Comments on: House Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology http://www.mckeay.net/2009/03/31/house-subcommittee-on-emerging-threats-cybersecurity-and-science-and-technology/ The views of one man on security, privacy and anything else that catches his attention Thu, 29 Jul 2010 22:22:29 +0000 hourly 1 http://wordpress.org/?v=abc By: idblackbox http://www.mckeay.net/2009/03/31/house-subcommittee-on-emerging-threats-cybersecurity-and-science-and-technology/comment-page-1/#comment-4426 idblackbox Wed, 01 Apr 2009 05:04:41 +0000 http://www.mckeay.net/2009/03/31/house-subcommittee-on-emerging-threats-cybersecurity-and-science-and-technology/#comment-4426 Wow, very nice find in way of video! I will watch it tomorrow, but the title alone has been a question of mine since I began working in the PCI field. I have always thought that PCI is a really great beginning point, minimum requirements or best practices set of "rules", but feel all to often, businesses halt any further tightening of their environments once PCI has been fulfilled. PCI reminds me of gym class in high school - boys had to do 5 pull ups and girls had to do 2 pull ups. Most boys and girls did exactly that and nothing more while a few individuals did as much as they truly could do. PCI is not a destination, rather, it is a guide to assist a business in further tightening its environment. The PCI DSS lifespan is pretty new and it is expected there is going to be continued growth and improvements, but as it stands now, there are too many holes and aspects left unchecked. The council better hurry to close these up or else face more "compliant" businesses becoming victim to breaches. Wow, very nice find in way of video! I will watch it tomorrow, but the title alone has been a question of mine since I began working in the PCI field. I have always thought that PCI is a really great beginning point, minimum requirements or best practices set of “rules”, but feel all to often, businesses halt any further tightening of their environments once PCI has been fulfilled.

PCI reminds me of gym class in high school – boys had to do 5 pull ups and girls had to do 2 pull ups. Most boys and girls did exactly that and nothing more while a few individuals did as much as they truly could do. PCI is not a destination, rather, it is a guide to assist a business in further tightening its environment.

The PCI DSS lifespan is pretty new and it is expected there is going to be continued growth and improvements, but as it stands now, there are too many holes and aspects left unchecked. The council better hurry to close these up or else face more “compliant” businesses becoming victim to breaches.

]]>