BreachExchange mailing list archives
Re: Best Western Response
From: "Jamie C. Pole" <jpole () jcpa com>
Date: Tue, 26 Aug 2008 17:33:50 -0400
When the standard doesn't reflect the reality of the situation, I would argue that credit card processors are FAR better off having a real security assessment done by competent consultant resources, rather than have automated tools run by "certified" individuals that don't have the knowledge to interpret the results. I agree that something is better than nothing, but the PCI DSS program gives nothing but a false sense of security. The processors should be made to very clearly understand that PCI compliance is only meaningful to the PCI people - it does not reflect whether or not the environment can be breached in the real world. I have yet to see a PCI DSS certified environment that would allow me to sleep at night if I was responsible for it. Jamie On Aug 26, 2008, at 5:28 PM, Michael Hill, CITRMS wrote:
No matter what anybody or any government or industry puts together, there is no perfect system/solution. But taking reasonable steps to safeguard the data compared to NOT doing anything should count for something. Michael Hill Certified Identity Theft Risk Management Specialist www.idtheft101.net 404-216-3751 INFORMATION SECURITY | RISK MANAGEMENT | COMPLIANCE | FORENSICS | TRAINING "If You Think You're Not At Risk, Think Again!"
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Best Western Response jkouns (Aug 24)
- Re: Best Western Response Domonick T. Weaver (Aug 25)
- <Possible follow-ups>
- Re: Best Western Response *Hobbit* (Aug 25)
- Re: Best Western Response Tom Mahoney (Aug 25)
- Re: Best Western Response macwheel99 (Aug 26)
- Re: Best Western Response Harris, Michael C. (Aug 26)
- Re: Best Western Response DAIL, WILLARD A (Aug 26)
- Re: Best Western Response Jamie C. Pole (Aug 26)
- Re: Best Western Response security curmudgeon (Aug 26)
- Re: Best Western Response Michael Hill, CITRMS (Aug 26)
- Re: Best Western Response Jamie C. Pole (Aug 26)
- Re: Best Western Response Daniel Clemens (Aug 26)
- Re: Best Western Response Jamie C. Pole (Aug 26)
- Re: Best Western Response security curmudgeon (Aug 26)
- Re: Best Western Response Jeffrey Walton (Aug 26)