WebApp Sec mailing list archives
RE: PCI DSS Compliance
From: "Lyal Collins" <lyal.collins () key2it com au>
Date: Thu, 22 Dec 2005 16:34:51 +1100
Herin lies, imho, the dichotomy between compliance and reality/security. With a prescriptive mangement level set of requirements, some techo issues may get lost/missed. But some techo/security issues will have been fixed in seeking/achieving compliance, things that otherwise would have remained unaddressed for ho knows how long. The upside is that there 'should' be less variabilty between sites, and a somewhat higher threshold for fraud/crime at an affordable level. This assumption is yet to be proven, however. lyal -----Original Message----- From: Roberto Tanara [mailto:tanara () protechta it] Sent: Wednesday, 21 December 2005 7:50 PM To: webappsec () securityfocus com Subject: Re: PCI DSS Compliance Craig Wright wrote:
The company seeking the test is seeking compliance not necessary security. These are very different things.
Maybe I am missing something, but as a customer, how could I trust a company that seeks "compliance not necessary security"? Does the compliance make me feel better if something bad happens? -- Roberto Tanara Protechta Information Security
Current thread:
- Re: PCI DSS Compliance, (continued)
- Re: PCI DSS Compliance null0 (Dec 18)
- RE: PCI DSS Compliance Craig Wright (Dec 18)
- Re: PCI DSS Compliance Pete Herzog (Dec 18)
- RE: PCI DSS Compliance Craig Wright (Dec 19)
- Re: PCI DSS Compliance Pete Herzog (Dec 20)
- RE: PCI DSS Compliance Lyal Collins (Dec 20)
- Re: PCI DSS Compliance Pete Herzog (Dec 29)
- RE: PCI DSS Compliance Lyal Collins (Dec 29)
- Re: PCI DSS Compliance Pete Herzog (Dec 20)
- Re: PCI DSS Compliance Roberto Tanara (Dec 21)
- RE: PCI DSS Compliance Lyal Collins (Dec 21)
- Re: PCI DSS Compliance Roberto Tanara (Dec 22)