PCI

Credit Card Breaches: The times they need a changin’

If my blogging about credit card breaches has a bit of a deja vu feel to it you're not crazy, I last touched on it less than six months ago.  Sadly I was handed a new update this week in the form of my bank card being cancelled from right out underneath me again.   For those of you keeping score...

Anyone remember the Heartland breach?

Two weeks ago news broke about a huge, massive leak of credit card information from a processor called Global Payments and I braced for a firestorm of media coverage that was sure to follow.  Two weeks hence and it's pretty much a non-event.  A few days ago the State of Utah reported a breach of...

GRC presents a broad spectrum; is it too broad?

In early 2004 I co-authored my first Sarbanes-Oxley (SOX) controls framework for a client.  Just about the entire thing required manual testing that, if everything worked as planned would require a full-time resource to support.  About thirty seconds after submitting the framework draft to the...

My bank card was compromised.

Two weeks ago, about two hours before departing on a long weekend trip to welcome back baseball in Florida I received an email from my bank indicating that there's been suspicious activity on my Visa check card and that it's been suspended.  Considering that under normal conditions I think my...

Why I don’t trust hosted or SaaS solutions.

Let me begin by sharing a story from the way back files.   In the mid 80’s when I was first starting out in my career I was working as a junior programmer in Manhattan.  Courtesy of playing on the corporate softball team I became acquainted with a fairly diverse group of...

Does everyone value their privacy or is it just me?

I just came to find out that I’m old.  It was somewhat sudden and sort of unexpected as I’m not quite half way to one hundred and have fooled myself into thinking that old doesn’t roll in until somewhere beyond sixty.  But apparently one persons middle-aged...

Is new guidance really new or worth waiting for?

Oh how the times have changed.  Once upon a time I was part of a group of peers who waited for new album releases, camped out over night for concert tickets and once even waited on line for the annual release of Strat-O-Matic's baseball set (perhaps the nerdiest thing I've ever done).  And all of...

GRC is about to see its future.

      0 Comments     RSS Feed     Email a friend

December 28, 2010  8:55 PM

Risk versus reward: Data warehouses and the cloud

Posted by: David Schneier
assessment, Audit, cloud, cloud computing, data security, data warehouse, GLBA, PCI, regulatory, Regulatory Compliance, SOX

It's a popular time of the year for people like myself who publish any form of content to either reflect on the year that was or make predictions on the year that's to be. Confidentially those are typically easy pieces to write and I'm generally happy to take advantage of such opportunities....

      0 Comments     RSS Feed     Email a friend

December 10, 2010  6:45 PM

Year-end begets regulatory compliance audit panic

Posted by: David Schneier
assessment, Audit, FFIEC, GLBA, PCI, red flags, red flags identity theft, regulatory, Regulatory Compliance, Security, security awareness, SOX

Sometime back in August I blogged about addressing outstanding compliance tasks before the year's end. We see it every year in my practice: Compliance  and security folks wake up sometime right around now in a bit of a panic and realize that they're about to miss hitting on certain key regulatory...

      0 Comments     RSS Feed     Email a friend