Hal Merritt wrote: > Here is compelling evidence why auditors should *never* be permitted to > make security 'requirements'. Never. Only see that due diligence is > done.
recent backbround on part of the issue Merchants unsecure, poll http://www.crime-research.org/news/28.12.2005/1723/ from above: A poll released by Protegrity Corporation, a provider of data security management solutions, found that Payment Card Industry Data Security Standard (PCI) compliance is severely lagging at merchants of all levels despite a growing Internet fraud rate. ... snip ... and discussion of a different part of the issue in this post that i frequently refer to as *security proportional to risk* http://www.garlic.com/~lynn/2001h.html#61 when we were originally talking about deploying what is now called e-commerce http://www.garlic.com/~lynn/aadsm5.htm#asrn2 http://www.garlic.com/~lynn/aadsm5.htm#asrn3 we discussed a number of requirements for operation of web merchants ... including things like requiring FBI background checks on all merchants a few past posts discussion the subject http://www.garlic.com/~lynn/2001j.html#5 E-commerce security???? http://www.garlic.com/~lynn/2001j.html#54 Does "Strong Security" Mean Anything? http://www.garlic.com/~lynn/aadsm21.htm#20 Some thoughts on high-assurance certificates http://www.garlic.com/~lynn/aadsm21.htm#34 X.509 / PKI, PGP, and IBE Secure Email Technologies ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
