http://www.cutawaysecurity.com/blog/archives/427 Cutaway's Observations, Opinions, Rants, Raves, Tantrums, and Tirades Wed, 02 Jun 2010 22:30:56 +0000 http://wordpress.org/?v=2.9.2 hourly 1 http://www.cutawaysecurity.com/blog/archives/427/comment-page-1#comment-31085 Security Ripcord » Blog Archive » Canary in the Spam Mine Wed, 11 Feb 2009 05:55:15 +0000 http://www.cutawaysecurity.com/blog/?p=427#comment-31085 [...] Recent Comments Sandro Süffert on Leasons from GSP vs. BJ UFC FightDanny on Canceling Monster.comSecurity Ripcord » Blog Archive » Canceling Monster.com on Education and CertificationsSecurity Ripcord » Blog Archive » Canceling Monster.com on Cutaway Security LinkedInPCI-DSS Is Not About “Security by Obscurity” « Risktical Ramblings on Root Cause and Following Actions [...] [...] Recent Comments Sandro Süffert on Leasons from GSP vs. BJ UFC FightDanny on Canceling Monster.comSecurity Ripcord » Blog Archive » Canceling Monster.com on Education and CertificationsSecurity Ripcord » Blog Archive » Canceling Monster.com on Cutaway Security LinkedInPCI-DSS Is Not About “Security by Obscurity” « Risktical Ramblings on Root Cause and Following Actions [...]

]]> http://www.cutawaysecurity.com/blog/archives/427/comment-page-1#comment-31078 PCI-DSS Is Not About “Security by Obscurity” « Risktical Ramblings Sat, 24 Jan 2009 16:27:43 +0000 http://www.cutawaysecurity.com/blog/?p=427#comment-31078 [...] cause analysis” (RCA) in cases of payment card related events and or incidents (read blog post by Don C. Weber – “get [...] [...] cause analysis” (RCA) in cases of payment card related events and or incidents (read blog post by Don C. Weber – “get [...]

]]> http://www.cutawaysecurity.com/blog/archives/427/comment-page-1#comment-31076 Chris Hayes Sat, 24 Jan 2009 13:50:09 +0000 http://www.cutawaysecurity.com/blog/?p=427#comment-31076 I hope this does not distract from the spirit of your post, but your thoughts are applicable when it comes to some of the PCI requirements. Of course, there is the aspect of validating that the detect and response controls are effective - but the spirit of the "detect and respond"-related PCI requirement security controls are to facilitate RCA and hopefully minimize exposure. I hope this does not distract from the spirit of your post, but your thoughts are applicable when it comes to some of the PCI requirements. Of course, there is the aspect of validating that the detect and response controls are effective – but the spirit of the “detect and respond”-related PCI requirement security controls are to facilitate RCA and hopefully minimize exposure.

]]>