Comments on: “Security first” please! http://www.mckeay.net/2009/01/16/security-first-please/ The views of one man on security, privacy and anything else that catches his attention. The views expressed on this blog do not reflect the views of my employer or anyone other than myself. Thu, 02 Feb 2012 21:45:54 +0000 hourly 1 http://wordpress.org/?v= By: Tom http://www.mckeay.net/2009/01/16/security-first-please/comment-page-1/#comment-4154 Tom Wed, 28 Jan 2009 19:54:56 +0000 http://www.mckeay.net/2009/01/16/security-first-please/#comment-4154 While compliance may provide some minimum level of security, it is a pretty low bar to meet. It may be better to measure compliance and measure security risk independent of each other. An organization could definitely be insecure and also compliant with PCI and other regulations. Conversely, an organization could be adequately secured and non-compliant. While compliance may provide some minimum level of security, it is a pretty low bar to meet. It may be better to measure compliance and measure security risk independent of each other. An organization could definitely be insecure and also compliant with PCI and other regulations. Conversely, an organization could be adequately secured and non-compliant.

]]> By: Network Security Blog » Saturday morning reading 01/24/09 http://www.mckeay.net/2009/01/16/security-first-please/comment-page-1/#comment-4128 Network Security Blog » Saturday morning reading 01/24/09 Sat, 24 Jan 2009 14:35:48 +0000 http://www.mckeay.net/2009/01/16/security-first-please/#comment-4128 [...] and continuing to improve upon it, which is a step many organizations forget.  Didn’t I write something on this [...] [...] and continuing to improve upon it, which is a step many organizations forget.  Didn’t I write something on this [...]

]]> By: Anton Chuvakin http://www.mckeay.net/2009/01/16/security-first-please/comment-page-1/#comment-4102 Anton Chuvakin Fri, 16 Jan 2009 18:26:56 +0000 http://www.mckeay.net/2009/01/16/security-first-please/#comment-4102 Congrats, Martin! You discovered the HIDDEN point in my post... You say: "other than chosing a new vendor if the current one is just paying lip service to scanning." Yes, BUT the truly SCARRRRRRRY point that I was hinting at is: "chosing a new vendor if the current one is just NOT (!!!) paying lip service to scanning." Think about it... Congrats, Martin! You discovered the HIDDEN point in my post…

You say:

“other than chosing a new vendor if the current one is just paying lip service to scanning.”

Yes, BUT the truly SCARRRRRRRY point that I was hinting at is:

“chosing a new vendor if the current one is just NOT (!!!) paying lip service to scanning.”

Think about it…

]]>