Many vendors, especially around logging and encryption are hawking their wares around PCI. They have data sheets on how to make their products around PCI.
>>>>Whoever drew up the questionnaire is not competent. From the document:
What??? Whoever drew up the questionnaire really knows what they are talking about.
>>> 5.1 Deploy anti-virus software on all systems commonly affected by viruses (particularly personal computers and servers) Note: Systems commonly affected by viruses typically do not include UNIX-based operating systems or mainframes.
What that means is AV only on Microsoft products. I can be pci compliant and not need AV on my Cray, AIX, HP/UX systems.
>>> but unless the questionnaire makes a distinction regarding ssytems "commonly affected by viruses" then it is not compliant with the original requirements.
What do you mean?
Re:Just like HIPAA or Sarbanes-Oxley...
on
PCI Compliance
·
· Score: 1
What????? The TJMAXX hack occurred under a year ago.
PCI is a few years old. In fact, had TJMAXX been PCI compliant, they would never have had a breech.
Really???? Name two mistakes you found in the glossary!!!!!!!!
Re:Just like HIPAA or Sarbanes-Oxley...
on
PCI Compliance
·
· Score: 1
>>>>..PCI is an excuse to hire the KPMGs, Accentures and EDSs of the world. They will charge you $xM for "experts" to put in controls and make your systems secure.
Well.... If the merchants would have been smart enough to do a basic level of security in the first place, they would not have to spend such $$$$. In fact, this is a good fine and penalty for them since they were derelict in their duties in the first place.
>>>>All the while, only a few percent of your card transactions are fraudulent.
But one hacking breech makes ALL of the card holder data info vulnerable.
If PCI is too complex, then security is too complex. And if security is too complex for them.... take away their business license. If you can't comply with PCI, then as a vendor are not grown up enough to accept credit cards.
You missed the point, this has nothing to do with mil spec. It is about poorly made products. I know Gillette can make a razor that lasts much longer, but then again, I would buy less, and they would make less. And talk about Duracell batteries, of course they could last much much much longer, but then again, people would buy less of them.
Re:What value DO the entry level certs have?
on
Network Warrior
·
· Score: 1
should make that 'fat clueless' folks in HR.
Re:I read it, I'd give it 3 1/2 stars
on
Network Warrior
·
· Score: 1
>>>>>Also, i picked up Zen and the art of security as well and it too would get a 3 1/2 star rating from me.
Ouch!
>>>Nothing too great, nothing real bad... except the author seems a little stuck on himself and a bit of a dickwad.
Dude, write a book review. Why so bad? Stuck on himself?????
Re:I read it, I'd give it 3 1/2 stars
on
Network Warrior
·
· Score: 1
>>>>>Also, i picked up Zen and the art of security as well and it too would get a 3 1/2 star rating from me. Ouch!
>>>Nothing too great, nothing real bad... except the author seems a little stuck on himself and a bit of a dickwad.
Dude, write a book review. Why so bad? Stuck on himself?????
Slashdot Mirror
Well, this is a plug for rob hanson's friend.... who i know not, :)
but I agree with him
i second that vote mate!
>>I am not qualified to do an external audit
So why not get the QSA cert. from the pci council?
>>>Every time they do a scan you get charged and no matter what you do there will be false positives so it's almost always a 2 scan process.
Negotiate, Negotiate, Negotiate. Yes, it can be expensive, but you can negotiate and quickly lower the price.
sorrrrrry, i haaaave an ollllld keyboard and it stickzzzzzzzzzzzzzzzzz :))))))))))))))))))))))
How can that be? My company spends $25k per year on Gartner research and they told us that the IDS is dead.
Yes, I will read it there and not buy it.
Kerberos is awesome, cept that it requires every app to be rewrittern.
How else would you implement the tickets?
Many vendors, especially around logging and encryption are hawking their wares around PCI. They have data sheets on how to make their products around PCI.
In fact, a lot of the data sheets have good info.
I still don't see what the supposed flaw is.
thanks. i know not to read the book now.
Do you have a web site with all your reviews?
>>>>Whoever drew up the questionnaire is not competent. From the document:
What??? Whoever drew up the questionnaire really knows what they are talking about.
>>> 5.1 Deploy anti-virus software on all systems commonly affected by viruses (particularly personal computers and servers) Note: Systems commonly affected by viruses typically do not include UNIX-based operating systems or mainframes.
What that means is AV only on Microsoft products. I can be pci compliant and not need AV on my Cray, AIX, HP/UX systems.
>>> but unless the questionnaire makes a distinction regarding ssytems "commonly affected by viruses" then it is not compliant with the original requirements.
What do you mean?
What????? The TJMAXX hack occurred under a year ago.
PCI is a few years old. In fact, had TJMAXX been PCI compliant, they would never have had a breech.
Really???? Name two mistakes you found in the glossary!!!!!!!!
>>>>..PCI is an excuse to hire the KPMGs, Accentures and EDSs of the world. They will charge you $xM for "experts" to put in controls and make your systems secure.
Well.... If the merchants would have been smart enough to do a basic level of security in the first place, they would not have to spend such $$$$. In fact, this is a good fine and penalty for them since they were derelict in their duties in the first place.
>>>>All the while, only a few percent of your card transactions are fraudulent.
But one hacking breech makes ALL of the card holder data info vulnerable.
If PCI is too complex, then security is too complex.
And if security is too complex for them.... take away their business license.
If you can't comply with PCI, then as a vendor are not grown up enough to accept credit cards.
You missed the point, this has nothing to do with mil spec.
It is about poorly made products. I know Gillette can make a razor that lasts much longer, but then again, I would buy less, and they would make less.
And talk about Duracell batteries, of course they could last much much much longer, but then again, people would buy less of them.
should make that 'fat clueless' folks in HR.
>>>>>Also, i picked up Zen and the art of security as well and it too would get a 3 1/2 star rating from me.
Ouch!
>>>Nothing too great, nothing real bad... except the author seems a little stuck on himself and a bit of a dickwad.
Dude, write a book review. Why so bad? Stuck on himself?????
>>>>>Also, i picked up Zen and the art of security as well and it too would get a 3 1/2 star rating from me.
Ouch!
>>>Nothing too great, nothing real bad... except the author seems a little stuck on himself and a bit of a dickwad.
Dude, write a book review. Why so bad? Stuck on himself?????
True. But I think the difference is that everyone I know that went for the CCNA certification, planned/plans to also go for CCNP.
Ninja sounds better than Network CPA :)