Feed on
Posts
Comments

Category Archive for 'Compliance'

The compliance market

A known and mostly accepted axiom in security is that the people doing something should not verify and accredit the same. This is to make sure that a solution is not flawed or intentionally sabotaged. This process holds true in many cases but as it turned out this is not always true for the market […]

Read Full Post »

BCM as a service

I got quite a few responses regarding PCI DSS as a service, some interesting, some rather insulting from other security consultants. Apparently ‘Survival of the fittest’ is not mandatory literature anymore. 😉 Looking at the possibilities of Compliance as a service I started to look at BCM, Business Contingency Management. One of my colleagues, Hans […]

Read Full Post »

Starting your own company is always an interesting challenge, especially when you have ideas that are not so common in the industry. Our core service is PCI DSS as a service, sounds simple enough? Quite a few clients have been intrigued what it actually means and how to implement it. PCI DSS as a service […]

Read Full Post »

Compliance and old infrastructure

During my years working with compliance one thing that have become very obvious is the hard work needed to get old infrastructure compliant while new is like having an ice cream in the sun. I recall working at a client many years ago where we were arguing if an old till system should be upgraded […]

Read Full Post »

Compliance and compliance

I have recently started to create a generic compliance architecture for all types of compliance. As you easily understand I immediately ran into some problems. The obvious once is of course that some compliance focuses on confidentiality, like HIPAA and PCI DSS, while other focuses on integrity, like SOX. Another challenge in compliance is not […]

Read Full Post »

Today I had a chat with one of my favourite security consultants in UK. He told me this amusing story about a company where he was supposed to implement Encase Enterprise Edition. When having a meeting with the network guys for pushing out the software as any other software the network guys immediately said: ‘No, […]

Read Full Post »

Two years back I read about 3D printing of keys and concluded that it more or less changed the game for the concept of keys. Gladly (or sadly) the world moves forward and they innovative uses of 3D printing have emerged. Entering the scene: 3D ATM skimming devices ready from the printer. An ATM-skimming device […]

Read Full Post »

Having worked with security and compliance schemes for many years I still find it very challenging to motivate why a client should invest in fulfilling any type of compliance, besides the obvious one: You have to. But as everyone knows a rule consists of three parts: The rule, the monitoring of rule fulfillment and the […]

Read Full Post »

What is a CDE

Working with PCI DSS means that you get used to several acronyms flying around in documentation. One of those is CDE standing for Card Data Environment. CDE is mainly used within PCI DSS to explain where card data resides. So any server containing card data is within CDE. All servers touching this server and is […]

Read Full Post »

Credit card security checks

Shopping is always an experience in US. With the dollar all time low from a Swedish perspective shopping is even more interesting to look into every store you could find. Adding to that a very keen interest in PCI DSS and is applications I do understand why PCI DSS was started in US. Looking into […]

Read Full Post »

« Prev - Next »