About

Categories

Recent Posts

Archives

Subscribe to this blog's feed

Blogs

Organizations

Other Important Sites

Publications

RSS Feed

Blog powered by TypePad
Subscribe to my Podcast

« Was TJX Non-compliant with PCI at Time of Breach? | Main | NIST Updates Provide Important Guidance for Email and Wireless Security »

February 28, 2007

A Rational Voice Among the PCI Noise

This guy, Mike Rothman, knows what he is talking about. Mike's been going through his Daily Incite's for 2007 and yesterday he landed on PCI compliance.

If only securty standards and regulations were really taken seriously.

But, as Mike points out, there's...

1. No real enforcement
2. A lot of ambiguity on what's required
3. Too much confusion among CSO and Compliance people

As Mike said, CSOs, CISOs, CIOs, and compliance officers need to focus less on what will make them compliant and a whole lot more on what will make their enterprise secure.

Oh, and a lot more public outcry is going to be needed! Until the penalties for non-compliance are as weighty as the laws themselves are to read, there's really nothing to prevent more data breaches like the TJX's of the world.

Posted at 08:36 AM in PCI Compliance |

Technorati Tags: , , , ,

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/t/trackback/458164/16473230

Listed below are links to weblogs that reference A Rational Voice Among the PCI Noise:

Comments

Magnificent collection of prayers - and I haven\'t begun to explore the rest of the website!

Posted by: Melissa | November 08, 2008 at 08:48 AM

i love this site.a

Posted by: Dan | August 28, 2008 at 12:43 AM

No real enforcement? How about these carrot and stick enticements to let people know about deadlines and fines?
http://pcianswers.com/2007/01/21/non-compliance-fines/

What kind of enforcement are you looking for?

Posted by: Mike | March 02, 2007 at 07:18 AM

Post a comment

If you have a TypeKey or TypePad account, please Sign In