January 2009
6 posts
A BRIEF ARGUMENT FOR PCI DSS (OR ALEX’S 5S’S FOR... →
real quick: It might be worth noting that I wrote this the weekend before Heartland was announced.
So I was reading this excellent article on Taiichi Ohno and the Toyota Production System over…
The Source of PCI DSS “Failure” →
This is somewhat of a follow up from my post on changing our attitude towards how we might best protect consumers that use credit cards.
In FAIR, there are three types of contact that drive the…
Maturity & Measurement Redux →
My friend Mike Rothman had some fun things to say about this post I made last year in his recent insight. Love ya Mike, but I have to respond in kind.
“I’ve used the saying, “when all you have…
Using The Compliance Stick Actually Weakens You →
Anton is the “PCI Guy” (sorry, not sure of his real title) at Qualys. If you haven’t seen them yet, he’s got some pretty ranty posts about PCI up. Which are awesome. In his most recent post he…
A Couple of Links on Risk & Decision Making →
First, I wanted to point you over to Chris’ Risktical blog. He’ll be doing a FAIR analysis over there that looks interesting. It’s nice that Chris is dedicating his time on this, given the…
Thoughts on ISO 27005 →
First, many readers sent us the New York Times/Slashdot “Risk Management” link. Thank you!
The beginning of a reasoned response was written by Aleks on Andrew Gelman’s blog (…