Boyd interview

Tips:

Research the company

Be honest (do you want to move? not particularly)

Boyd Clewis, do it on evenings.

Know the company. Talk about recent news and developments (Boyd mentions ghost stores)


PARTICIPATING ORGANIZATION AND TRAINING FOR ISAs

-Boyd said he told the last company what that would do for the company and the training that is available. If they would become a participating organization. Research what this is. 

-Let the conversation flow, be yourself.

Elevator speech- On PCI DSS is the framework that companies that store process or transmit credit card data have to abide by annually, now they have to be compliant everyday but compliance has to be validated annually.  And if for some reason we are not compliant there are fines and penalties associated with that and we can even lose the ability to process payments and so, ultimately this framework is the framework that we can use to stay out of the news for credit card breaches, data breaches those type of things.

Q: How do you access what is in scope or not?

The way I do it, and I'm pretty hardcore with this. and I'll explain my methodology.

First of all, every year, before the assessment kicks off, SCOPING ACTIVITY. Let's review the data flow, let's review the card flow diagram, and the network diagram. let's see what changed. Then, I go a step further that I believe most IT professionals miss because they are thinking like IT guys.  I have a conversation with accounting: can you tell me if we are receiving any payments, any new merchant ids have been established, any other countries, any other business units. Has anything changed since last year?

Oftentimes, I find brand new payment applications that have been introduced that somehow bypass  security review. After understanding what we have in scope at a high level. The next thing that I do, I validate the internal firewalls that the rules have actually been implemented properly to control the actual scope. It's one thing to document on a network diagram and a system inventory that says 'this is what is in scope.' That's fine, but remember this is an assessment that we are going to go through, so you can tell me whatever you want to tell me, but I'm going to validate it. So I need you to export the firewall configurations for me. and I'll do an analysis on that. If I find any network, subnets, things that are not in my inventory, that are not in that diagram, then I got a list of questions. So once I go through that process then I get everything documented up, then I'm confident to move forward with the QSA.





Comments

Post a Comment

Popular posts from this blog

mad at today

 I wanted to throw the phone call her and yell this is not my book cover! this sucks! i hate elephants! I have to love it and then I could be proud of it forever.  but alas, what do you do. and when she said that's not a goal to my goal is 1 smoothie a day she said no a goal is lose this many pounds or get to this body fat percentage so you are saying if i dont have a scale or a body fat percentage calculator I can't have goals? Come again, you just lost one. Why do you post? i answer. She ask again, why do you post? I said, I said it already.  All the questions got me fustrated, I was irritated. Why all these questions? showed up for her this week, and Lee Smith and tomorrow wall street trapper firday cooking in the kitchen and then the hangout session I always wanted. kyle got to see my LIVE. i connected with Duke recently. But what's going on? why do i always want to help? reason i wanted to start a marketing business thing. Donnie Wiggins as all the honesty in a cup tha
Read more

Peplum

Image
       Lately I've been seeing this style everywhere.  Not only shirts:                                               but also in dresses Celebrities have caught the peplum bug as well....                   What do you think of this trend?                How would you wear it?
Read more

Hooking Up

When I was in college, there was something called 'hooking up.'  I'm not sure if people still use the term now, but back then it was an inconspicuous term. It could mean anything. When you asked your roommate, 'so what happened between you and the guy last night?'  And she would reply 'We hooked up.' It could mean anything from first base all the way up to home run.  It could mean a kiss, it could mean that they did it raw. Who knows?  You would have to ask a series of  follow-up questions to get to the bottom of what happened. I find it interesting in today's day and age the way women and men treat each other. Seems like no one wants responsibility. Where are the good men that stay until the morning and call the next day?  Where are the good women that can cook and keep a house? Does anyone know what do to after the hook up? It seems to me like our culture and hip-hop songs glamorize the temporary pleasures of sex without mentioning anything about r
Read more