There are a lot of organisation who think they are compliant with the controls in the PCI DSS, but really aren’t. There are even more that were compliant at a point of time in the past, but aren’t now. But let’s for the moment assume that an organisation really is compliant with the 6 objectives,…
We have the best hardware. We have firewalls from more than one vendor. We have anti-virus appliances at the gateway. We have excellent logging capabilities. We’ve just implemented a data loss prevention solution. And we’ve had the smartest engineers hook it all up. Of course we are secure, our vendors told us so! If you…
We don’t need to worry about security because we’ve outsourced it. I’ve increasingly heard this from clients, so clearly many large businesses believe it to be true. As this myth is quite pervasive, it needs more analysis: what do our clients mean by “security”, what do they mean by “outsourced”, and why have they taken…