PCI 2.0: Still Compromising Controls and Compromising Security

Video thumbnail (Frame 0) Video thumbnail (Frame 3018) Video thumbnail (Frame 6909) Video thumbnail (Frame 10793) Video thumbnail (Frame 14722) Video thumbnail (Frame 22545) Video thumbnail (Frame 28949) Video thumbnail (Frame 37119) Video thumbnail (Frame 46577) Video thumbnail (Frame 58434) Video thumbnail (Frame 61954) Video thumbnail (Frame 70749) Video thumbnail (Frame 84468) Video thumbnail (Frame 97131) Video thumbnail (Frame 100327) Video thumbnail (Frame 103108) Video thumbnail (Frame 105721) Video thumbnail (Frame 108110) Video thumbnail (Frame 114174) Video thumbnail (Frame 127192) Video thumbnail (Frame 135497) Video thumbnail (Frame 148469) Video thumbnail (Frame 154228) Video thumbnail (Frame 156550) Video thumbnail (Frame 158969) Video thumbnail (Frame 161166) Video thumbnail (Frame 163842)
Video in TIB AV-Portal: PCI 2.0: Still Compromising Controls and Compromising Security

Formal Metadata

PCI 2.0: Still Compromising Controls and Compromising Security
Title of Series
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
https://www.defcon.org/images/defcon-19/dc-19-presentations/PCI-PANEL/DEFCON-19-JackDaniel-PCI-2-PANEL.pdf Building on last year's panel discussion of PCI and its impact on the world of infosec, we are back for more- including "actionable" information. Having framed the debates in the initial panel, this year we will focus on what works, what doesn't, and what we can do about it. Compliance issues in general, and PCI-DSS in particular, are driving security in many organizations. In tight financial times, limited security resources are often exhausted on the "mandatory" (compliance) at the expense of the "optional" (actual security). We will focus on the information needed to reconcile these issues, and encourage the audience to continue the discussion with us. Jack Daniel is old, and has a Unix Beard, so people mistakenly assume he knows stuff. He still makes no attempt to correct this gross misunderstanding. Jack has proven himself to be an inciteful moderator on compliance topics. He has many years of network and systems administration experience, and a bunch of letters after his name. Jack lives and breathes network security as Product Manager for Tenable. James Arlen , CISA, sometimes known as Myrcurial is a cyber-security cyber-consultant usually found in tall buildings wearing a cyber-suit, founder of the Think|Haus hackerspace, columnist at Liquidmatrix Security Digest, Infosec Geek, Hacker, Social Activist, Author, Speaker and Parent. He's been at this security game for more than 15 years and loves blinky lights and shiny things. Cyber. Joshua Corman is the Research Director for Enterprise Security at The 451 Group and founder of RuggedSoftware.org. A passionate advocate for the security practitioner, he is known for his candor, intellectual honesty, and willingness to challenge the status quo - tackling topics like his 7 Dirty Secrets of the Security Industry and Is PCI the No Child Left Behind Act for Security? Alex Hutton likes risk, critical thinking, and data. He writes for newschoolsecurity.com dub cloud.com, and Verizon's security blog. Martin McKeay is the host and author of the Network Security Blog and Podcast. He is a well known expert in the field of PCI and has worked as a QSA for over four years; he's seen the security compliance can encourage, as well as the lengths people will go to in order to avoid implementing real security. He is an advocate for PCI and compliance while recognizing it's limitation, a dichotomy that sometimes threatens his sanity. Dave Shackleford is a SANS Analyst, instructor and GIAC technical director. He has consulted with hundreds of organizations in the areas of regulatory compliance, security, and network architecture and engineering. He's worked as CSO for Configuresoft, CTO for the Center for Internet Security, and has also worked as a security architect, analyst, and manager for several Fortune 500 companies.
Term (mathematics)
Frequency Characteristic polynomial Process capability index
Metropolitan area network Schmelze <Betrieb> Curvature
Pointer (computer programming) Link (knot theory)
GUI widget Process capability index Dreizehn Information security
Curve fitting
Dew point
Dialect NP-hard Menu (computing)
Special linear group