This piece was originally published with the Advanced Persistent Security Blog here My CISSP Success Story LAYING THE FOUNDATION I have worked very hard for every academic success I have achieved. For some people, excelling at school work and acing exams came easy to them, sometimes with little to no preparation on their part. But, … Continue reading My CISSP Success Story
Book Review: The Book of Five Rings
One thing I have noticed about great leaders, regardless of their industry or occupation, is that they are voracious readers. I am not great, but I am constantly working to get better. I started to get into audio-books for my long drives and runs, but I had a hard time keeping track of notable quotes … Continue reading Book Review: The Book of Five Rings
Vendor Management in the Spotlight
What’s with the scrutiny? Anyone that has undergone any sort of audit knows that your Vendor Management process is going to come up. Why do these pesky auditors keep asking these questions? What does it matter what sort of monitoring we perform? Why do we need a formal process to review contracts for specific clauses? … Continue reading Vendor Management in the Spotlight
New PCI MFA Guidance
On February 9, 2017 the PCI SSC released a new Information Supplement Multi-Factor Authentication with the intent to aid Organizations in meeting Requirement 8.3. One interesting quote in the document’s Overview: While PCI DSS Requirement 8.3 does not currently require organizations to validate their MFA implementation to all the principles described in this guidance document, these principles may … Continue reading New PCI MFA Guidance
PCI Scoping Guidance
Back on Friday December 9, 2016, the Payment Card Industry Security Standards Council (PCI SSC) released a new Information Supplement Guidance for PCI DSS Scoping and Network Segmentation. The purpose of this Supplement was to provide some clarification on how an Organization can implement network segmentation controls to minimize the scope of systems covered by … Continue reading PCI Scoping Guidance
The Personal Blog of Sean Goodwin 