Re: Obtaining PCI Co sanction info through legal discovery

["B.K. DeLong" <bkdelong () pobox com>]

On 9/27/07, James Ritchie, CISA, QSA <james_ritchie () sbcglobal net> wrote:
>  Knowing what the PCI SSC has fined companies that are in
>  non-compliance to the DSS is really not needed.  Those that are found
>  non-compliant will have some business drivers that are going to affect
>  them.  The fines that are levied effect the business bottom line.  If
>  they have lost their processing would  severely handicapped earning
>  potentials, effect the wallet of the management, and could be driven
>  out of business.  Divulging who these companies would affect their
>  integrity and reputation if released, thus causing loss of business.

Very valid points. I'm not necessarily looking to out an organization
who has not already been the public victim of a security breach but
rather take many of the existing data loss examples in the Data Loss
Database and find out what the related PCI Co actions against the
companies were.

Yet another valuable data point - especially for other companies and
organizations that fall as merchants subject to the PCI DSS.

-- 
B.K. DeLong (K3GRN)
bkdelong () pobox com
+1.617.797.8471

http://www.wkdelong.org                    Son.
http://www.ianetsec.com                    Work.
http://www.bostonredcross.org             Volunteer.
http://www.carolingia.eastkingdom.org   Service.
http://bkdelong.livejournal.com             Play.


PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5  A62D AF61 15FF 297D 67FE

FOAF:
http://foaf.brain-stream.org
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml