This event was chaired by our CEO, Tim Holman, whom also addressed the audience of senior oil and gas executives from all over the world as to the risks that Advanced Persistent Threats could pose to their industry. As much is governed by industrial controls systems, the role of Stuxnet was discussed in depth, as […]
Oil & Gas Cyber Security, London, Nov 2011 Read More »
I ran a couple of sessions at RSA Europe 2011 to talk about PCI DSS and Risk Based Compliance. What struck me was the make up of the audience. One or two years ago, I could have put good money on the make up of the audience being 90% merchants, but now, an equal balance
Risky Business and Quick Win Compliance Read More »
I’ll be talking about PCI DSS and Risk Based Approaches at RSA Europe this week, Thursday 13th October at 13:00 – 13:50. If you are planning to attend, would be great to see you. If you can’t make it, you can download my presentation here: GRC-304 – Taking a Risk Based Approach to PCI DSS
Taking a Risk Based Approach to PCI DSS Whilst Still Checking the Boxes Read More »
You might have noticed things have gone a little quiet round here, as my last blog post seemed to get me into a spot of trouble… Anyway. It’s certainly not my style to tread on the feet of a major UK acquirer and in the end I was asked to remove the names of the
Risk, Risk Management and PCI DSS, part 2 Read More »
We all know what risk is. It’s like stepping outside of the house in the morning, looking up at the sky, working out whether or not you think it’s going to rain and then working out whether or not it’s going to rain enough to warrant taking an umbrella, full waterproofs or avoiding the rain
Risk, Risk Assessments and PCI DSS Read More »
If you’re hitting section 5.1.1 of PCI DSS and want to verify that all anti-virus programs detect, remove, and protect against all known types of malicious software (for example, viruses, Trojans, worms, spyware, adware, and rootkits), then what do you do? How do you test anti-virus software actually works? I’ve been using the EICAR test
EICAR – the anti-virus testfile Read More »
What a great little tool to help verify SSL configurations. If you’re working through PCI DSS and hit section 4.1a, then www.ssllabs.com does a grand job at ensuring your SSL configuration is inline with security best practice. Still not too convinced that I need to ‘sample’ some HTTPS network traffic to make sure it’s actually
Version 2.0 of the Prioritized Approach has been released and is available for download at www.pcisecuritystandards.org. So what’s moved? A number of controls have been moved from milestones 5/6 to milestones 2/4: 9.1 – Physical Access 10.5 – Audit Trail Integrity 11.1 – Wireless Scans 12.5.3 / 12.9 – Incident Response Plan 11.3 – Penetration
PCI DSS Prioritized Approach v2.0 Read More »
Take advantage of our guest program today. Join us at an upcoming ISSA Meeting. You will have the opportunity to enjoy presentations on pertinent industry topics, connect with practicing professionals, learn about future chapter activities and earn CPE credits. You will also receive a complimentary copy of the ISSA Journal. Please visit the following link
Sample an ISSA meeting before you join Read More »
