We’ve talked quite a bit about PCI DSS compliance here; (http://beastorbuddha.com/category/pci/). Generally, we’ve looked at what is going wrong, what can go wrong and from there, what organisations should be considering to do it better. Looking at it from a slightly different perspective here but not wholly new either – we’ve touched on and skirted around this a few times.
While PCI DSS has been a good wake up call for many organisations, there’s a negative side also which doesn’t get much attention – lost in all the talk about the benefits that PCI DSS has provided organisations who’ve previously had weak to non-existent security practices – security strategy based solely on compliance.
It doesn’t work.