Syndicated Blog

This is a post I never thought I would write. That I never thought I would have to write. Let me start with a quote from the CISSP Code of EthicsCode of ...

Usually, when we write about risk management, we talk about money. Lots of risk has to do with money, so that makes sense. But there's something lost, as well. This occurred to ...

In Part II of my PCI series, I listed the criticisms of the PCI DSS I’ve heard to date and asked for readers to add to the list. Nothing’s been added to ...

We’ve covered how management uses policies to govern an undertaking, whether that’s a business, a household, or one’s career. Today we’ll continue the Governance series with a look at standards and how ...

Having given a very brief explanation of the PCI DSS standard and how the credit card industry manages it’s risk by requiring merchants who want to use credit cards adhere to it, ...

DisclosureI am certified as a Payment Card Industry (PCI) Qualified Security Assesor (QSA). I am frequently paid to perform PCI audits, to advise people on how to fill out their Self Assessment ...

Last week, we looked at risk mitigation. If you do something to reduce your vulnerability to a threat, or the impact of that threat, the risk goes down. Your personal firewall, your ...

Last week, I started talking about risk management by talking about how it relates to something as mundane as forgetting your car keys. I’m going to stick with that analogy as we ...

In Part 2, we discussed the Missions, Visions, and Charters, which define a task, lay out an overall strategy for accomplishing that task, and authorize someone to do it. Today, we’ll discuss ...

I was going continue the governance series today by writing about policies, but I had the idea to use my last few days to show how theory turns into practice. In particular, ...