« SilverLight
WW1 (Web War One) - eStonia Attacked! »

Straights Words from Gartner about PCI

……. there are some important areas where we part company with the council. One of the most important is that the council sanctions the use of an assessor that is also trying to sell you security services. This is completely at odds with established best practices in audit and compliance.

Well, the card companies may not learned anything from the Enron and accounting/audit firm debacles of the past few years, but we have.

I think the Security Standards Council could have come up with better criteria for membership than a $2K annual membership fee.

It’s too early to say for certain whether this input structure will be effective, but my cynical inclination is to think it will be only marginally useful in conveying standards concerns to the card brands that enforce them.

http://blog.gartner.com/blog/security.php

Explore posts in the same categories: Compliance, PCI, Security Industry

This entry was posted on August 23, 2007 at 4:16 pm and is filed under Compliance, PCI, Security Industry. You can subscribe via RSS 2.0 feed to this post's comments. You can comment below, or link to this permanent URL from your own site.

Comment: