Auditing for security - not just for compliance
March 31st, 2008 Drazen Drazic Posted in Bad Stuff, PCI, PCI DSS, Risk Management, cyber crime |
It used to be a standout and bold new statement; “Compliance vs. Security - one goes one way and the other goes the other way and rarely the two meet - as they should!” People would think about it and go; “Yeah….wow…that is so true now that I think about it!”. How times change and this has now almost become accepted as fact?!
PCI DSS compliance is somewhat heading down this path. I am hesitant to say it is totally but the indications are not good. Given recent news about Hannaford and ongoing news about TJX and other breaches plus things we see in the industry ourselves, I thought it might be good to re-hash this one:
http://beastorbuddha.com/2007/09/05/pci-choosing-your-auditors-carefullypart-ii/
Leave a Reply