Re: PCI compliance

["Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca>]

Date sent:              Fri, 03 Apr 2009 23:18:00 +0100 (BST)
From:                   Drsolly <drsollyp () drsolly com>

> The logic is impeccable. PCI DSS is only concerned about data kept in 
> electronic form. By using pencil and paper, he remains PCI DSS compliant. 

I agree that, in terms of compliance, the logic works.  It reminds me of ISO27k in 
that regard: if you are troubled by any particular vulnerability, and don't want to 
fix it, just ask to have it (or related system) removed from scope ...

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
Beware of all enterprises that require a new set of clothes.
                                               - Henry David Thoreau
http://victoria.tc.ca/techrev/rms.htm 
http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.