Entries by David Gianna

NetsPWN: Assessment Services

Multi-Layer Security Revisited

David Gianna

August 23rd, 2010

Many years ago, I consulted with a non-profit agency that needed firewall remediation. They had just purchased an upgrade to the vendor's latest and greatest firewall, and needed to build a policy that met their needs.
READ POST

Security Industry

Pressure Engineering

David Gianna

August 16th, 2010

We think of the call to the help desk in the middle of the night to unlock the executive account, and the psychological pressure exerted by the attacker implying retribution if the task is not carried out immediately.
READ POST

Security Industry

Information, Data, and Holistic Protection

David Gianna

August 2nd, 2010

A dichotomy exists between information and data – and the way that information and data are discussed, stored, protected, and used. Any number of people reading this might identify themselves as working with “Information Systems” in the field of “Information …
READ POST

Compliance

What Happens When a Merchant Outsources Their e-Commerce Environment? Part I

David Gianna

April 5th, 2010

Many brick-and-mortar merchants maintain some type of e-commerce environment. For those of you experienced in management of PCI, this has obvious implications: assessment of infrastructure, firewalls, web servers, server administration, access controls, cardholder data encryption, storage, retention and transmission, database …
READ POST