Penetration Testing mailing list archives
Re: Heartland Gets Religion on Security
From: Jeffrey Walton <noloader () gmail com>
Date: Fri, 19 Jun 2009 17:16:16 -0400
Hi Rajat,
...but I'd like to think that the assessor didn't do a thorough job either of reviewing them.
I agree. Over at DataLossDB, I inquired about adding a column for the firm(s) performing the audit in an attempt to [possibly] correlate breaches with firms. Unfortunately, DataLossDB did not feel they had the resources to accommodate. I can't help but feel there is an Enron/Arthur Anderson relationship among some of these folks. Jeff On 6/19/09, rajat swarup <rajats () gmail com> wrote:
On Thu, Jun 18, 2009 at 7:02 AM, Jeffrey Walton<noloader () gmail com> wrote: > From the folks at Attrition and the DataLossDB. > > ---------- Forwarded message ---------- >Carr says that one lesson he's learned from the breach is that the> industry's security standard, called Payment Card Industry or PCI, doesn't > go far enough. It's the "lowest common denominator," he says, adding that > the audit didn't detect the vulnerability that led to the hack even though > it had existed for years. > It's interesting to see their perspective but I'd like to think that the assessor didn't do a thorough job either of reviewing them. I could be wrong too! Not to place faith in the PCI DSS or anything but I'm yet to see a *truly* compliant merchant being breached. Media reports led me to believe that the ones that were compliant and breached had been weakly assessed on certain aspects of the assessment. Just a thought! -- Rajat Swarup http://rajatswarup.blogspot.com/
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Fwd: Heartland Gets Religion on Security Jeffrey Walton (Jun 18)
- Re: Heartland Gets Religion on Security rajat swarup (Jun 20)
- Re: Heartland Gets Religion on Security Jeffrey Walton (Jun 20)
- Re: Heartland Gets Religion on Security security curmudgeon (Jun 20)
- Re: Heartland Gets Religion on Security Jeffrey Walton (Jun 20)
- Re: Heartland Gets Religion on Security rajat swarup (Jun 20)