-
Recent Posts
Look at Categories
Archives
- March 2024
- November 2022
- October 2021
- August 2021
- June 2021
- August 2020
- December 2019
- November 2019
- October 2019
- December 2018
- September 2017
- October 2016
- March 2015
- February 2015
- January 2013
- September 2012
- August 2012
- March 2012
- October 2011
- June 2011
- May 2011
- February 2011
- December 2010
- November 2010
- September 2010
- August 2010
Search the Blog
InfoSec Governance
- Security Maturity vs Risk Based Security 24 March, 2024
- Mandatory versus Guidelines: A story of FUD 21 November, 2022
- A Little Tech – Reset Troubles with MFA 18 October, 2021
- The Fear Mongers 11 August, 2021
- Better Late than Never: My First Foray into Real Metrics 3 August, 2021
- Three Key Patterns for Information Security Programs 2 August, 2021
- The Fallacy of Permanence 16 June, 2021
- DevOps is dead, long live Dev! 7 August, 2020
- I Love the Subject of Change Control 17 December, 2019
- Unicorns (and how the Gene Kim challenges us yet again…) 27 November, 2019
Category Archives: PCI
Data Facts vs. My Bias…how I am losing (and why its good)
I have to admit as I listen to the sages on collecting data (Alex Hutton, Mike Dahn, Josh Corman…) I am getting more and more conscious of my own biases about security (guilty as charged!). Ever since Alex’s post a … Continue reading
Posted in Information Security, InfoSec, IT Risk Management, PCI
3 Comments
Model for Building PCI Control Objectives
Maybe it’s the excitement of getting re-Tweeted today, or maybe it’s just the outpouring of love and emotion I felt when I watched the video of the Mike+Josh hug, but I thought I’d provide a bit more thought around how … Continue reading
Posted in CISO, CSO, Information Security, IT Risk Management, PCI
Leave a comment
Moving Beyond Compliance – Commentary on PCI-Hug-It-Out
I finally got around to listening to the Tripwire sponsored, Martin McKeay and Gene Kim hosted PCI Hug It Out with Josh Corman and Mike Dahn. If you haven’t heard it, you should. Two very smart people (well four actually, … Continue reading
Posted in Information Security, InfoSec, PCI
1 Comment