funsec mailing list archives

Re: The PCI sky isn't falling!

From: "Kaegler, Mike" <KaeglerM () tessco com>
Date: Mon, 23 Mar 2009 16:58:57 -0400

On 3/23/09 3:15 PM, "Jon Kibler" <Jon.Kibler () aset com> wrote:

I am frequently asked why I refuse to do PCI audits. I always have the
same answer: "I don't participate in security theater."


To a point, it seems all certification processes can be defeated by creative
responses or other activity one could loosely call "cheating". Its true of
things like PCI, various industry-specific questionnaires that feed things
like "The Top 10 Schools for ________" lists, and even personal
certifications.

Alone, PCI can't do a lot; one needs a competent and interested security
professional. Likewise, said professional can't do a lot without a business
mandate (which PCI provides).

PCI is not a magic bullet, but it isn't useless theatre either (provided its
routed to the IT department instead of the marketing department).
-porkchop

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: The PCI sky *isn't* falling!, (continued)
- - - Re: The PCI sky *isn't* falling! Drsolly (Mar 24)
    - Re: The PCI sky *isn't* falling! Anton Chuvakin (Mar 24)
    - Re: The PCI sky *isn't* falling! Justin D. Scott (Mar 23)
    - Re: The PCI sky *isn't* falling! Drsolly (Mar 24)
    - Re: The PCI sky *isn't* falling! Justin Scott (Mar 24)
    - Re: The PCI sky *isn't* falling! Jon Kibler (Mar 24)
    - security theater is useful, stop abusing it [was: PCI] Gadi Evron (Mar 24)
    - Re: security theater is useful, stop abusing it [was: PCI] Benjamin April (Mar 24)
    - Re: security theater is useful, stop abusing it [was: PCI] Imri Goldberg (Mar 24)
    - Re: security theater is useful, stop abusing it [was: PCI] nick hatch (Mar 24)
  - Re: The PCI sky *isn't* falling! Kaegler, Mike (Mar 24)
    - Re: The PCI sky *isn't* falling! David Harley (Mar 24)
    - Re: The PCI sky *isn't* falling! Jon Kibler (Mar 24)
- Re: The PCI sky *isn't* falling! nick hatch (Mar 23)
  - why is certification useful anyway? [was: PCI] Gadi Evron (Mar 24)
- Re: The PCI sky *isn't* falling! Valdis . Kletnieks (Mar 23)
  - Re: The PCI sky *isn't* falling! Rob, grandpa of Ryan, Trevor, Devon & Hannah (Mar 23)
- Re: The PCI sky *isn't* falling! Drsolly (Mar 23)
  - Re: The PCI sky *isn't* falling! Gadi Evron (Mar 24)
- Re: The PCI sky *isn't* falling! Jay Singala (Mar 25)

funsec mailing list archives

Re: The PCI sky *isn't* falling!

Current thread:

Re: The PCI sky isn't falling!