From: Paul Ferguson (fergdawgnetzero.net)
Date: Mon Aug 18 2008 - 22:15:37 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -- macwheel99wowway.com wrote:

>A company can buy some computer system and not install, or manage, it
properly.
I am more interested in whether they had any PCI audits or other security
audits, and what if anything the audits had to say about their state of
security preparedness.
>
>Here's what went wrong at TJX Max (click on preview to see document filed
>by
5/3 bank auditor AFTER the mess.) http://www.box.net/shared/ieae3qfqj9
>
> This is quite an eye-opener ... they had perfectly good computer systems,
>
but at some level of company leadership, there was no conception of their
security responsibilities, what it meant to be PCI compliant.
>

It was my understanding that (according to Evan Schuman at
StorefrontBacktalk):

"...Visa knew of the extensive security problems at TJX but decided to give
the retailer permission to remain non-compliant through Dec. 31, 2008,
according to documents filed in federal court Thursday."

http://storefrontbacktalk.com/story/110907visaletter

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFIqjrPq1pz9mNUZTMRAqdoAKDpV5otrGpjHtgAS+JhRfj9oE1IKACg5+PE
/MG2rjpCo5fDWheWt8yvjVY=
=E1p1
-----END PGP SIGNATURE-----

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/

_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]