You can't secure what you don't acknowledge.SM

Friday, April 3, 2009

Restating the obvious?

This just in (OK, it's really from a couple of days ago): Cybersecurity hearing highlights inadequacy of PCI DSS.

But I thought compliance = security!? And anything forced down our throats at the hand of industry bodies and government goons is all we need to manage business risks!? long do you think we'll continue to hear about this...ay yay yay?

1 comment:

  1. I found this one amusing:

    We're certainly spending a lot of money on consultants for PCI... but apparently some companies are spending it on just about anything in the name of PCI.