Full Disclosure mailing list archives
Re: Compliance Is Wasted Money, Study Finds
From: Michael Holstein <michael.holstein () csuohio edu>
Date: Tue, 27 Apr 2010 13:48:11 -0400
Besides, in a democratic society (where CC do operate as well), you can't "force" someone to install an anti-virus just because _you_ think it is secure.
This isn't a democracy .. it's a business. You want to process credit cards in-house, you need to comply with the PCI standards. It *doesn't matter* if you think you're smarter/better than what's in the standard .. you play by their rules or you don't play. Much like if your boss says you have to wear a tie, but you think ties are stupid. You've already stated in a prior email that you have no involvement with PCI implementation on either side of the fence ("hell no", was your answer, I believe) .. so I don't see where you're really qualified to make a categorical statement that PCI compliance lends nothing to security. PCI/DSS is an attempt to paint (as broadly as possible) a minimum set of standards. You are allowed (in some cases) to state a mitigating circumstances that renders a particular point moot. None of the things in the PCI/DSS standard contradict basic "best practice" when it comes to securing data and the networks and hosts on which it resides and traverses.
The argument were compliance is wasted money still holds.
Well .. "waste your money" on compliance .. or "waste your money" on the surcharge you pay to another entity that *is* compliant. Take your pick. Cheers, Michael Holstein Cleveland State University PS: Just because you say your network is secure doesn't make it so. Internal and external audit is routine course in the business world, and you'll find that the less you try and make life difficult for them, the easier things tend to go. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Compliance Is Wasted Money, Study Finds, (continued)
- Re: Compliance Is Wasted Money, Study Finds Mike Hale (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Christian Sciberras (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Mike Hale (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Christian Sciberras (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Mike Hale (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Christian Sciberras (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Michael Holstein (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds J Roger (Apr 27)
- Compliance Is Wasted Money, Study Finds J Roger (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Paul Schmehl (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Michael Holstein (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Valdis . Kletnieks (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Pieter de Boer (Apr 26)
- Re: Compliance Is Wasted Money, Study Finds Valdis . Kletnieks (Apr 26)
- Re: Compliance Is Wasted Money, Study Finds Shaqe Wan (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Shaqe Wan (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Michel Messerschmidt (Apr 26)
- Re: Compliance Is Wasted Money, Study Finds Mike Hale (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Lyal Collins (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Christian Sciberras (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Lyal Collins (Apr 28)