From: B.K. DeLong (bkdelongpobox.com)
Date: Thu Sep 27 2007 - 15:50:15 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 9/27/07, James Ritchie, CISA, QSA <james_ritchiesbcglobal.net> wrote:
>
> Knowing what the PCI SSC has fined companies that are in
> non-compliance to the DSS is really not needed. Those that are found
> non-compliant will have some business drivers that are going to affect
> them. The fines that are levied effect the business bottom line. If
> they have lost their processing would severely handicapped earning
> potentials, effect the wallet of the management, and could be driven
> out of business. Divulging who these companies would affect their
> integrity and reputation if released, thus causing loss of business.

Very valid points. I'm not necessarily looking to out an organization
who has not already been the public victim of a security breach but
rather take many of the existing data loss examples in the Data Loss
Database and find out what the related PCI Co actions against the
companies were.

Yet another valuable data point - especially for other companies and
organizations that fall as merchants subject to the PCI DSS.

--
B.K. DeLong (K3GRN)
bkdelongpobox.com
+1.617.797.8471

http://www.wkdelong.org Son.
http://www.ianetsec.com Work.
http://www.bostonredcross.org Volunteer.
http://www.carolingia.eastkingdom.org Service.
http://bkdelong.livejournal.com Play.

PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5 A62D AF61 15FF 297D 67FE

FOAF:
http://foaf.brain-stream.org
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]