PaulDotCom mailing list archives
Question about PCI audit results and reality....
From: arch3angel at gmail.com (Robert Miller)
Date: Thu, 20 Aug 2009 21:44:02 -0400
I completely understand your situation! I heard that "Joe" was working at a company were he seen many things that fail a few different assessments and brought them to the attention of the executive staff, then was told to either put it under the table or stop telling us this stuff we really don't like hearing it. After pondering this for a few hours "Joe" decided it was best to document things and try to continue to use opportunities to bring it up in meetings. Last time I spoke to "Joe" I was told nothing has changed and if nothing else, it has gotten worse. My advice to you is to document everything and protect your backup of said documents, because reality is that once it comes to the surface, and it will, you will be the fall guy for the company because no executive I know of will admit to the fault and take the blame! Good Luck! Robert Robert Portvliet wrote:
Rich Mogull had a few things to say about that yesterday (very good read) http://securosis.com/blog On Thu, Aug 13, 2009 at 6:21 AM, Ron Gula<rgula at tenablesecurity.com> wrote:All great points .... and now from a CEO who says their QSA's let them down: http://www.csoonline.com/article/499527/Heartland_CEO_on_Data_Breach_QSAs_Let_Us_Down?page=1 Heartland CEO on Data Breach: QSAs Let Us Down Heartland Payment Systems Inc. CEO Robert Carr opens up about his company's data security breach, how compliance auditors failed to flag key attack vectors and what the big lessons are for other companies. ... -- Ron Gula, CEO Tenable Network Security _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090820/6a26fd0b/attachment.htm
Current thread:
- Question about PCI audit results and reality...., (continued)
- Question about PCI audit results and reality.... Chris Merkel (Aug 12)
- Question about PCI audit results and reality.... Paul Asadoorian (Aug 12)
- Question about PCI audit results and reality.... Shawn Bernard (Aug 12)
- Question about PCI audit results and reality.... Joel Folkerts (Aug 12)
- Question about PCI audit results and reality.... Mike Patterson (Aug 12)
- Question about PCI audit results and reality.... Jack Daniel (Aug 12)
- Question about PCI audit results and reality.... Ron Gula (Aug 13)
- Question about PCI audit results and reality.... Robert Portvliet (Aug 13)
- Question about PCI audit results and reality.... Jason Wood (Aug 13)
- Question about PCI audit results and reality.... Nathan Sweaney (Aug 14)
- Question about PCI audit results and reality.... Robert Miller (Aug 20)
- Question about PCI audit results and reality.... Edward Frye (Aug 21)
- Question about PCI audit results and reality.... Ron Gula (Aug 13)