funsec mailing list archives
Re: Fwd: [Dataloss] Network Solutions was PCI compliant before breach
From: Chris Blask <wobblingmoon () yahoo com>
Date: Mon, 27 Jul 2009 19:26:08 -0700 (PDT)
--- On Mon, 7/27/09, Michael Graham <jmgraham () gmail com> wrote:
Obviously, meeting an arbitrary metric shouldn't absolve you of the responsibility to make your own risk decisions as appropriate to your business and your customers, and after having done so it doesn't absolve you of the responsibility to execute those risk decisions properly. Compound this absurd notion that PCI compliance divests you of core custodian responsibilities with the questionable value of PCI itself and we've got the PCI council helping all of us into an overall worse security situation, not a better one, regardless of intent.
All PCI is is something to keep you from being sued by the card brands (and vice versa). Sooner or later diligence will be legally required. S.773 (the Cybersecurity Act of 2009) is at least a smell of smoke over the horizon. Anyone who thinks they can stand up in front of a judge and jury and always get away with those sorts of lame excuses will have another think coming when Critical Infrastructure security is federally mandated (and CI is defined as "whatever the President says it is"). -chris The Moose is Loose! http://motleymoose.com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Fwd: [Dataloss] Network Solutions was PCI compliant before breach Paul Ferguson (Jul 27)
- Re: Fwd: [Dataloss] Network Solutions was PCI compliant before breach Valdis . Kletnieks (Jul 27)
- Re: Fwd: [Dataloss] Network Solutions was PCI compliant before breach Michael Graham (Jul 27)
- Re: Fwd: [Dataloss] Network Solutions was PCI compliant before breach chris (Jul 27)
- Re: Fwd: [Dataloss] Network Solutions was PCI compliant before breach Michael Graham (Jul 27)
- Re: Fwd: [Dataloss] Network Solutions was PCI compliant before breach Chris Blask (Jul 27)
- Re: new cybersecurity laws (was: Network Solutions was PCI compliant before breach) Young, Keith (Jul 28)
- Re: Fwd: [Dataloss] Network Solutions was PCI compliant before breach chris (Jul 27)
- Re: Fwd: [Dataloss] Network Solutions was PCI compliant before breach Alexandre Dulaunoy (Jul 27)
- Re: Fwd: [Dataloss] Network Solutions was PCI compliant before breach Valdis . Kletnieks (Jul 27)
- Re: Fwd: [Dataloss] Network Solutions was PCI compliantbefore breach Larry Seltzer (Jul 27)
- Re: Fwd: [Dataloss] Network Solutions was PCI compliantbefore breach chris (Jul 27)