PaulDotCom mailing list archives
Re: PCI Question
From: Jason Wood <tadaka () gmail com>
Date: Tue, 11 Jan 2011 15:03:00 -0700
I would imagine that those who already do vulnerability scans and penetration tests get requests for PCI scans from their current customers. As long as you don't hate PCI and refuse to be a part of it, whether or not to do it is probably straight forward. Are you able to provide a quality service? (A quick gut check for any service) Is not being an ASV interfering with your ability to provide for your customer's needs? Does the possible income from the scans make it worth the hassle and cost of getting approved and maintaining qualification? Pros -------- - You don't have to walk away from customer's who want to use your services because you're not an ASV. - PCI requires quarterly scans, so vendors can have a steady revenue flow as long as they do good work. - A visible third party has checked out your company and put their seal of approval on you. A little reputation boost that might help with work unrelated to PCI. Cons --------- - The hassle of getting approved by PCI Council, including any costs associated with the process - Being subject to a third party telling you how to do a scan, whether you agree with that or not. - Possible increase in insurance costs. Jason On Tue, Jan 11, 2011 at 11:43 AM, John Strand <strandjs () gmail com> wrote:
To be on the PCI Approved Scanning Vendors, or not.... https://www.pcisecuritystandards.org/approved_companies_providers/approved_scanning_vendors.php Love to get all of your thoughts on this. John _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- irc: Tadaka Twitter: Jason_Wood jwnetworkconsulting.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- PCI Question John Strand (Jan 11)
- Re: PCI Question Ron Gula (Jan 11)
- Re: PCI Question Joel Gunderson (Jan 11)
- Re: PCI Question Mike Patterson (Jan 11)
- Re: PCI Question Jason Wood (Jan 11)
- Re: PCI Question Ralph Durkee (Jan 11)
- Re: PCI Question Jason Wood (Jan 11)