TJX saga continued….it just seems to get worse

October 25th, 2007 Drazen Drazic Posted in Bad Stuff, Disclosure Laws, Dumb Security, PCI, PCI DSS, cyber crime, governance |

It should almost be time to give this TJX saga its own category here. Just as we think it’s quieting down, the story unfolds further. See The Register; TJX breach was twice as big as admitted, bank says. Can there be a better case study for poor security management consequences?

But, are other organisations learning from the TJX experience? The answer is probably only a small percentage are. We see it every day.

Another PCI compliance deadline passed here in this region recently. I’ll put it out there and say that of all the organisations that must be compliant with the PCI DSS, I would be surprised if more than 5% are! Happy to be proven wrong but I just don’t think it’s the case.

So who’s pushing the rest of the business community that doesn’t come under PCI DSS compliance obligations?

Related Links:
Risky Business 35 (Patrick Gray talks PCI with Verizon Consultant)
Beast or Buddha PCI Archive