Most of you know that I run a Mac as my primary work laptop these days, but I was issued a new Windows Vista machine by my company. So one of the things Windows is good for (and there aren’t too many) is that it can run one of my favorite tools; Netwitness Investigator.
Here’s what happens when you forget that your corporate-managed AV solution is running on your laptop and you run a scan…
You lose your malware analysis collection. 
Shazbot!
So I am in the middle of working on a rather large project at the moment, and in the course of my work, I am constantly barraged with the notion that to achieve corporate goals associated with security we must meet regulatory compliance; especially PCI (Payment Card Industry… not peripheral component interconnect) compliance.
Before anyone gets upset with me, let me state that I think that the PCI-DSS is a well thought-out and clearly articulated set of standards that are good to measure a company’s approach to securing their customers’ data against. Unfortunately, there are those who believe that the height of the security pinnacle is passing a PCI audit, and that if this can be achieved, no further spend or effort is required.
Pointing out that companies like Hannaford were, in fact, PCI compliant during the time of their breaches seems to do little to sway the proper folks.
So my approach has been to speak to PCI as if it is a baseline, rather than a high-bar.
As a follow-on to my last post… here’s the results nearly two weeks later.
So much for a green status in that project management report eh?
117,000 California Unemployment Checks In Limbo Because of State’s IT Systems Problems: “
Unemployment Systems Across The US Having Trouble
(Via IEEE Spectrum.)
© 2010 Scott… Sit down and shut up! · Proudly powered by WordPress & Green Park 2 by Cordobo.
Valid XHTML 1.0 Transitional | Valid CSS 3
