Date sent: Fri, 03 Apr 2009 23:18:00 +0100 (BST) From: Drsolly <[email protected]>
> The logic is impeccable. PCI DSS is only concerned about data kept in > electronic form. By using pencil and paper, he remains PCI DSS compliant. I agree that, in terms of compliance, the logic works. It reminds me of ISO27k in that regard: if you are troubled by any particular vulnerability, and don't want to fix it, just ask to have it (or related system) removed from scope ... ====================== (quote inserted randomly by Pegasus Mailer) [email protected] [email protected] [email protected] Beware of all enterprises that require a new set of clothes. - Henry David Thoreau http://victoria.tc.ca/techrev/rms.htm http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade http://blogs.securiteam.com/index.php/archives/author/p1/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
