The Payment Card Industry Data Security Standard: What’s new in v3.2?

I have tweeted a link to this article previously, but it worthwhile and bears repeating.  Jeff Man has done an excellent job recapping both the changes found in DSS 3.2 but also the timing implications.  This is required reading for everyone striving to maintain compliance as a merchant or service provider.

BSides San Francisco 2016 Highlights – Day Two

I am a strong supporter of BSides and am particularly sad that I am not in San Francisco participating this year.  I am also sending a shout out to Jeff Man of Tenable and his presentation.

Is cyber insurance your last line of defense?

I was fortunate enough to work with Jeff a couple of years ago while he was still at AT&T.  He was an excellent QSA and I quickly learned to value his opinion on several fronts in the realm of IT security.  I believe he is on point in this article concerning cyber insurance.  There is significant due diligence that must be performed beyond the potential check box of insurance and/or liability diversion.  Cyber insurance certainly has value, especially in terms of cost off-sets for public relations needs associated with a breach, but it is not a magic bullet.  It should be considered one tool in the cyber security tool box.