[Owasp-pci-project] How Worthwhile is the Effort?
Brad Andrews
andrews at rbacomm.com
Wed Jun 3 11:51:53 EDT 2009
I agree with this asessment of PCI, but it does raise a serious
question about what we are trying to accomplish.
Many business people will continue to just want the check-off. How
much value are we adding with our effort here? I personally don't
want to totally waste my time. I know some of it will only be
marginally useful, but I don't want it to be totally wasted.
How useful is what we are doing?
--
Brad Andrews
RBA Communications
SANS/GIAC GSEC, GCFW, GCIH, GPCI
Quoting Daniel Herrera <daherrera101 at yahoo.com>:
> A wise acquaintance of mine once told me the purpose of PCI DSS was
> not to secure an organization, but to mitigate potential risk to the
> credit industry.
More information about the Owasp-pci-project
mailing list