[Dataloss] Obtaining PCI Co sanction info through legal discovery
B.K. DeLong
bkdelong at pobox.com
Thu Sep 27 20:50:15 UTC 2007
On 9/27/07, James Ritchie, CISA, QSA <james_ritchie at sbcglobal.net> wrote:
>
> Knowing what the PCI SSC has fined companies that are in
> non-compliance to the DSS is really not needed. Those that are found
> non-compliant will have some business drivers that are going to affect
> them. The fines that are levied effect the business bottom line. If
> they have lost their processing would severely handicapped earning
> potentials, effect the wallet of the management, and could be driven
> out of business. Divulging who these companies would affect their
> integrity and reputation if released, thus causing loss of business.
Very valid points. I'm not necessarily looking to out an organization
who has not already been the public victim of a security breach but
rather take many of the existing data loss examples in the Data Loss
Database and find out what the related PCI Co actions against the
companies were.
Yet another valuable data point - especially for other companies and
organizations that fall as merchants subject to the PCI DSS.
--
B.K. DeLong (K3GRN)
bkdelong at pobox.com
+1.617.797.8471
http://www.wkdelong.org Son.
http://www.ianetsec.com Work.
http://www.bostonredcross.org Volunteer.
http://www.carolingia.eastkingdom.org Service.
http://bkdelong.livejournal.com Play.
PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5 A62D AF61 15FF 297D 67FE
FOAF:
http://foaf.brain-stream.org
More information about the Dataloss
mailing list