This guy, Mike Rothman, knows what he is talking about. Mike's been going through his Daily Incite's for 2007 and yesterday he landed on PCI compliance.
If only securty standards and regulations were really taken seriously.
But, as Mike points out, there's...
1. No real enforcement
2. A lot of ambiguity on what's required
3. Too much confusion among CSO and Compliance people
As Mike said, CSOs, CISOs, CIOs, and compliance officers need to focus less on what will make them compliant and a whole lot more on what will make their enterprise secure.
Oh, and a lot more public outcry is going to be needed! Until the penalties for non-compliance are as weighty as the laws themselves are to read, there's really nothing to prevent more data breaches like the TJX's of the world.
Magnificent collection of prayers - and I haven\'t begun to explore the rest of the website!
Posted by: Melissa | November 08, 2008 at 08:48 AM
i love this site.a
Posted by: Dan | August 28, 2008 at 12:43 AM
No real enforcement? How about these carrot and stick enticements to let people know about deadlines and fines?
http://pcianswers.com/2007/01/21/non-compliance-fines/
What kind of enforcement are you looking for?
Posted by: Mike | March 02, 2007 at 07:18 AM