Clik here to view.
Database Encryption for PCI Compliance (Part 1)
For the last several years, the payment card industry has had a tremendous impact on the field of information security. The PCI - Data Security Standard (PCI-DSS), in particular, has forced companies...
View ArticleClik here to view.
Database Encryption for PCI Compliance (Part 2)
So let’s talk about a better way to do database encryption - one that includes the use of an asymmetric encryption method. Normally you’d want to avoid this route simply because the processing overhead...
View ArticleClik here to view.
Database Encryption for PCI Compliance (Part 3)
Okay, so far all I’ve explained are the public and private keys that are used. Now I’m going to add in a third key – a session key that is used for each transaction involving encryption. When I...
View ArticleClik here to view.
Compliance: Why PCI Is NOT Security (Part 1)
Why PCI Is NOT Security (Part 1). The Problem with PCI. I’ve seen it or heard about it several times now – walking in the door of a company that’s so busy focusing all of its time and attention on PCI...
View ArticleClik here to view.
Compliance: Why PCI Is NOT Security (Part 2)
Why PCI Is Not Security (Part 2). 'Letter' vs. 'Spirit' or 'Intent'. With compliance-based frameworks like PCI, where very specific requirements are established, another issue is introduced. The...
View ArticleClik here to view.
Compliance: Why PCI Is NOT Security (Part 3)
Why PCI Is NOT Security (Part 3). The Perfect Storm. Next we dig into the deepest darkest recesses of taking a totally compliance-based approach to information security (rather than a holistic one) -...
View ArticleClik here to view.
Compliance: Why PCI Is NOT Security (Part 4)
Why PCI Is NOT Security (Part 4). The Final Analysis. Again, I’m not saying that PCI is a bad thing – it’s a tool, and it adds value. It’s the approach that organizations take that determines if it’s a...
View ArticleClik here to view.
Compliance: Doing a SWOT Analysis on PCI Requirements
Doing a SWOT Analysis on Your PCI Requirements I am a big fan of ‘tried and true’ business tools that are simple, yet effective. One particular tool that comes to mind is a good old SWOT analysis. SWOT...
View ArticleClik here to view.
Compliance: O Wherefore Art Thou PCI on Mobile POS
Compliance: O Wherefore Art Thou PCI on Mobile POS Shall I speak at this? Your damn skippy I will! So what's up with the PCI Council and it's failure to grasp reality? Yes, I've always had my issues...
View ArticleClik here to view.
Compliance: Where Governance and Compliance Intersect
Where Governance and Compliance Intersect Over the past few years there's been a trend in the security industry that has actually redefined our notion of compliance and what it means to be 'compliant'....
View ArticleClik here to view.
Compliance: Measuring Risk Under PCI 3.0 (Part I)
Measuring Risk Under PCI 3.0 (Part I). Release time for PCI DSS 3.0 is just around the corner; and, by all accounts, it really looks like the PCI Security Standards Council (SSC) has come to realize...
View ArticleClik here to view.
Compliance: Measuring Risk Under PCI 3.0 (Part II)
Measuring Risk Under PCI 3.0 (Part II) If you missed Part I of this series, you can read it here. I talked a LOT about 'problems' in the first part of this series. Now I want to talk about solutions -...
View ArticleClik here to view.
Compliance: Measuring Risk Under PCI 3.0 (Part IIIa)
Compliance: Measuring Risk Under PCI 3.0 (Part IIIa) After working on this series of articles for a while now, I've decided that my original part III is simply too lengthy for a single post. It...
View ArticleClik here to view.
Compliance: Measuring Risk Under PCI 3.0 (Part IIIb)
Compliance: Measuring Risk Under PCI 3.0 (Part IIIb) After working on this series of articles for a while now, I've decided that my original part III is simply too lengthy for a single post. It...
View ArticleClik here to view.
Compliance: Measuring Risk Under PCI 3.0 (Part IIIc)
Compliance: Measuring Risk Under PCI 3.0 (Part IIIc) After working on this series of articles for a while now, I've decided that my original part III is simply too lengthy for a single post. It...
View Article