Full Disclosure mailing list archives
Re: Compliance Is Wasted Money, Study Finds
From: Michael Holstein <michael.holstein () csuohio edu>
Date: Tue, 27 Apr 2010 14:10:26 -0400
My point isn't about a particular section, nor whether the amount of experience I have in PCI DSS compliance (which is next to novice).
So we can agree that you're arguing about something with which you have no experience?
The point is, what s PCI aiming at?
It's on the first substantive page of the document .. to wit : "The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally."
Real security
Again, I ask "what is 'real security'?".
or just a way companies can excuse their incompetence by citing full PCI compliance?
If you "self-audit" and just check the boxes because you have a box that says "firewall" on it and another that says "IDS" and so forth, then yes .. it's just excusing incompetence .. but any "real" auditor would be asking you about change management for those assets, who has access to them and why, how logs are reviewed and by whom, etc. There's 12 basic points in the 1.2 spec, none of which contradict current best-practice for network design. Cheers, Michael Holstein Cleveland State University PS: This is starting to sound like the discussion many of us have with Mac end-users .. the one that goes "but Mac's don't get viruses". _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Compliance Is Wasted Money, Study Finds, (continued)
- Re: Compliance Is Wasted Money, Study Finds Shaqe Wan (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Shaqe Wan (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Mike Hale (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Christian Sciberras (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Mike Hale (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Christian Sciberras (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Mike Hale (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Christian Sciberras (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Mike Hale (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Christian Sciberras (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Michael Holstein (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds J Roger (Apr 27)
- Compliance Is Wasted Money, Study Finds J Roger (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Paul Schmehl (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Michael Holstein (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Valdis . Kletnieks (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Pieter de Boer (Apr 26)
- Re: Compliance Is Wasted Money, Study Finds Valdis . Kletnieks (Apr 26)
- Re: Compliance Is Wasted Money, Study Finds Shaqe Wan (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Shaqe Wan (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Michel Messerschmidt (Apr 26)