Is PCI Working? standard
I was asked this question while sitting on a panel at RSA, and I think the answer depends on your perspective. I’ll answer this from a security industry perspective. If nothing else, you have to credit PCI with forcing the issue. Security among retail enterprises was generally limited to loss prevention and physical security until recently. Information security usually existed as a small and buried team within the Information Technology group, and did not have board level attention. If someone at the board was savvy enough to realize that security reporting to IT is an example of the fox guarding the hen house, then maybe they moved security into Internal Audit. Now we are seeing a massive amount of development ...
Continue Reading