Recently, the PCI Security Standards Council provided QSAs with a preview of some upcoming changes to the Data Security Standard (DSS) regarding the use of Secure Socket Layer v 3.0 (SSL) and its suitability for protection of payment card data; since then our QSA team has been awaiting an official pronouncement to clarify the scope and impact of the proposed changes.
A good assessment should take the entirety of the risk environment into consideration (think about supporting systems, vendor management, emerging malware, etc.) and not focus narrowly on one type of data, environment, or system. Bottom line: Use compliance to steer your IT direction, but always check your blind spots.
Let’s get something straight – IT security is like fighting a war. A defensive war. A war of attrition. Really evil bad guys, really nasty consequences. And, like in war, soldiers might be on the front for many months with no sign of activity followed by huge battles overnight. Some get no respite.
And in this IT security war – we are fighting without a strategy!
Monika Morrow will be speaking at Bugcrowd Bug Bash during OWASP Bug Week tomorrow Wednesday December 10, 2014 7:00pm at Bugcrowd HQ in San Francisco.
Training is essential to the secure development life-cycle and the advancement of trustworthy computing.
Robert Imhoff will be speaking at (ISC)2 Security Congress at the upcoming 2014 conference to be held September 29th - October 2nd in Atlanta.
AppSec Consulting will be exhibiting in the Vendor Showcase at the 2014 North American PCI-SSC Community Meeting in Orlando, FL. The meeting is from September 9-11, we hope to see you there...
AppSec Consulting Sponsoring theSummit EFF Fundraiser