What is the next step after a PCI audit?
I am posing a generic question to see what the next logical step is for an organization. I have been thinking about a few scenarios and here is what I came up with:
1. Send the findings up the food chain to management and let them decide how important actually fixing it is and wait for orders.
2. Make your bones by actually having a solution in your hip pocket to address the holes in the audit and take it from "Here's how broken we are" to "and here is how I think we should fix it".
3. Outsource everything entirely, only there is no one to my knowledge willing OR able to assume the liability of non-compliance, at least from a technology standpoint (but what a business), although the technology exists.
4. Do nothing and see what happens. AKA roll the dice, AKA 'We're to small', or 'We just spent $100,000 on security last year, we'll be fine'.
What are YOU seeing? I am guessing #1 and #4 are getting a lot of consideration.
pcistuff@gmail.com
1. Send the findings up the food chain to management and let them decide how important actually fixing it is and wait for orders.
2. Make your bones by actually having a solution in your hip pocket to address the holes in the audit and take it from "Here's how broken we are" to "and here is how I think we should fix it".
3. Outsource everything entirely, only there is no one to my knowledge willing OR able to assume the liability of non-compliance, at least from a technology standpoint (but what a business), although the technology exists.
4. Do nothing and see what happens. AKA roll the dice, AKA 'We're to small', or 'We just spent $100,000 on security last year, we'll be fine'.
What are YOU seeing? I am guessing #1 and #4 are getting a lot of consideration.
pcistuff@gmail.com
posted by Mark Mac Auley at 9:07 AM
1 comments
