Friday, June 7, 2013

Exam Resources - LinkedIn groups

Nothing like having access to a few gurus to ask questions of ...

I found a few groups in LinkedIn relating to PCIP

I do have access to an ISA (and a highly regarded one at that) where I work, but this could provide additional interpretations ...

Exam Resources - Other PCI blogs and sites

Need some more info? 

Here's a couple PCI sites that I found on the net:


BusinessWeek Exchange Blog (beta?) 

This site seems to pull in articles from all over the place.  Includes current events


PCI Compliance Blog

This is a vendor site and includes a lot of information.  Editors of the blog are:

Sean Kramer | President and CEO, Element Payment Services
Jeff Gross | Director of Business Integration, Element Payment Services

Study Material - Three factors of authentication

This was brought up in the seminar I attended but I didn't take detailed notes thinking it probably was not that important.

Then I came across the same material in a COMPTIA Security+ manual I bought for my Kindle Fire.

Must be of value, or at least a baseline concept ...

Any one of these three factors could be used, but sometimes they are combined:

1)  Something you know

Usually a password, user name or PIN.
This is considered to be the least secure authentication factor
Passwords should be STRONG - use special characters, numbers and letters and be at least 8 characters long.
Don't write these down.  Everybody knows this but that doesn't seem to matter.
And don't share your password either.

2)  Something you have

This is something physical, meaning that "you can hit it with a hammer".
Or something physical could mean that it is something in your pocket ...
"It isn't fair, my precious, is it, to ask us what it's got in it's nassty little pocketsess?"

Sorry, got a bit carried away there with my Gollum impersonation.

Actual examples would be key fobs and smart cards

Both these devices require an appropriate reader.

Handwriting analysis/matching could be another option.

3)  Something you are

This is the strongest form of authentication.
This includes retinal (eye) scans and fingerprint scans
Check out this fingerprint reader on

 GetConnected show you how to use it

4)  Something you eat

Actually I just made this up to amuse myself.
Besides, there are only three factors, not four.