BreachExchange mailing list archives
Re: Best Western Response
From: security curmudgeon <jericho () attrition org>
Date: Tue, 26 Aug 2008 22:44:06 +0000 (UTC)
: I agree that some "lowest common denominator" can be helpful, but not at : the expense of and actual security program. Too many processors take : their PCI certificate "to the bank", and don't seem to bother doing : anything else. : : That is the fatal flaw in the program. : : In addition, the way the PCI QSA program is structured ensures that : competent security consultants will stay out of it. Why would anyone : want to sign on to a program where you have essentially unlimited : liability, but are forced to base your certification decisions on a : ridiculous standard? AND you have to pay them $20,000 initially, and : $10,000 per year afterward... Where does that money go??? After that, you get to bid against the LCD who does their automated scans w/ little to no validation for pennies on the dollar. A company I used to work for was an ASV for a while, but we only did the work as a loss leader to get in the door and then upsell. That was the *only* value of doing PCI work. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Re: Best Western Response, (continued)
- Re: Best Western Response Tom Mahoney (Aug 25)
- Re: Best Western Response macwheel99 (Aug 26)
- Re: Best Western Response Harris, Michael C. (Aug 26)
- Re: Best Western Response DAIL, WILLARD A (Aug 26)
- Re: Best Western Response Jamie C. Pole (Aug 26)
- Re: Best Western Response security curmudgeon (Aug 26)
- Re: Best Western Response Michael Hill, CITRMS (Aug 26)
- Re: Best Western Response Jamie C. Pole (Aug 26)
- Re: Best Western Response Daniel Clemens (Aug 26)
- Re: Best Western Response Jamie C. Pole (Aug 26)
- Re: Best Western Response security curmudgeon (Aug 26)
- Re: Best Western Response Jeffrey Walton (Aug 26)