Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: PCI

How to Define “Connected Systems” to the PCI Cardholder Data Environment (CDE)

– While the Payment Card Industry (PCI) Data Security Standard (DSS) arguably does a better job than most standards in defining scope, there is one part of the DSS that needs to be clarified. The DSS determines scope in terms of “system components,” which it defines as follows. The PCI…

PCI DSS v1.2: Will the New Standard Miss the Mark?

– With the imminent release of version 1.2 of the PCI standard I feel like the new version may miss the mark and not bring the improvements some people had hoped for. The PCI Council released a document detailing the changes that will be made to the standard and I feel several important security…

Down the PCI Rabbit Hole in Search of Better Risk Measurements

– Decision-making is often a product of risk assessment and prioritization.  Currently, I have several deliverables pending for work, a carpentry project at home and this article to write.  As I decide which to address, I quickly, and in many cases, unconsciously, analyze what I am placing at risk…

So Why Do We Need Security Professionals, Anyway?

– So, why do we do what we do, and what if we couldn’t do it anymore? I have reinvented myself so many times over the years that anyone reading my curriculum vitae would imagine I was the victim of identity theft. Stints in the Teamsters, Longshoremen, and building unions have given me my cultured…

Crossing the Metrics Rubicon: Quest for the Perfect Measurement

– Security metrics represent a great untamed wilderness for organizations trying to determine both their risk profile and the effectiveness of the resources they have allocated to their security program. When I first became a security person after a career managing customer service, finance, and…