Security Basics mailing list archives

Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds

From: Valdis.Kletnieks () vt edu
Date: Wed, 07 Apr 2010 17:29:37 -0400

On Wed, 07 Apr 2010 14:06:41 PDT, Tracy Reed said:

On Wed, Apr 07, 2010 at 12:43:47PM -0400, Valdis.Kletnieks () vt edu spake thusly:

Whether said checkbox is actually the best solution *for the actual problem*
is the issue.  I've seen cases where checkbox auditors insisted that a
certain critical system "absolutely positively *HAD* to have a firewall".


This is where compensating controls come in with PCI. If there is an
even better solution you are free to implement it.


Yes, the PCI "compensating controls" are overall a Good Thing.  Unfortunately,
a lot of regulatory regimes don't see things that way yet.  And it still
requires a clued PCI auditor who actually understands the real world enough
to deal with compensating controls.

Attachment: _bin
Description:

Current thread:

Compliance Is Wasted Money, Study Finds Ivan . (Apr 06)
- Re: Compliance Is Wasted Money, Study Finds Bert Knabe (Apr 06)
  - Re: Compliance Is Wasted Money, Study Finds Doug Farre (Apr 12)
    - Re: Compliance Is Wasted Money, Study Finds Bert Knabe (Apr 12)
- Message not available
  - Message not available
    - Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds Tracy Reed (Apr 12)
    - Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds Valdis . Kletnieks (Apr 12)
- Re: Compliance Is Wasted Money, Study Finds Mike Hale (Apr 26)
  - Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds Valdis . Kletnieks (Apr 26)
  - Message not available
    - Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds Mike Hale (Apr 26)
  - Message not available
    - Message not available
    - Message not available
    - Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds Mike Hale (Apr 26)
  - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds Stephen Mullins (Apr 26)
    - Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds Mike Hale (Apr 26)
    - Message not available
    - Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds Mike Hale (Apr 26)
    - Message not available
    - Message not available
    - Message not available
    - Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds BMF (Apr 26)
    - Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds Michael Holstein (Apr 26)
    - RE: [Full-disclosure] Compliance Is Wasted Money, Study Finds Thor (Hammer of God) (Apr 26)

(Thread continues...)