Information security centric blog. Covering administrative, technical and governance security issues. Topics include compliance, microsoft windows, apple osx, solaris, unix and linux technical how-to. Discussions regarding penetration testing, security assessments, and security controls. Opinions related to PCI-DSS, NERC, FERC ISO27000 and other compliance related themes.
In new guidance offered by the PCI Security Standards Council, a checklist has been provided to assist organizations with focusing on the important issues first, and spending time where the greatest risks exist. This is very useful for organizations with limited funding and resources.