brian Tracy shares his thoughts on Kevin:

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:


Hacking For Dummies, 8th edition penetration testing book

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO compliance coronavirus covid-19 cybersecurity data breaches discipline eagle syndrome hacking Hacking For Dummies health helmet communications incident response keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements tethered spinal cord tiktok time management underimplemented vulnerability and penetration testing web security willingness zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.