Regulatory Reality:

July, 2009

July 30, 2009  6:26 PM

Reports: MasterCard institutes new PCI fines

Marcia Savage Marcia Savage Profile: Marcia Savage

MasterCard apparently is continuing to up the ante when it comes to PCI compliance.  There are reports this week that the company has instituted new fines for merchants that are non-compliant with the PCI Data Security Standard. Branden Williams, PCI practice director at VeriSign, wrote about

July 27, 2009  8:56 PM

Let the FDIC lead the way!

David Schneier David Schneier Profile: David Schneier

I can’t think of any more telling comment about where I am in my professional life than what I’m about to offer:

Sheila Bair rocks!

If you don’t know who she is, well, shame on you.  Because...

July 17, 2009  1:58 PM

Does compliance equate to secure?

David Schneier David Schneier Profile: David Schneier

Despite earning a living in the space, I often question the value of regulatory compliance.

How is it that a business can be PCI-compliant but still have glaring vulnerabilities?  How is it that despite layer upon layer of controls...

July 8, 2009  3:45 PM

How’s about a federally mandated Information Security Assessment?

David Schneier David Schneier Profile: David Schneier

I had a eureka moment recently that I’d like to share.

In considering the implications of the recently announced changes by MasterCard that will now require PCI Level 2 merchants to be assessed by a Qualified Security Assessor (QSA) it occurred to me...

July 2, 2009  2:53 AM

2 for 1 sale: How governance leads to compliance.

David Schneier David Schneier Profile: David Schneier

A while back I’d written about the Unified Compliance Framework from Network Frontiers, which takes quite literally every regulation and framework within the IT domain and maps them in such a way where you can identify how a single control addresses multiple requirements. In...

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: