Swing and a Miss: Target and the Council Respond standard
I happened upon the Council’s news page today and saw a couple of great attention grabbing headlines entitled, Time for Smartcards and PCI Council Responds to Critics. I found both of these interesting given the landscape of breaches we have seen over the last couple of months, but I found that both missed key points in their communication. Let’s start with the Council’s response. First, we should be clear. What Russo is saying is absolutely accurate. The majority of breaches that happen, including the Target one, happen due to basic security failures that are already covered in the standard. Go take a look at requirement 8.3 and 8.5.6.b which directly address the latest disclosures surrounding the event. I also agree ...
Continue Reading