This is what I'm constantly preaching. Just passing a test doesn't by any means mean you're secure. Too many organizations stop at merely achieving compliance and think they're OK. The key is to remember what the compliance group is protecting....usually their interests, not the interest of your organization. Certainly you must comply with regulatory agencies but don't assume that means you're safe and secure.
http://www.theregister.co.uk/2008/04/15/pci_dss_compliance/
The Hannaford grocery chain found out when they were hacked after having passed their PCI compliance tests.
Find more information on PCI compliance at my website: http://www.syrinxtech.com
The Story on Leading with Intention
3 years ago
Posts
0 comments:
Post a Comment