This is cache of http://riskmanagementinsight.com/riskanalysis/?p=578. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
Potpurri: Ponemon, Payment Professionals, Perimeters, & Pete Lindstrom
2009-02-04 18:24:15 by Alex in RiskAnalys.is
 

Today’s blog post is a quick catch up post on several fronts.

I LIKE PROFESSIONAL ASSOCIATIONS

First, Chris Hayes, David Mortman and I had the honor of being bought dinner by Mike Dahn.  Mike’s right, he and I are working towards the same goal, he’s just brilliantly practical about PCI and helping people.  To that extent, if you’re not aware already, I wanted to mention that Mike’s working with the Society of Payment Security Professionals.  And I think that’s awesome.

I’ve been known to really enthusiastic with my support for professional associations that focus on specific verticals add a lot of networking value.  Like Kelly Dowell’s CUISPA, As you think about the four landscapes we risk managers need visibility into (Loss Magnitude, Threat, Controls, & Assets) - professional associations can really add value in that there are informative similarities that can be shared when professionals are able to really establish trust relationships.  Let me encourage those of you with PCI concerns to look into The Society of Payment Security Professionals as a means to share information and maybe even gain some representation.   Also, Mike’s a great, very smart guy.

I’M SKEPTICAL ABOUT INCIDENT LOSS VALUES SOMETIMES

The Ponemon study is out.  Check out Adam’s prelim. analysis at EmergentChaos if you haven’t already.

DOCUMENTS FOR THE JERICHO-IZATION OF YOUR NETWORK

Via Crowmore.seOnewalldown.com and Cap Gemini have started publishing free .pdf’s on what Jericho networks look like.  Note to Cap Gem:  If you want me to read stuff that is marketing, putting dark text on a colored, semi-opaque background is ok.  If you want me to read a white paper, please make it easier to read.

My aesthetic whining aside, these are good, important documents.  If you haven’t thought about Trust Brokering, and you’re a security architect - you need to start.

PETE LINDSTROM HAS BEEN ON A ROLL

He and I don’t see eye-to-eye on everything, but he’s been posting well if you haven’t been reading them, and his last post on Thinking Strategically About Security Metrics is a starter and worth you’re read.

I like my four landscapes as a source of strategic thinking rather than his four strategic metrics sources - but they’re not at all dissimilar enough to keep us from thinking about how they might relate to each other.

 
Tags: professionals, payment security professionals, professional associations, todays blog post, post, strategic, pete lindstrom, strategic metrics sources, trust