Sorry it’s been a while since you’ve be ingratiated with a 2-sec blog entry. You might have noticed recent UK press legislation that was put in place following the phone hacking scandal, that appeared to be ubiquitous and spanning all kinds of publishing media. I did at some point work out if I could actually […]
Where did all the blogs go? Read More »
As you may have heard on the grapevine 2-sec’s SIG proposal for Third Party Security Assurance was accepted and we are currently working with the PCI SSC to flesh out plans for improving service provider engagement guidance and influencing the outcome of PCI DSS v3.0, to help better serve and secure the payments community. Control
PCI SSC Third Party Security Assurance SIG Read More »
PCI DSS 12.5 “Assign to an individual or team the following information  security management responsibilities” is not just about putting somebody’s name down to pass an audit and us QSAs are clamping down hard on those whom pay governance lip service, then forget about it for a year until the next audit is due. Even in smaller
PCI DSS governance Read More »
Well, maybe manipulation is a bit of a strong word, but the reason for this title is due to the increasing number of requests we get as QSAs to help out smaller, level 4 merchants, whom have been instructed by the likes of Worldpay, RBS Worldpay (aka Streamline), Barclaycard Business, HSBC or PayPal, to go
The Cunning Art of ASV Manipulation! Read More »
I am presenting a proposal to setup a SIG for Third Party Assurance at both Orlando and Dublin PCI SSC Community Meetings. Â The aim of the SIG is to provide additional guidance around control 12.8, which to date we think is somewhat open to interpretation. The control as it stands: 12.8 If cardholder data is
PCI SSC Special Interest Group (SIG) – Third Party Assurance Read More »
Look out for us at PCI Europe’s London event on July 5th, in association with Visa and Barclaycard –Â http://www.pci-portal.com/pci-europe/. Â A limited number of tickets are still available and register quickly if you would like to come along. Â The invite only, world renowned 2-sec after party returns in the evening, which offers an informal setting
2-sec exhibiting at PCI London, July 5th 2012 Read More »
Much of my work circles around PCI DSS, and it was interesting to see an announcement from the SSC this week for yet another programme. This time, a select few that are priviliged to be in the right place at the right time, can register as QIRs – Qualified Integrator and Resellers for PA-DSS validated
QSA, PA-QSA, ISA, ASV, PPTP, PTS, PFI and QIR – acronyms going too far? Read More »
I’ve been to a few talks lately and it seems to be a growing theme. People think that being compliant doesn’t make you secure, and that to be “secure” you need to exceed what you are doing at a compliance level. I have to say I disagree, and I wish people wouldn’t keep quoting such
Being compliant doesn’t make you secure… Read More »
I ran a couple of sessions at RSA Europe 2011 to talk about PCI DSS and Risk Based Compliance. What struck me was the make up of the audience. One or two years ago, I could have put good money on the make up of the audience being 90% merchants, but now, an equal balance
Risky Business and Quick Win Compliance Read More »
