If you deal with security and especially credit cards it’s worth spending an hour or two to read the 2014 Data Breach Investigation Report and the 2014 PCI Compliance Report. Lots of interesting stuff in them. The PCI report in particular calls out some of the changes in DSS v3 – I promise some of […]Read more "Verizon PCI and Data Breach Investigation Reports"
Over the past week there has been information finally coming out about how the Target breach occurred. This write up in Wired and another by Brian Krebs point back to a compromise in the Point of Sale (POS) system by malware that does ‘memory scraping’. Interesting. Typically POS devices are assumed and certified to be […]Read more "More On The Target Breach"
Possibly as many as forty million credit cards used at Target were compromised. A staggering breach and a cautionary tale – anyone can get beat, even a mega corp with close to unlimited resources. My guess (no inside scoop) is that the Target IT team has had their world turned upside down –they failed (directly […]Read more "Some Thoughts on the Target Breach"
I’ll be presenting PCI for the SQL DBA today at 1 pm EST for the PASS Security Virtual Chapter. Depending on where you live you can take an early, on time, or late lunch to join me for an hour. It’s an interesting topic!Read more "Learn About PCI Today"
I’ll be doing my PCI for the SQL DBA presentation on August 8th at 1 pm Eastern for the PASS Security Virtual Chapter. Visit the chapter page for more info, or you can register directly for the webinar. Hope you’ll attend!Read more "Presenting PCI for the SQL DBA on August 8, 2013"
I’m leaving mid-morning today to drive to Cocoa with my family for a beach weekend and SQLSaturday #231. I’ll be presenting PCI for the SQL DBA and I’m really looking forward to it. I did a virtual presentation of it earlier this month and it ran long, so I’ve made some adjustments and can’t wait […]Read more "Headed to Cocoa for SQLSaturday #231"
I’ll try to write more about these over the next couple months, but I wanted to write down a quick reference for those that have to deal with storing credit card numbers. These rules cover the basics – the full topic of protecting card data is easily a book or two. These are my rules, […]Read more "The SQLAndy Rules for Storing Credit Card Numbers"
Next week I’ll be doing a new presentation about PCI compliance – aka dealing with credit cards – online (follow this link for free registration). My goal is to put PCI in perspective for DBA’s, starting with a quick overview of what PCI is, then discussing how audits work, and then some information about what […]Read more "PCI Compliance Presentation on July 17, 2013"
I’ll be attending the very first SQLSaturday held in Cocoa Beach on July 27, 2013, and doing a brand new presentation, PCI for the SQL DBA. If you store, plan to store, or think you might some day store credit card information come spend an hour with me. I’ll try to talk you out of […]Read more "Presenting at SQLSaturday #231 in Cocoa Beach"