Firewall Wizards mailing list archives

Re: PCI DSS & Firewalls

From: "Potter, Albert (Al)" <apotter () icsalabs com>
Date: Thu, 02 Apr 2009 18:30:25 +0000

</lurk>

Chris hits the nail on the head. The DSS is about helping the clewless make measureable progress in a better direction 
and giving management (C and board level) the motivation and justificatio to spen money on security and to induce their 
staffs to get moving. 

Is it perfect?  No, but it is regularly revised (the DSS) and has a mechanism to get better. 


AL
<Lurk>

----- Original Message -----
From: firewall-wizards-bounces () listserv cybertrust com <firewall-wizards-bounces () listserv cybertrust com>
To: Firewall Wizards Security Mailing List <firewall-wizards () listserv cybertrust com>
Sent: Thu Apr 02 08:35:15 2009
Subject: Re: [fw-wiz] PCI DSS & Firewalls

Paul D. Robertson <paul () compuwar net>,Wednesday, April 1, 2009 9:09:40 PM

Is it just me, or do the PCI DSS "standards" for firewalls look like

someone played "I have a CISSP" buzzword bingo?



Nope, not just you. ;~)

The DSS (and regulatory tools in total) are not bits-und-bytes technical artifacts, they are human engineering 
technical artifacts.  The idea being to find a way to move people in a desired direction an achievable distance.  The 
funcational DNA in PCI is not what gadgets to use how, it's "if it's done wrong there are legal ramifications at the 
executive level".

One of our folks did PCI for Walmart, and when the CEO sent out a note saying (sic): "Listen to this guy or you're 
fired" it proved that PCI worked.  It reduced the prospect of spending in the future the millions of man-hours we have 
spent in the past arguing with people that maybe they should at least consider changing default passwords.

Now, is PCI enough (or complete)?  Apparently not (go ask Heartland).  But if we can get people doing the things in the 
DSS for starters, at least they'll be evolved beyond gills and flippers when we get there to talk about actual security.

-chris


      
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: PCI DSS & Firewalls, (continued)
- - - Re: PCI DSS & Firewalls ArkanoiD (Apr 10)
    - Re: PCI DSS & Firewalls Frank Knobbe (Apr 02)
    - Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
    - Re: PCI DSS & Firewalls AMuse (Apr 02)
    - Re: PCI DSS & Firewalls Darden, Patrick S. (Apr 02)
    - Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
    - Re: PCI DSS & Firewalls Chris Myers (Apr 02)
    - Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
  - Re: PCI DSS & Firewalls R. DuFresne (Apr 02)
- Re: PCI DSS & Firewalls Potter, Albert (Al) (Apr 02)
  - Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
    - Re: PCI DSS & Firewalls lordchariot (Apr 02)
    - Re: PCI DSS & Firewalls Jim Seymour (Apr 03)
    - Re: PCI DSS & Firewalls Chris Blask (Apr 02)
    - Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
    - Re: PCI DSS & Firewalls Dotzero (Apr 03)
    - Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 03)
    - Re: PCI DSS & Firewalls Chris Blask (Apr 03)
    - Re: PCI DSS & Firewalls Bill McGee (Apr 03)
    - Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 03)

(Thread continues...)