OK - so I’m not very ‘with-it’ apparently and didn’t really know what Squidoo was, but someone explained it to me and then convinced me to put up a PA-DSS compliance ‘lens’ on Squidoo.  If you aren’t familiar with the site, it’s a collection of mini websites each of which provides some background, insight, education, whatever on specific topics as defined by the builder.  In this case it’s some overview information on basic PA-DSS compliance and a centralized location for PA-DSS feeds and search results that keeps itself up-to-date without …

This morning I had an interesting thought - I want to offer up something to anyone that is reading this blog and may have some questions regarding the Payment Application Data Security Standard (PA-DSS.) 
This is an invitation to a ‘passive PA-DSS Q&A session’.  The reason I am calling this ‘passive’ is that this is not going to be a live session - if you have questions regarding the PA-DSS, what certain requirements mean, or how your particular situation affects it’s applicability to you, post it in the comments and …

Much of the time, particularly in the retail / hospitality space, compliance is driving security efforts.  I tend to have a problem with security via compliance as it tends to result in an approach that is far too narrow for the overall security of the organization.  I understand the importance of PCI compliance and the need to become and remain compliant (obviously), but I also think that the whole cliche, ‘missing the forest for the trees’, applies really well to a security team that is chasing compliance rather than building …