Jan 09 2009
PCI related blogging
I recently asked on Twitter for names of blogs/bloggers who covered the Payment Card Industry and found a few new blogs thanks to the replies. I started a list that came to a little under a dozen sites who cover PCI fairly regularly. Well, my little list is blown away by a list of banking and payments blogs over at Payments News.com. A lot of the sites they list don’t cover PCI, but the majority of them at least hit on it from time to time.
Here’s a link to their list and mine:
- Payments News: Updates from other banking and payments blogs.
- PCI Answers – A good place to start
- Michael Farnum, An Information Security Place – Watch out, Michael works for a competitor
- Anton Chuvakin, Security Warrior – Also works for a competitor
- Ron Gula, Tenable Security – In depth discussion of how his products can help with compliance
- David Bergert, Payment Systems Blog
- BrainTree Payment Solutions – This one’s new to me
- Update: Walter Conway suggests I add the Treasury Institute for Higher Education. I’ve had Walter’s work pointed out to me before.
- Update 2: A couple more suggestions, Perimeter eSecurity and Trey Ford – Security Spin Control
- Update 3: Chris Hayes sometimes writes about PCI at Risktical Ramblings
- Update 4: Payment Card Security & IT Controls Explained, PCI DSS Compliance Blog, Branden William’s Security Convergence and Storefront Backtalk,
And to finish it off, here’s a good article about how to choose a PCI DSS QSA auditor. James DeLuccia is basically telling potential clients to slow down and set some ground rules with the auditor and the company before you sign any paperwork. Be certain you understand exactly what you’re getting and what you’re not getting with a particular auditor or company. This article does assume you’re working in a company that’s big enough to have a separate Internal Audit department, but most of the lessons can scale down to a company with a security staff of one.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
You might also add the PCI News and Information blog at the Treasury Institute for Higher Education: http://www.treasuryinstitute.org/blog. While focused on Higher Education, it covers issues of interest to many merchants and vendors.
Kevin Prince at Perimeter eSecurity exclusively writes their blog. It covers all network security issues, but he does talk about PCI every so often. http://www.perimeterusa.com/perimeterblog.html
You may consider adding my blog, “Trey Ford – Security Spin Control” . You’ll find all sorts of banter from AppSec and Compliance, to Risk and Business, with some occasional other banter- and probably a higher PCI volume than I want to admit.
I often blog on PCI compliance. My thoughts are more from a merchant perspective.
Martin, thanks for putting up this list. The more info the better.
Martin,
I know that this is from a competitor of your day job employer but I find it helpful…
http://blogs.verisign.com/securityconvergence/
Cheers,
Martin
[...] McKeay also has a list of PCI related blogs. Please let me know if you have others that should be on the list. The goal here is to [...]
Great blog, Martin, and a great list, too, of other PCI-related blogs. Would you be willing to add ours to that list? It can be found at: http://blog.elementps.com
Thanks.
Thank you for the mention, Martin.
http://www.braintreepaymentsolutions.com/search/tag?tag=PCI%20DSS%20Compliance