BreachExchange mailing list archives
Re: Obtaining PCI Co sanction info through legal discovery
From: "B.K. DeLong" <bkdelong () pobox com>
Date: Thu, 27 Sep 2007 16:50:15 -0400
On 9/27/07, James Ritchie, CISA, QSA <james_ritchie () sbcglobal net> wrote:
Knowing what the PCI SSC has fined companies that are in non-compliance to the DSS is really not needed. Those that are found non-compliant will have some business drivers that are going to affect them. The fines that are levied effect the business bottom line. If they have lost their processing would severely handicapped earning potentials, effect the wallet of the management, and could be driven out of business. Divulging who these companies would affect their integrity and reputation if released, thus causing loss of business.
Very valid points. I'm not necessarily looking to out an organization who has not already been the public victim of a security breach but rather take many of the existing data loss examples in the Data Loss Database and find out what the related PCI Co actions against the companies were. Yet another valuable data point - especially for other companies and organizations that fall as merchants subject to the PCI DSS. -- B.K. DeLong (K3GRN) bkdelong () pobox com +1.617.797.8471 http://www.wkdelong.org Son. http://www.ianetsec.com Work. http://www.bostonredcross.org Volunteer. http://www.carolingia.eastkingdom.org Service. http://bkdelong.livejournal.com Play. PGP Fingerprint: 38D4 D4D4 5819 8667 DFD5 A62D AF61 15FF 297D 67FE FOAF: http://foaf.brain-stream.org _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Obtaining PCI Co sanction info through legal discovery B.K. DeLong (Sep 27)
- Message not available
- Re: Obtaining PCI Co sanction info through legal discovery B.K. DeLong (Sep 27)
- Message not available