PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Question about PCI audit results and reality....

From: mike.patterson at unb.ca (Mike Patterson)
Date: Wed, 12 Aug 2009 16:21:14 -0400
Joel Folkerts wrote on 8/12/09 3:04 PM:

I would explain to management that PCI is simply a least common denominator
and should not be treated as the end-all, be-all to information security.
PCI merely attempts to address a minimum set of criteria that will mitigate
a large portion of the threats that your organization is facing. That being
said, it's unrealistic that any accreditation be able to address every
threat.


You run the risk of having a conversation like the waitress and her
manager in Office Space at this point: if the minimum is 5 pieces of
flair, and I have 5, but you want me to be more like Brian, I should
wear more, yeah?  No, I'm just saying that if you're happy with the
minimum... at that point, management says "yes, we are, thank you for
your opinion but we're happy with 5 pieces of flair, now go do your job."

Mike
Previous By Date Next
Previous By Thread Next

Current thread: