Category Archives: PCI

Data Facts vs. My Bias…how I am losing (and why its good)

I have to admit as I listen to the sages on collecting data (Alex Hutton, Mike Dahn, Josh Corman…) I am getting more and more conscious of my own biases about security (guilty as charged!).  Ever since Alex’s post a … Continue reading

Posted in Information Security, InfoSec, IT Risk Management, PCI | 3 Comments

Model for Building PCI Control Objectives

Maybe it’s the excitement of getting re-Tweeted today, or maybe it’s just the outpouring of love and emotion I felt when I watched the video of the Mike+Josh hug, but I thought I’d provide a bit more thought around how … Continue reading

Posted in CISO, CSO, Information Security, IT Risk Management, PCI | Leave a comment

Moving Beyond Compliance – Commentary on PCI-Hug-It-Out

I finally got around to listening to the Tripwire sponsored, Martin McKeay and Gene Kim hosted PCI Hug It Out with Josh Corman and Mike Dahn.  If you haven’t heard it, you should.  Two very smart people (well four actually, … Continue reading

Posted in Information Security, InfoSec, PCI | 1 Comment