top of page

FTC Demands Info From PCI Auditors

The PCI DSS process is about to get more complicated and compliance is going to be harder to obtain – and frankly that’s a good thing.  Moving compliance efforts closer to real security efforts benefits the protection of data.  Making compliance something to obtain, and not simply purchase, will create ownership and buy-in in the compliance process.  Buy-in often leads to understanding which in turn can lead to valuing the effort and target outcome.

I look forward to seeing a few more teeth added to the PCI DSS, even if it takes the creation of a little kicking and screaming by the FTC.

1 view

Recent Posts

See All

Rethinking Software in the Organizational Hierarchy

I very much enjoyed this article from Pieter Danhieux via Dark Reading and this creative approach to the management of applications and hierarchical security. The concept of least privilege and the d


bottom of page