Full Disclosure mailing list archives
Re: Compliance Is Wasted Money, Study Finds
From: Shaqe Wan <sha8e () yahoo com>
Date: Mon, 26 Apr 2010 22:54:17 -0700 (PDT)
Michel, Sorry, I didn't understand your first question! Regarding your 2nd question. You won't get compliant if you update your AV on a annually basis. You shall fail the quarter check done by an QSA(s). So first check is not available. For me if the companies staff is well educated and a we have a good IR team, plus the other goodies you mentioned, then for sure I shall go with selection #2 :) I hate these rules, but really they are something enforced on us. And without them our business can't be done. Or does someone here suggest we close our shops/companies and go home just because we dislike/disagree/hate the PCI Compliance requirements? I think that its not a bad to implement these requirements to get compliant by these companies, and then do what we think is the best. I.e, develop a more security policy to work on top of the PCI or vise versa. Get compliant then go further. BTW: I hope your able to understand my point, as my English seems to be bad :( Regards, ________________________________ From: Michel Messerschmidt <lists () michel-messerschmidt de> To: full-disclosure () lists grok org uk Sent: Tue, April 27, 2010 12:07:14 AM Subject: Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds On Mon, Apr 26, 2010 at 06:02:48AM -0700, Shaqe Wan wrote:
I am not stating that PCI is good in no way, but I am saying that its a MUST for companies dealing with CC. And in a windows environment, an AV is important.
Did you consider that an anti-virus may actually be the worst security solution for certain threats because it allows companies not to think about security while providing insufficient protection? What's your choice: Company A installs an anti-virus and updates it regularly (BTW regularly includes once a year). Company B has a recovery concept, incident response team, vulnerability monitoring, patch management, NIDS, security training but no anti-virus.
He probably thought that I am with the rules of PCI, or that I don't have any idea that the world is not just WINDOWS !!!
No, I don't think so. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Compliance Is Wasted Money, Study Finds, (continued)
- Re: Compliance Is Wasted Money, Study Finds Valdis . Kletnieks (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Pieter de Boer (Apr 26)
- Re: Compliance Is Wasted Money, Study Finds Valdis . Kletnieks (Apr 26)
- Re: Compliance Is Wasted Money, Study Finds Shaqe Wan (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Shaqe Wan (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Michel Messerschmidt (Apr 26)
- Re: Compliance Is Wasted Money, Study Finds Mike Hale (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Lyal Collins (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Christian Sciberras (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Lyal Collins (Apr 28)
- Re: Compliance Is Wasted Money, Study Finds Shaqe Wan (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Honer, Lance (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Michel Messerschmidt (Apr 28)
- Re: Compliance Is Wasted Money, Study Finds Michael Holstein (Apr 28)