Comments for In Defense of Data

Comment on Practical Risk Management – Part 2 by Today’s Links May 6, 2012 :: The Innovation of Risk

Today’s Links May 6, 2012 :: The Innovation of Risk — Sun, 06 May 2012 07:31:30 +0000

[...] Practical Risk Management – Part 2 | In Defense of Data Companies can implement best practices for practical risk framework by ensuring it offers actionable, qualitative insight, is process-focused and can be …www.indefenseofdata.com/…/practical-risk-management-–-par… [...]

Comment on Practical Risk Management – Part 1 by Practical Risk Management – Part 2 | In Defense of Data

Practical Risk Management – Part 2 | In Defense of Data — Tue, 01 May 2012 18:35:30 +0000

[...] part one of the series I explained why information security programs should include practical risk management as a key [...]

Comment on Practical Risk Management – Part 1 by Today’s Links April 1, 2012 :: The Innovation of Risk

Today’s Links April 1, 2012 :: The Innovation of Risk — Sun, 01 Apr 2012 07:33:34 +0000

[...] Practical Risk Management – Part 1 | In Defense of Data It is time for information security to leave the nest of the data center. Consumerization and the cloud in all its forms and definitions have moved critical and.www.indefenseofdata.com/…/practical-risk-management-part-… [...]

Comment on Practical Risk Management – Part 1 by Paul Tobia

Paul Tobia — Thu, 29 Mar 2012 21:05:20 +0000

Hi Shane, Thanks for your comment and the feedback!

Comment on Insider Data Theft: When Good Employees Go Bad by Data Breach Costs Rise for Australian Organisations, Reaching $2.16 Million Per Incident in 2011 | impulsegamer.com

Thu, 29 Mar 2012 09:51:40 +0000

[...] Blog Post: Insider Data Theft: When Good Employees Go Bad [...]

Comment on Practical Risk Management – Part 1 by Shane

Shane — Thu, 29 Mar 2012 01:36:15 +0000

Heya

Being able to elucidate and communicate risk is essential regardless of whether the issue is Security in the sense of Firewalls and malware, or Security in terms of information redundancy and recovery.

This has been a high priority for myself personally for more than a decade now, though I will admit that my early attempts at communication involved a significant learning curve.

Hopefully these will assist others in getting past the initial parts of that curve and well onto the path of being able to communicate the issues clearly.

Looking forward to the rest of the series

Comment on The Well-Meaning Insider: Who, Why and How by Ten Ways to Help Your Customers Get Serious About Passwords - Laptop Repair – What You Need To Know To Repair Laptops!,PC Fix | Expert Computer Repair ,Laptop Repair Help,RepairLabs

Mon, 19 Mar 2012 22:42:56 +0000

[...] address, etc are very insecure methods for choosing passwords. Cyber thiefs know that people choose paths of least resistance when making passwords and in turn exploit this very easily. Don’t merely implement [...]

Comment on The Well-Meaning Insider: Who, Why and How by Ten Ways to Help Your Customers Get Serious About Passwords » HD Network Technology Blog

Mon, 19 Mar 2012 14:54:10 +0000

Comment on The Well-Meaning Insider: Who, Why and How by Y.L. PC Repairs and Services » Ten Ways to Help Your Customers Get Serious About Passwords

Mon, 19 Mar 2012 06:32:50 +0000

Comment on Addressing “Requirement 0” – Finding Cardholder Data by Michael Garvin

Michael Garvin — Fri, 09 Mar 2012 18:47:09 +0000

Miguel, thanks for your question. As with any consideration of scope and PCI DSS compliance you should talk with your QSA, acquirer and/or card brand(s) about the specifics of your environment, but I can offer the following. You are correct – by having full PAN the file and procedure would be part of the CDE and in scope for PCI DSS compliance. As you pointed out this would not necessarily be considered in scope, however, if (a) appropriately truncated cardholder data was used, and (b) appropriate segmentation existed between these and the source of the truncated data.