just returned from the Payment Card Industry's 2008 Members Council Meeting in Orlando, Florida. We had a blast despite the mood being somewhat dampened as a result of the uncertainty of the global financial markets (heartfelt thanks to those wise souls who've been living outside of their means and taking undue personal and commercial financial risk...). Anyhew, I met so many interesting people from both merchants and from the card brands like Visa, MasterCard, American Express, Discover & JCB International Co., Ltd.

I was one of the 650 attendees at the recent annual North American PCI Community Meeting. Held at the Omni Champions Gate resort in Orlando, it was great to speak with many of the merchants, banks and service providers in attendance about the challenges they are facing.

As Stewart Brand once said "Once a new technology rolls over you, if you're not part of the steamroller, you're part of the road". I think this quote describes perfectly the role in which IT departments are playing in implementing security programs, specifically those attributed to the NERC Cyber Security Standards...

October's here, and you can't escape the coming onslaught of Halloween. Children (and quite a few adults) dressed up as vampires, ghosts, goblins and other scary creatures, going around asking people for treats and threatening them with tricks if they don't provide them. A cynical person might boil it down to a a combination of scare tactics and extortion. So what does this have to do with IT security and compliance? Unfortunately, the way security and compliance professionals have traditonally gone about obtaining funds and resources for tools and projects necessary to do their jobs all too closely parallels what happens on Halloween. We frequently use scare tactics such as new threats (the trick) to get management to cough up the funding and resources (the treats) we need to accomplish what we view as our jobs...

The Institute of Applied Network Security released a case study on the implementation of RSA enVision at the Depository Trust Clearing Corporation (DTCC). DTCC is an organization that acts as the back end for Wall Street, processing $1.8 quadrillion in securities transactions in 2007, and thus an essential component in our economy.

Last week I took a trip out to our Executive Briefing Centre in Cork, Ireland. I was there to present to senior IT folk from pretty much all of the UK’s Police Forces as part of a two-day agenda that had been lined up for them by my colleagues from many of EMC’s lines-of-business.

I guess there are few other organisations where the lines between physical and virtual security are brought so sharply into focus than in one where you are dealing – first-hand – with criminals in the way that our police officers must every day of their working lives.

During our conversations we mused on various aspects of keeping information secure in such a fluid and volatile environment...

Speaking of Security co-host, Amanda VanVeen, introduces a new video featuring RSA President, Art Coviello. Art covers new IDC research on the topic of security and business innovation. Forward-thinking security leaders are driving tighter linkages between innovation goals and security strategies.

Today RSA, The Security Division of EMC, released the latest research and insights from IDC and the Security for Business Innovation Council on the relationship – and disconnect – between security and business innovation. The IDC report centers on the fact that 80 percent of organizations worldwide confirm that security fears are indeed responsible for stifling business innovation.

IDC also found that although 80 percent of CEOs believe their security teams are being held formally accountable for their contributions to business growth and innovation, only 44 percent of security leaders believe they are being measured on their contributions to innovation. This finding points to a surprising lack of alignment between the expectations of C-level management and the priorities of security professionals...