-
27 Jun 2008What does “qualified third party” mean in PCI 6.6?
There's been a lot of hoopla surrounding the PCI DSS requirement 6.6 compliance next week. Even with all the noise, there is some good news for both covered entities and independent security professionals such as yours truly. In the PCI DSS requirement 6.6 Information Supplement document, the first sentence at the top of page 3 states "Manual reviews/assessments may be performed by a qualified internal resource or a qualified third ...
Continue Reading... -
13 Jun 2008
New PCI assessor quality assurance program!?
What? You mean that when an organization pays thousands and thousands of dollars to become a PCI assessor it doesn't guarantee the quality of their work is going to be top notch!!?? An assessor quality assurance program is in the works....? Is the marketing machine failing these vendors?I'm shocked. ;-)...
Continue Reading... -
14 May 2008
Interesting breach making the headlines
Apparently Dave and Buster's (a favorite place of mine for food and fun) is one of the latest security breach "victims". This is a VERY good reason to NOT use debit cards (what consumer guru Clark Howard calls piece of trash fake Visas and fake Mastercards).I never use a debit card at a store or restaurant if it looks like the card scanner is connected directly to a computer. That's ...
Continue Reading... -
05 May 2008
My security content from this (past) week
Here are two information security podcasts published this past week:Using the Malicious Mindset in Security AssessmentsNew service packs for Windows Vista and XPAs always, for my past information security content be sure to check out www.principlelogic.com/resources.html.Enjoy!...
Continue Reading... -
21 Jan 2008
Crooks will always find a way
I was perusing the latest issue of Security Technology & Design (a trade mag that I write for) and was reminded of some findings of a recent security assessment...It's: where do the bad guys start when attempting to work their way inside a building? Something that's easy to overlook (and often is) is that of unsecured external access to a building. Think about both network type entry points and walk-in ...
Continue Reading... -
26 Oct 2007
My articles from this week
A new thing I'm going to start doing on my blog is linking to any articles I've recently written for TechTarget and other trade publications. Sort of an added bonus to what I write here in my blog. For all of my past content be sure to check out www.principlelogic.com/resources.html. Here are this week's entries: Eight reasons to do source code analysis on your web application Database security testing terms: ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including:
Tags
For your convenience I accept
