Insecure Magazine issue 27 is available [pdf].

This is a shorter issue, and I honestly didn’t really take much away from it, but I did enjoy the article Payment Card Security: Risk and Control Assessments (pg 44). Specifically, I liked reading about FMEA (Failure Mode and Effects Analysis) and basically the rest of the article after that.

FMEA isn’t necessarily groundbreaking (you’re still pulling numbers out of the air), but I’d never heard of it before and I liked seeing a quick summary of bullet items to fill in for it.

The Preventative/Detective controls and Guidelines for Risk Mitigation mentioned later are collectively just a way to summarize PCI DSS requirements, but is worded much better.