-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anton Chuvakin wrote: >> same answer: "I don't participate in security theater." I think this > > First, I am amazed how people so intelligent can hold opinions so > shortsighted :-)
I unquestionably stand by my assertion that PCI DSS is pure security theater at its worst. Perhaps you do not understand the concept of "security theater"? In simple terms, security theater is trying to make something appear secure that is not. I never said that for organizations that had less than zero clue about security, it didn't make the organizations ever so slightly more secure. However, it is these security clueless organizations that "pass" PCI DSS, and now think that they are secure, that is the worst possible example of where PCI DSS fails. It is simply a stamp that leads organizations into a false sense of security -- security theater! PCI DSS is to information security what the TSA is to airport security. Both are clueless and nearly useless. Would we notice if either went away tomorrow? From the security perspective, I seriously doubt it. Jon Kibler - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-224-2494 s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAknIsY8ACgkQUVxQRc85QlPWIQCdGJCZxN6Gww3XvX8CFISjFIaf FfcAnA5EblMW3926/yNiuFcAYFzzUVYu =IGa6 -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
