Ken Smith is an experienced strategic information security consultant and architect that enjoys solving interesting information protection challenges. CISSP CISA GCIH QSA. Views and opinions are mine and only mine.
As I mentioned in a recent post, I'll be at the eGRC Conference in Portland Maine June 12 - 14 in Portland Maine. I just got word that there are just 7 seats left!
Get your >DISCOUNT REGISTRATION CODE HERE<
Session 1: PCI - Precarious, Contextless, and Inconsistent
For years the payment card brands have been trying to shore up the security posture of their merchants by enforcing the requirements we all know as the Payment Card Industry Data Security Standard. It's a great idea, but the execution of this plan has been less than ideal and leaves many organizations focusing on the wrong thing when it comes to risk management.
Many organizations are more afraid of Auditors than they are of Attackers, and this should not be the case. Time and money have been wasted with limited return on investment and little to show in the area of risk reduction. In this talk, Ken will discuss some of the problems with the PCI ecosystem that result in wasted time and money, bad QSAs, and the dangers of an exclusive focus on being 'compliant.' We will also discuss how to address some of these challenges and the best ways for your organization to deal with the expectations of the PCI DSS standard.
Session 2: Mobile Devices: Keep Your Data Moving With You, Not Away From You
(For this session I'm co-presenting with Andy Robinson)
In this session we will discuss how to utilize mobile devices to empower your organization while maintaining security and regulatory compliance. By 'mobile devices,' we refer to 'smart phones,' tablets, and laptop and notebook computers. Concerns over the security of mobile devices echo those over wireless networking 5-10 years ago, and the Internet 12-20 years ago. Mobile devices are the latest evolution in a trend toward continuous, global connectivity. This session will address the three links in the mobile device security chain: the device itself, the communications channel (3G, 4G, WiFi, etc.), and the repository (whether that be a server on your network or in the cloud), and how appropriate controls placed at each of those links can substantially reduce the perceived risk of mobile devices.
Event info:
EGRC is an attendee-driven educational conference. The content, speakers, and format of the conference is determined by attendee needs and feedback. EGRC offers the same outstanding value as the CISB and EITC conferences: between 2003 and 2011, the CISB and EITC conferences received an average attendee rating of 4.85 out of 5 for value, educational content, location, venue, and speaker quality.
The main event site is here: http://www.nmi.net/EGRChome.html
To get your discount registration code (10% off) go here:
http://www.greenpages.com/news-events/events-webinars/egrc-conference/
If you closely review your card statements and need to track receipts for expenses then you may have experienced this first hand. The scam is that the wait staff adjusts the tip and the total amount of your check by making small "additions" to your writing after you leave. This has happened to me more than once. I had someone at a restaurant in Fort Worth do this for an additional 50 cents. Seriously.
A while back I wrote about tips on protecting your payment card when making retail purchases. Check them out and let me know if you find them helpful.
Please check it out and let me know what you think. Also, we are looking for more topics/questions to answer on Cloud CORNER.
I got to check this bike out tonight. If you would like to see it for yourself, it's at Old Time Sports at the North Shore Mall in Peabody MA.
