PCI Compliance - Where's the Beef?
I might be dating myself a bit when I reference the old Wendy's ad, but I find myself compelled to beacuse it sums up the PCI Compliance rackets unfolding before our eyes. SO I must ask - Where's the beef?
I just did a Google Search on PCI Compliance, and got a lot of data but no real information back on the first page of the search. What I got was a lot of scanning/reporting/discovery links and solutions, but no real solutions. It's the equivalent of looking for a hamburger and getting all bun. Not what I had in mind. So what did I have in mind?
How about a reference architecture?
How about something other than a nice neat document format to tell me what I already know, just repurposed and re-formatted so I get credit for producing data, vs. producing results and solutions (which is what my bonus is tied to)?
How about something specific for a solution other than self assessment forms?
How about a bullet by bullet breakdown of a solution as it relates to each part of the PCI Specification?
How about some information that I can use? That I can validate/invalidate for myself in my environment? That does something more than tell me what I already know with absolutely no direction or opinion on what I could do?
Keep reading folks. I will share what I know, what I learn, and let you decide if it's right for you, and how useful the solutions are.
pcistuff@gmail.com
I just did a Google Search on PCI Compliance, and got a lot of data but no real information back on the first page of the search. What I got was a lot of scanning/reporting/discovery links and solutions, but no real solutions. It's the equivalent of looking for a hamburger and getting all bun. Not what I had in mind. So what did I have in mind?
How about a reference architecture?
How about something other than a nice neat document format to tell me what I already know, just repurposed and re-formatted so I get credit for producing data, vs. producing results and solutions (which is what my bonus is tied to)?
How about something specific for a solution other than self assessment forms?
How about a bullet by bullet breakdown of a solution as it relates to each part of the PCI Specification?
How about some information that I can use? That I can validate/invalidate for myself in my environment? That does something more than tell me what I already know with absolutely no direction or opinion on what I could do?
Keep reading folks. I will share what I know, what I learn, and let you decide if it's right for you, and how useful the solutions are.
pcistuff@gmail.com
posted by Mark Mac Auley at 4:45 AM
3 Comments:
Have you checked out the PCI and Data Security Compliance blog?
It has lots of information about PCI DSS. Add it to your blogroll!
Could you re-upload the file ?
The file @ http://senduit.com/ is gone. The link expired.
Thanks
I certainly agree with you.
...............
Cha
Wow, check out this site called www.fluc.com
. Free SMS and free mobile ads!! Its fantastic
Post a Comment
<< Home