RE: PCIDS Standard

["Roger A. Grimes" <roger () banneretcs com>]

> They have given everyone a very short time frame to play with and they
also expect you to get a company like Verisign to >peform an external
audit (port scan) plus a few other tasks, again, depending on the amount
of monthy transactions you >make.

The standard has been published in draft and near final form for a long
time.  It certainly isn't a surprise.

> As this is a ass covering exercise on mastercards behalf, you will only
have problems if your company is comprismised and >card info is
taken.Then mastercard will expect you to have the security standard, and
if you dont, they charge you about >$4 per card stolen or something
similar.

While it may be an AC exercise, their advice is all good and I can't
detract from good commonsense advice.  Can I fault MC for trying to keep
MY information more secure?  Am I supposed to somehow paint MC as the
bad guy for trying to help secure MY information.  No way!

Roger

************************************************************************
***
*Roger A. Grimes, Banneret Computer Security, Computer Security
Consultant 
*CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), CEH, CHFI
*email: roger () banneretcs com
*cell: 757-615-3355
*Author of Malicious Mobile Code:  Virus Protection for Windows by
O'Reilly
*http://www.oreilly.com/catalog/malmobcode
*Author of Honeypots for Windows (Apress)
*http://www.apress.com/book/bookDisplay.html?bID=281
************************************************************************
****