Firewall Wizards mailing list archives
Re: PCI DSS & Firewalls
From: Brian Loe <knobdy () gmail com>
Date: Sun, 5 Apr 2009 00:50:06 -0500
On Fri, Apr 3, 2009 at 3:36 PM, Paul Melson <pmelson () gmail com> wrote:
At the end of the day, offensive security (scanning, pen-testing, auditing, etc.) is testing. And some testing is ALWAYS better than no testing. Show me a company that doesn't require testing before moving a system into production and I'll show you a company that can afford lots of downtime.
And I'll show you every company I've ever worked for - including the one that's handling your prescriptions and likely the one handling your 401k. Then again, I guess it depends on what you call testing. If it means "it turns on, given expected input it returns expected output" then never mind - you're "safe". Otherwise you're living as big of a make believe world as Marcus. And as everyone knows I'm quite the realist! Then again I'm also the manager who, while trying to get an updated security program approved by the "IT Steering Committee", removed the part about certification and accreditation for new systems because, frankly, if you're our size it's stupid and overly costly. What I would VERY MUCH LIKE is a "checklist" like the first set of instructions I got for (well, it's late and I can't remember the acronym - and it's since been changed anyway - DoD crap).... I prefer a standard tell me EXACTLY what it want as a minimum and then my midldle management idiot self can busy myself doing BETTER than that standard... _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: PCI DSS & Firewalls, (continued)
- Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
- Re: PCI DSS & Firewalls david (Apr 02)
- Re: PCI DSS & Firewalls Chris Blask (Apr 02)
- Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
- Re: PCI DSS & Firewalls Jim Seymour (Apr 02)
- Re: PCI DSS & Firewalls Chris Blask (Apr 02)
- Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
- Re: PCI DSS & Firewalls Jim Seymour (Apr 02)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
- Re: PCI DSS & Firewalls Paul Melson (Apr 03)
- Re: PCI DSS & Firewalls Brian Loe (Apr 05)
- Re: PCI DSS & Firewalls miedaner (Apr 05)
- Re: PCI DSS & Firewalls Mark (Apr 06)
- Re: PCI DSS & Firewalls Brian Loe (Apr 06)
- Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
- Re: PCI DSS & Firewalls Chris Blask (Apr 02)
- Re: PCI DSS & Firewalls ArkanoiD (Apr 10)
- Re: PCI DSS & Firewalls Frank Knobbe (Apr 02)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
- Re: PCI DSS & Firewalls AMuse (Apr 02)
- Re: PCI DSS & Firewalls Darden, Patrick S. (Apr 02)