Firewall Wizards mailing list archives
Re: PCI DSS & Firewalls
From: "Paul D. Robertson" <paul () compuwar net>
Date: Thu, 2 Apr 2009 22:51:55 -0500 (EST)
On Thu, 2 Apr 2009, Chris Blask wrote:
No- the fine is what does that, the DSS is just the artifact with which to do it. However as a "Standard" it's worse than ICSA Firewall testing criteria! ;-PNow, Al's being nice to me, how can I respond to that? Keep walking, nothing to see here!
That's just me poking fun at Al - my fingers got into that pie too when I was at TruSecure...
We have to keep in mind that we aren't just talking about securing networks where they have a Paul Analog (PA) on staff. Even where they do have a PA on staff, most often he is banging his head against a brick wall of corporate resource management. A good PA (or a good PCI consultant, QSA, whathaveyou) seizes on the opportunity to leverage the attention of the Great Purse Holders and have them pour some cash on worthy efforts that make the network more secure than it was previously.
Once again, that doesn't relieve the PCI DSS folks of their responsibility to do a good job[tm]. See the posting from Victor Williams to see what folly lies in the obvious stuff that most of us came up with in minutes about where the flaws lie. In fact, the fact that you don't have a PA means that training the staff that's there is more important, not less important- and one way to do that is with well-written, detailed and intelligent criteria. The pouring cash on the problem thing is solved contractually with the fines- again, that's not germain to how poorly thought-out and written the criteria are.
*cough* Isn't Verizon a QSA? *cough*You should really get that looked at, it could turn into pneumonia...
It's already laryngitis :( Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." Moderator: Firewall-Wizards mailing list Art: http://PaulDRobertson.imagekind.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: PCI DSS & Firewalls, (continued)
- Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
- Re: PCI DSS & Firewalls Chris Myers (Apr 02)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
- Re: PCI DSS & Firewalls R. DuFresne (Apr 02)
- Re: PCI DSS & Firewalls Potter, Albert (Al) (Apr 02)
- Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
- Re: PCI DSS & Firewalls lordchariot (Apr 02)
- Re: PCI DSS & Firewalls Jim Seymour (Apr 03)
- Re: PCI DSS & Firewalls Chris Blask (Apr 02)
- Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
- Re: PCI DSS & Firewalls Dotzero (Apr 03)
- Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 03)
- Re: PCI DSS & Firewalls Chris Blask (Apr 03)
- Re: PCI DSS & Firewalls Bill McGee (Apr 03)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 03)
- Re: PCI DSS & Firewalls Chris Blask (Apr 05)
- Re: PCI DSS & Firewalls Jim Seymour (Apr 06)
- Re: PCI DSS & Firewalls Chris Blask (Apr 06)