Information security centric blog. Covering administrative, technical and governance security issues. Topics include compliance, microsoft windows, apple osx, solaris, unix and linux technical how-to. Discussions regarding penetration testing, security assessments, and security controls. Opinions related to PCI-DSS, NERC, FERC ISO27000 and other compliance related themes.
In a recent ISSA published article David Navetta has shared some excellent insight on the scope of PCI Compliance and some of the true risks to managing and delivering on its requirements. You can find the paper here.