Re: Feds seek to nab credit card thieves in La., Miss.

["Paul Ferguson" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -- macwheel99 () wowway com wrote:

> A company can buy some computer system and not install, or manage, it 
properly.
I am more interested in whether they had any PCI audits or other security 
audits, and what if anything the audits had to say about their state of 
security preparedness.
> Here's what went wrong at TJX Max (click on preview to see document filed
> by  
5/3 bank auditor AFTER the mess.) http://www.box.net/shared/ieae3qfqj9
> This is quite an eye-opener ... they had perfectly good computer systems,
>  
but at some level of company leadership, there was no conception of their 
security responsibilities, what it meant to be PCI compliant.
>

It was my understanding that (according to Evan Schuman at
StorefrontBacktalk):

"...Visa knew of the extensive security problems at TJX but decided to give
the retailer permission to remain non-compliant through Dec. 31, 2008,
according to documents filed in federal court Thursday."

http://storefrontbacktalk.com/story/110907visaletter

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFIqjrPq1pz9mNUZTMRAqdoAKDpV5otrGpjHtgAS+JhRfj9oE1IKACg5+PE
/MG2rjpCo5fDWheWt8yvjVY=
=E1p1
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml