On 31 Jan 2012, at 22:34, Gavin Hamill wrote: > PCI-DSS gets a lot of bad press (mainly for the genius of the card > industry for being able to shift the risk to every merchant on the > planet) but is generally founded in common sense. The problem tends to > be with auditors who have a long list of boxes to tick and remarkably > little IT / networks understanding.
Furthermore auditors make more money by failing you than trying to understand what you have really done to secure the devices in scope. Finding a good auditor is the most important step in any PCI/DSS undertaking. Thomas
