Security Basics mailing list archives
RE: PCIDS Standard
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Tue, 24 May 2005 19:57:25 -0400
They have given everyone a very short time frame to play with and they
also expect you to get a company like Verisign to >peform an external audit (port scan) plus a few other tasks, again, depending on the amount of monthy transactions you >make. The standard has been published in draft and near final form for a long time. It certainly isn't a surprise.
As this is a ass covering exercise on mastercards behalf, you will only
have problems if your company is comprismised and >card info is taken.Then mastercard will expect you to have the security standard, and if you dont, they charge you about >$4 per card stolen or something similar. While it may be an AC exercise, their advice is all good and I can't detract from good commonsense advice. Can I fault MC for trying to keep MY information more secure? Am I supposed to somehow paint MC as the bad guy for trying to help secure MY information. No way! Roger ************************************************************************ *** *Roger A. Grimes, Banneret Computer Security, Computer Security Consultant *CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), CEH, CHFI *email: roger () banneretcs com *cell: 757-615-3355 *Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly *http://www.oreilly.com/catalog/malmobcode *Author of Honeypots for Windows (Apress) *http://www.apress.com/book/bookDisplay.html?bID=281 ************************************************************************ ****
Current thread:
- PCIDS Standard Richard Piedrahita (May 23)
- Re: PCIDS Standard Security (May 24)
- <Possible follow-ups>
- RE: PCIDS Standard Roger A. Grimes (May 24)
- RE: PCIDS Standard Anthony J Placilla (May 26)
- RE: PCIDS Standard Roger A. Grimes (May 26)