Security, Security, Security: or PCI and PA-DSS on the mind
For those who have not been there, the inline photo is of the pool in Glenwood Springs, CO. Simply lovely (particularly at night) and surrounded by a veritable treasure trove of odd little restaurants and stores. Merchants that would be classified, by even the most aggressive ISO attempting to bolster rates, as level 4 make up a fair portion of the Glenwood economy.
That is, I suppose, the reason that I spent much of the trip thinking about security. Yes, I am that guy.
In fact, I was so intrigued by the “actualizing” of the concept of the applicability of security standards to the littlest of merchants that I spent some time discussing security with a few of the locals. Yes, I am also that guy.
The response was, as you can imagine, mostly bewilderment. The conversations ranged from “PCI. What the *insert colorful language* is that?” to “I never had a problem before. No one takes the card impressions I store under the counter.” To be fair, there was one outlier that actually referred me to a manager to discuss their information security policy and protections they had in place. It was my impression the owner spent some time in the InfoSec space with the government prior to opening an establishment.
All told, the discussions were compelling enough that I’m going to spend a fair amount of time discussing the topic of security on the blog for the next week or two. In particular, I’m going to focus on industry trends, methods of alleviating the compliance burden, and random observations about security in general.
With that said, I encourage you to add a few blogs to your blogroll (at least if you are as intrigued by the topic as I). They appear below in no particular order:
If you have other blogs to recommend, I would appreciate the advice.
What’s your perspective? Agree? Disagree? Anything to add? Critiques? The comment form is below. . .
November 7, 2008