faulker051

OK folks, our PCI Compliance book has been out for a few months now, and Branden & I thought it would be fun to give away a copy with another contest! We have assembled a group of three independent judges who will look at the submissions and pick winners for each competition. The winner will receive a free, signed copy of the book ! In fact, it would be one of those rare “dual-signed” copies with both of our signatures (and the book will have to travel from TX to CA – or from CA to TX – for this ) So, on to the second contest ( first one ). Our book attempts to draw a middle line between the black & white “audit” style of looking at PCI DSS and the loosey-goosey “anything goes” view. We want to take a compliance-friendly and security-friendly, practitioners line. However, sometimes even a compliance guy has to be CREATIVE! So our second challenge to you, in the comments below, please tell us about your MOST CREATIVE PCI DSS CONTROL you implemented, assessed or even witn...

Our PCI Compliance Book Giveaway has ended – with a bang!  The winning entry ( submitted here ) is below: "Hilarious in a sad way, the worst PCI fail I ever had was getting solicited by a Wedding / Bridal catalog company to assist them in improving their online ordering and bridal catalog subscription service. I had no contract with them, this was just a preliminary "Let's see what we can do for you." They sent us their website, and also e-mailed me a copy of their site's source code. In the source code was an SQL dump of over 7 years of brides personal information including names, addresses, birthdays, and FULL credit card numbers, expiration dates, CCVs, card type, phone numbers, email addresses, and unencrypted passwords. In shock of seeing this, I called the potential client, said we couldn't help them and deleted the data as completely as I could. Eek!" The winner, “James P”, please mail your address to authors@pcicompliancebook.info and we wil...

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “ Simple Log Review Checklist Released! ” is often at the top of this list – the checklist is still a very useful tool for many people. “ On Free Log Management Tools ” is a companion to the checklist ( updated version , and, yes, I know it really needs another update) “ PCI Compliance Book Giveaway! ” announces our new contest and its prize – The PCI Compliance book . We will announce the winner any day now. My classic PCI DSS Log Review series is popular as well. The approach is useful for building other types of log review processes and procedures, whether regulatory or not. “ On Choosing SIEM ” is another old classic (from 2010) that shows up on my top list; it covers some tips on  choosing SIEM tools. “ Top 10 Criteria for a SIEM? ” came from one of my last projects I did when running my SIEM consulting firm in 2009-2011. In addition, I’d like to draw your attentio...