Comments on: PCI is about transfering the risk, not mitigating it http://www.mckeay.net/2008/01/14/pci-is-about-transfering-the-risk-not-mitigating-it/ The views of one man on security, privacy and anything else that catches his attention Fri, 08 Aug 2008 20:56:17 +0000 http://wordpress.org/?v=abc By: Network Security Blog » PCI is just the beginning of security http://www.mckeay.net/2008/01/14/pci-is-about-transfering-the-risk-not-mitigating-it/#comment-1327 Network Security Blog » PCI is just the beginning of security Wed, 27 Feb 2008 15:54:16 +0000 http://www.mckeay.net/2008/01/14/pci-is-about-transfering-the-risk-not-mitigating-it/#comment-1327 [...] PCI DSS is about risk mitigation (or risk transference, depending on your point of view).  It list a minimum set of standards that merchants and [...] [...] PCI DSS is about risk mitigation (or risk transference, depending on your point of view).  It list a minimum set of standards that merchants and [...]

]]> By: PCI DSS Compliance Demystified » Blog Archive » What is PCI all about? http://www.mckeay.net/2008/01/14/pci-is-about-transfering-the-risk-not-mitigating-it/#comment-1111 PCI DSS Compliance Demystified » Blog Archive » What is PCI all about? Tue, 29 Jan 2008 16:52:14 +0000 http://www.mckeay.net/2008/01/14/pci-is-about-transfering-the-risk-not-mitigating-it/#comment-1111 [...] a friend of mine, writes that PCI is about transferring risk and not mitigating it.  This implies that the acquiring bank somehow has the ability or responsibility to prevent a [...] [...] a friend of mine, writes that PCI is about transferring risk and not mitigating it.  This implies that the acquiring bank somehow has the ability or responsibility to prevent a [...]

]]> By: Alex http://www.mckeay.net/2008/01/14/pci-is-about-transfering-the-risk-not-mitigating-it/#comment-1022 Alex Mon, 14 Jan 2008 19:44:44 +0000 http://www.mckeay.net/2008/01/14/pci-is-about-transfering-the-risk-not-mitigating-it/#comment-1022 Great points. And it's worth noting that there's nothing wrong with an ISMS or even use of PCI as a template for an ISMS per se, the issue comes in the inflexibility and perception that the letter of the law will fulfill some promise of security. I mean to write something on the future of auditing at some point when all this mad rush is over for me. Great points. And it’s worth noting that there’s nothing wrong with an ISMS or even use of PCI as a template for an ISMS per se, the issue comes in the inflexibility and perception that the letter of the law will fulfill some promise of security.

I mean to write something on the future of auditing at some point when all this mad rush is over for me.

]]>