Joel Folkerts wrote on 8/12/09 3:04 PM: > I would explain to management that PCI is simply a least common denominator > and should not be treated as the end-all, be-all to information security. > PCI merely attempts to address a minimum set of criteria that will mitigate > a large portion of the threats that your organization is facing. That being > said, it's unrealistic that any accreditation be able to address every > threat.
You run the risk of having a conversation like the waitress and her manager in Office Space at this point: if the minimum is 5 pieces of flair, and I have 5, but you want me to be more like Brian, I should wear more, yeah? No, I'm just saying that if you're happy with the minimum... at that point, management says "yes, we are, thank you for your opinion but we're happy with 5 pieces of flair, now go do your job." Mike _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
