There's been a lot of hoopla surrounding the PCI DSS requirement 6.6 compliance next week. Even with all the noise, there is some good news for both covered entities and independent security professionals such as yours truly. In the PCI DSS requirement 6.6 Information Supplement document, the first sentence at the top of page 3 states "Manual reviews/assessments may be performed by a qualified internal resource or a qualified third ...
Continue Reading...What? You mean that when an organization pays thousands and thousands of dollars to become a PCI assessor it doesn't guarantee the quality of their work is going to be top notch!!?? An assessor quality assurance program is in the works....? Is the marketing machine failing these vendors?I'm shocked. ;-)...
Continue Reading...Apparently Dave and Buster's (a favorite place of mine for food and fun) is one of the latest security breach "victims". This is a VERY good reason to NOT use debit cards (what consumer guru Clark Howard calls piece of trash fake Visas and fake Mastercards).I never use a debit card at a store or restaurant if it looks like the card scanner is connected directly to a computer. That's ...
Continue Reading...Here are two information security podcasts published this past week:Using the Malicious Mindset in Security AssessmentsNew service packs for Windows Vista and XPAs always, for my past information security content be sure to check out www.principlelogic.com/resources.html.Enjoy!...
Continue Reading...I was perusing the latest issue of Security Technology & Design (a trade mag that I write for) and was reminded of some findings of a recent security assessment...It's: where do the bad guys start when attempting to work their way inside a building? Something that's easy to overlook (and often is) is that of unsecured external access to a building. Think about both network type entry points and walk-in ...
Continue Reading...A new thing I'm going to start doing on my blog is linking to any articles I've recently written for TechTarget and other trade publications. Sort of an added bonus to what I write here in my blog. For all of my past content be sure to check out www.principlelogic.com/resources.html. Here are this week's entries: Eight reasons to do source code analysis on your web application Database security testing terms: ...
Continue Reading...