« Some good commentary on partial auth | Main | February 13th »

Monday, February 04, 2008

Check out Dave's blog

My OLS cohort, Dave Bergert, has initiated a blog worthy of inclusion in your RSS Reader.  Dave's working on our PABP certification, so his first couple of posts are straight to the point on that ongoing effort: one references a great piece clarifying the not-too-obvious differences beween PABP and PCI compliance; and the other discusses the changes Dave is incorporating into the jPOS-EE UI (a.k.a., eeweb3) in order to meet Section 3.1 of the PABP requirements (that's the section that deals with things like user names and password complexity). 

As background, Dave's obtained his CISSP, CISA, and CompTIA Security+ designations.  He's also a former Visa-certified QSA (Qualified Security Assessor) himself.  He's one of the few guys out there who is equally adept in both worlds:  He can build payment systems from scratch; and audit them as well.  That made him very dangerous as an auditor...if you were like this guy and had something to hide.

In short, the man for the job...and a blog well worth reading, especially given that PABP compliance has forced its way centerstage in our payment system world.

Posted by Andy Orrock on Monday, February 04, 2008 at 11:09 |

|

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

My Photo

Tools

  • Google

    The entire web
    www.andyorrock.com
AddThis Social Bookmark Button

Resources

  • Dave Bergert's blog
    Insightful payment systems thoughts by my OLS colleague, Dave Bergert, CISSP, CISA, CompTIA Security+, and former Visa-certified QSA.
  • Glenbrook Partners' Blog List
    Glenbrook Partners has compiled "a current summary of the latest content from some of our favorite payments and banking blogs based upon their RSS feeds." Alejandro, Dave and I are on the list, as are many other good info sources.
  • jPOS
    Faced with payment systems challenges? Start here to learn more about Alejandro Revilla's jPOS project.
  • Randy San Nicolas' blog
    My OLS colleague Randy San Nicolas writes about his wealth of experience in various Issuer- and Acquirer-side endeavors in his Prepaid Enterprise blog.
  • soliSYSTEMS
    My friend Roque Solis is our go-to guy for RFID, smart cards, chip cards, integrated circuit(s) cards (ICC), HSMs, cryptographic accelerators, DES and public-key cryptography.
  • Specs Online - AMEX
    American Express (Amex) puts all its acquirer specs online for public retrieval.
  • Specs Online - First Data
    First Data Merchant Services (FDMS, aka 'FDR') puts all its acquirer specs online for public retrieval. [NOTE: FDMS' spec repository is accessible only via Internet Explorer; this link will not work with Firefox or other browsers.]
Blog Widget by LinkWithin
Andy Orrock
Andy Orrock

If you're looking here...

  • Your attention to detail is a great asset. Use it wisely.