[Dataloss] Obtaining PCI Co sanction info through legal discovery

B.K. DeLong bkdelong at pobox.com
Thu Sep 27 20:50:15 UTC 2007


On 9/27/07, James Ritchie, CISA, QSA <james_ritchie at sbcglobal.net> wrote:
>
>  Knowing what the PCI SSC has fined companies that are in
>  non-compliance to the DSS is really not needed.  Those that are found
>  non-compliant will have some business drivers that are going to affect
>  them.  The fines that are levied effect the business bottom line.  If
>  they have lost their processing would  severely handicapped earning
>  potentials, effect the wallet of the management, and could be driven
>  out of business.  Divulging who these companies would affect their
>  integrity and reputation if released, thus causing loss of business.

Very valid points. I'm not necessarily looking to out an organization
who has not already been the public victim of a security breach but
rather take many of the existing data loss examples in the Data Loss
Database and find out what the related PCI Co actions against the
companies were.

Yet another valuable data point - especially for other companies and
organizations that fall as merchants subject to the PCI DSS.

-- 
B.K. DeLong (K3GRN)
bkdelong at pobox.com
+1.617.797.8471

http://www.wkdelong.org                    Son.
http://www.ianetsec.com                    Work.
http://www.bostonredcross.org             Volunteer.
http://www.carolingia.eastkingdom.org   Service.
http://bkdelong.livejournal.com             Play.


PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5  A62D AF61 15FF 297D 67FE

FOAF:
http://foaf.brain-stream.org


More information about the Dataloss mailing list