[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
- To: Christopher Gilbert <motoma@xxxxxxxxx>, Mike Hale <eyeronic.design@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
- From: "Thor (Hammer of God)" <Thor@xxxxxxxxxxxxxxx>
- Date: Fri, 23 Apr 2010 16:07:07 +0000
Another thing that I think people fail to keep in mind is that when it comes to
PCI, it is part of a contractual agreement between the entity and card facility
they are working with. If a business wants to accept credit cards as a means
of payment (based on volume) then part of their agreement is that they must
undergo compliance to a standard implemented by the industry. I don't know why
people get all emotional about it and throw up their hands with all the "this
is wasted money" positioning - it's not wasted at all; it is simply part of the
cost of doing business in that market.
t
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Christopher
Gilbert
Sent: Thursday, April 22, 2010 4:48 PM
To: Mike Hale
Cc: full-disclosure; security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
The paper concludes that companies are underinvesting in--or improperly
prioritizing--the protection of their secrets. Nowhere does it state that the
money spent on compliance is money wasted.
On Wed, Apr 21, 2010 at 5:44 PM, Mike Hale
<eyeronic.design@xxxxxxxxx<mailto:eyeronic.design@xxxxxxxxx>> wrote:
I find the findings completely flawed. Am I missing something?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/