Thursday, November 15, 2012

PCI Compliance Book Giveaway!

OK folks, our PCI Compliance book has been out for a couple of months now, and Branden & I thought it would be fun to give a way a couple of copies with a contest! We have assembled a group of three independent judges that will take a whittled down list and pick winners for each competition. The winner will receive a free, signed copy of the book!

So, on to the first contest.

Our book attempts to draw a middle line between the black & white “audit” style of looking at PCI DSS and the loosey-goosey anything goes view. We want to take a compliance-friendly, practitioners line. But we’ve all been in those meetings when you look at a particular defense of a control (or lack thereof) and you can’t help but laugh a little bit on the ridiculous nature of what was presented.

So our first challenge to you, in the comments below, please tell us about your MOST HILARIOUS PCI FAIL.

You’ve got a week (until the end of Wednesday, November 21st), and we will announce the winners after the US Thanksgiving holiday!

It doesn’t matter if you comment here or on Branden’s blog, we will capture all of them.

Thursday, November 01, 2012

Monthly Blog Round-Up – October 2012

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:
  1. Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version, and, yes, I know it needs another update)
  2. On Choosing SIEM” is another old classic (from 2010) that shows up on my top list; it covers some tips on  choosing SIEM tools.
  3. Top 10 Criteria for a SIEM?” came from one of my last projects I did when running my SIEM consulting firm in 2009-2011.
  4. My PCI DSS Log Review series is popular as well. It actually needs no introduction.
  5. SIEM use cases (however they are defined) seem to be on a lot of minds and so “SIEM Bloggables” post (and this one too) is on my top list.

In addition, I’d like to draw your attention to a few posts from my Gartner blog:

Current DLP research:

Recent SIEM research:

Also see my past monthly and annual “Top Posts” – 2007, 2008, 2009, 2010, 2011.

Disclaimer: all content at SecurityWarrior blog was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

Previous post in this endless series:

Dr Anton Chuvakin