|
Full Disclosure
mailing list archives
Re: Compliance Is Wasted Money, Study Finds
From: Valdis.Kletnieks () vt edu
Date: Wed, 07 Apr 2010 17:29:37 -0400
On Wed, 07 Apr 2010 14:06:41 PDT, Tracy Reed said:
On Wed, Apr 07, 2010 at 12:43:47PM -0400, Valdis.Kletnieks () vt edu spake thusly:
Whether said checkbox is actually the best solution *for the actual problem*
is the issue. I've seen cases where checkbox auditors insisted that a
certain critical system "absolutely positively *HAD* to have a firewall".
This is where compensating controls come in with PCI. If there is an
even better solution you are free to implement it.
Yes, the PCI "compensating controls" are overall a Good Thing. Unfortunately,
a lot of regulatory regimes don't see things that way yet. And it still
requires a clued PCI auditor who actually understands the real world enough
to deal with compensating controls.
Attachment:
_bin
Description:
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Compliance Is Wasted Money, Study Finds Ivan . (Apr 06)
- Re: Compliance Is Wasted Money, Study Finds Bert Knabe (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds John Morrison (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds Keith Tomler (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds Tracy Reed (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds Valdis . Kletnieks (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds Digital X (Apr 08)
- Re: Compliance Is Wasted Money, Study Finds Tracy Reed (Apr 10)
- Re: Compliance Is Wasted Money, Study Finds Nick FitzGerald (Apr 10)
- Re: Compliance Is Wasted Money, Study Finds Thor (Hammer of God) (Apr 10)
- Re: Compliance Is Wasted Money, Study Finds Valdis . Kletnieks (Apr 11)
Re: Compliance Is Wasted Money, Study Finds Mike Hale (Apr 22)
(Thread continues...)
|
