[SecurityRatty] tag: pci-compliant

PCI DSS Blogs

Mon, 24 Nov 2008 12:20:00 +0000

I polled a few lists to create a longer lost of PCI DSS related blogs (looking especially for blogs by QSAs), so IN NO PARTICULAR ORDER:

If I missed anybody, sorry, please add below and I will update my list!

Just FYI.

Links for 2008-11-19 [del.icio.us]

Wed, 19 Nov 2008 21:00:00 +0000

QualysGuard PCI Pass/Fail Status Criteria - Qualys
Press Releases - November 11, 2008 - Q1 Labs
free, downloadable, log management and compliance product that provides organizations with visibility across their networks, data centers, and infrastructures
Healthy Paranoia: Top 50 Internet Security Blogs by The Daily Netizen
GOVCERT.NL Symposium 2008
Looking for Trouble - WSJ.com
ClearNet Security : It’s hard to build a smart SIEM
If you find yourself evaluating SIEM products, dig in and investigate how each works - you don’t want yesterday’s product.
PCI Perspectives by Dave Taylor
Lehman Bros 'killed by complexity' (physicsworld.com Blog) - physicsworld.com

International Challenges in PCI Security

Tue, 18 Nov 2008 21:00:00 +0000

In a country that's seen many regulatory compliance challenges this decade, the headaches of PCI security tend to be analyzed from a largely American perspective.

PCI Compliance: Visa Announces Global Deadlines

Mon, 17 Nov 2008 21:00:00 +0000

In response to the complex and global threats faced by the cardholder ecosystem, Visa Inc recently announced worldwide deadlines for PCI DSS Compliance. "Compliance with PCI DSS is vital to ensuring the integrity of the global payments system," said Eduardo Perez, head of global data security, Visa Inc. "Aligning compliance programs across the Visa regions is the latest step in our commitment to safeguarding cardholder data."

PCI council sharpens oversight of security auditors

Sun, 16 Nov 2008 21:00:00 +0000

The PCI Security Standards Council introduces plan to sharpen oversight of qualified security assessors and approved scanning vendors.

Monthly Blog Round-Up October 2008

Mon, 10 Nov 2008 13:35:00 +0000

As we all know, blogs are a bit "stateless" and a lot of good content gets lost since many people, sadly, only pay attention to what they see today. These monthly round-ups is an attempt to remind people of useful content from the past month!

So, here is my next monthly "Security Warrior" blog round-up of top 5 popular posts and topics.

OF COURSE, the news of my “transition” is the item #1, by far. “Change!!!” and “Qualys” posts rule the list.
Last month I posted a bunch of my presentations on logs, security, etc on the blog. “Presentation from GOVCERT.NL 2008: Log Forensics” takes one of the tops spots; and so do “Presentation on Application Logging, Done Wrong or Very Wrong” and “Presentation on Optimizing Your Logging for Insider Attack Tracking.” BTW, all the presentations are here.
Shockingly, AGAIN this month, the "Top 11 Reasons to Secure and Protect Your Logs" came up as #1 most popular post (maybe driven by my poll). BTW, see my other logging polls and my other “top 11” lists.
SIEM bashing reached a new high (eh…“low”? :-)), now that Richard is helping too; my “11 Signs That Your SIEM Is A Dog or "Raffy, You Killed SIM!" is on the top list. It is both humorous and sadly true (and backed up by other sources and here.)
Somewhat predictably, PCI compliance is obviously still all the rage: MUST-DO Logging for PCI? post was again propelled to a place in my monthly Top5 list.

See you in November.

Possibly related posts / past monthly popular blog round-ups:

Technorati Tags: blog,security,loggings,monthly

Links for 2008-11-06 [del.icio.us]

Thu, 06 Nov 2008 21:00:00 +0000

Links for 2008-11-04 [del.icio.us]

Tue, 04 Nov 2008 21:00:00 +0000

PCI Blog - Compliance Demystified » Blog Archive » E-Commerce Startups deal with PCI compliance

PCI's Post-Audit Pain Points

Tue, 04 Nov 2008 21:00:00 +0000

Those who thought their PCI security challenges would be over after the first passing compliance audit say they continue to be dogged by the same problems that caused pain in the beginning.

On Small Companies and PCI Compliance

Tue, 04 Nov 2008 08:42:00 +0000

Read this post ("E-Commerce Startups deal with PCI compliance" at "PCI Anwsers" Blog) and weeeeeeep: "I once was talking with a small business owner who was reading through the Self-Assessment Questionnaire (SAQ) and stopped at the first question, which basically said, Do you have a properly configured firewall? The business owner called into the back room and asked the store manager, “Hey, do we have a firewall?” The store manager replied that he thought they had a fire extinguisher which was up to date. I then watched as the store manger checked the “In Place” box on the form stating they had a properly configured firewall in place."

Wonna "sell PCI compliance" to small businesses? One need to get smart in a very special way! :-)