faulker051

OK folks, our PCI Compliance book has been out for a couple of months now, and Branden & I thought it would be fun to give a way a couple of copies with a contest! We have assembled a group of three independent judges that will take a whittled down list and pick winners for each competition. The winner will receive a free, signed copy of the book ! So, on to the first contest. Our book attempts to draw a middle line between the black & white “audit” style of looking at PCI DSS and the loosey-goosey anything goes view. We want to take a compliance-friendly, practitioners line. But we’ve all been in those meetings when you look at a particular defense of a control (or lack thereof) and you can’t help but laugh a little bit on the ridiculous nature of what was presented. So our first challenge to you, in the comments below, please tell us about your MOST HILARIOUS PCI FAIL. You’ve got a week (until the end of Wednesday, November 21st), and we will announce the winners after ...

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “ Simple Log Review Checklist Released! ” is often at the top of this list – the checklist is still a very useful tool for many people. “ On Free Log Management Tools ” is a companion to the checklist ( updated version , and, yes, I know it needs another update) “ On Choosing SIEM ” is another old classic (from 2010) that shows up on my top list; it covers some tips on  choosing SIEM tools. “ Top 10 Criteria for a SIEM? ” came from one of my last projects I did when running my SIEM consulting firm in 2009-2011. My PCI DSS Log Review series is popular as well. It actually needs no introduction. SIEM use cases (however they are defined) seem to be on a lot of minds and so “SIEM Bloggables” post (and this one too) is on my top list. In addition, I’d like to draw your attention to a few posts from my Gartner blog : Current DLP research: DLP and/or/for/vs Data Security...