Friday, September 23, 2011

Cloud HELP NEEDED: Cloud PCI Class Trainer(s)!

Are proficient in BOTH PCI DSS compliance and cloud computing security? If yes, you can help Cloud Security Alliance as well as build your security reputation AND make some money in the process!

Here is how: a few months ago, when I was still consulting, I have created a comprehensive full-day class on PCI DSS and cloud computing. More information is here and a brief description is pasted below:

“The first ever class dedicated to assessing and implementing PCI DSS controls in cloud computing environments covers how to think of and how to do PCI DSS in various cloud computing environments. Focused primarily on people familiar with PCI DSS, it starts from the “hype-free” cloud computing facts and then delves into key scenarios where PCI DSS and clouds overlap in the real world. You will learn where to look while assessing such environments and what pitfalls and mistakes to avoid. It will also cover the shared responsibility between service providers and merchants in implementing PCI DSS controls. Specifically, we will discuss how PCI DSS Requirement 12.8 applies to various cloud scenarios.

The class would be most useful to PCI DSS QSA, organizations offering PCI DSS consulting as well as merchants planning or implementing PCI compliance.”

At this point, I am unable to teach the class due to my employment. CSA is looking for instructors to teach this class in various locations.

Please contact me offline and then will share the current class materials privately as well as explain what this work entails (and connect you to the right people at CSA).

Finally, if you are only CURIOUS about PCI and/or cloud, please save the time you'd otherwise spend typing an e-mail to me….

Saturday, September 03, 2011

Monthly Blog Round-Up – August 2011

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month.

Disclaimer: all this content was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing.

  1. The Last Blog Post!” is obviously BY FAR the most popular post in August. It announces my departure from consulting business in order to join Gartner as a Research Director with SRMS team.
  2. Top 10 Criteria for a SIEM?” is an EXAMPLE criteria list for choosing a SIEM.  Also see “On Choosing SIEM” which is about the least wrong way of choosing a SIEM tool – as well as why the right way is so unpopular.
  3. On SIEM Services” is a quick overview of services that you really should be getting with that SIEM purchase
  4. Log Management at $0 and 1hr/week?” is pretty much what it is. How to do log management under extreme budget AND time constraints?
  5. A very old post (2009), “Log Management + SIEM = ?", is about architecting SIEM together with log management.

Also see my past annual “Top Posts” - 2007, 2008, 2009, 2010).


Dr Anton Chuvakin