[Owasp-pci-project] How Worthwhile is the Effort?
Tom Brennan
tomb at owasp.org
Wed Jun 3 12:27:23 EDT 2009
for those that missed the post
http://www.boazgelbord.com/2009/04/pci-hearing-in-congress.html
On Wed, Jun 3, 2009 at 12:10 PM, McGovern, James F (HTSC, IT)
<James.McGovern at thehartford.com> wrote:
> I like the quote and agree that PCI is about protecting the credit card
> industry more than it is just about securing an organization but reality
> also says that it is the organization that makes the headlines whenever
> they faulter...
>
> -----Original Message-----
> From: owasp-pci-project-bounces at lists.owasp.org
> [mailto:owasp-pci-project-bounces at lists.owasp.org] On Behalf Of Brad
> Andrews
> Sent: Wednesday, June 03, 2009 11:52 AM
> To: Daniel Herrera
> Cc: owasp-pci-project at lists.owasp.org
> Subject: [Owasp-pci-project] How Worthwhile is the Effort?
>
>
> I agree with this asessment of PCI, but it does raise a serious question
> about what we are trying to accomplish.
>
> Many business people will continue to just want the check-off. How much
> value are we adding with our effort here? I personally don't want to
> totally waste my time. I know some of it will only be marginally
> useful, but I don't want it to be totally wasted.
>
> How useful is what we are doing?
>
> --
> Brad Andrews
> RBA Communications
> SANS/GIAC GSEC, GCFW, GCIH, GPCI
>
>
> Quoting Daniel Herrera <daherrera101 at yahoo.com>:
>
>> A wise acquaintance of mine once told me the purpose of PCI DSS was
>> not to secure an organization, but to mitigate potential risk to the
>> credit industry.
> _______________________________________________
> Owasp-pci-project mailing list
> Owasp-pci-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-pci-project
> ************************************************************
> This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
> ************************************************************
>
> _______________________________________________
> Owasp-pci-project mailing list
> Owasp-pci-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-pci-project
>
--
Tom Brennan
OWASP Foundation
Url: www.owasp.org
Tel: 973-202-0122
More information about the Owasp-pci-project
mailing list