There has been some reaction to this piece of PR.
While the idea of compliance in a box is nice, it seems risky to promise it in such a way. However, if you actually read the statement it does specifically say "...new program will help companies worldwide implement encryption..."
Given PCI compliance involves everything from the writing of policy documents through to how specific data needs to be secured and audited, this statement merely confirms that PCI Compliance can take a while and resources to deploy.
Encryption is one of the many things that needs to be done, so with that date looming, things need to happen fast and every little bit helps.
Saturday 4 August 2007
Friday 3 August 2007
And the results are....
Interesting article relating to the PCI Deadline and progress amongst retailers in US.
Even more interesting is this which outlines some of the aggravating aspects of PCI and how retailers are still having problems understanding what they are supposed to be doing.
Seems like there is still a lot to do in the whole area of PCI and compliance.
Even more interesting is this which outlines some of the aggravating aspects of PCI and how retailers are still having problems understanding what they are supposed to be doing.
Seems like there is still a lot to do in the whole area of PCI and compliance.
PCI Assessors could be having a negative impact ?
Interesting article that highlights customer concerns about the PCI DSS and how QSAs aren't actually helping things !
The question of Conflict of interest for QSAs who resell product or market services is also a cause for concern.
Would you be skeptical if the person providing you with advice also then tried to sell you product or services?
The question of Conflict of interest for QSAs who resell product or market services is also a cause for concern.
Would you be skeptical if the person providing you with advice also then tried to sell you product or services?
Subscribe to:
Posts (Atom)