Bob Carr: “QSAs let us down.” And Things Never Heard by a QSA standard

Bob Carr was recently quoted in a Computerworld article saying that QSAs let [Heartland] down. Of course, he is not referring to his most RECENT QSA, but I’m sure that was an editorial change to make the story more interesting. The article is a fantastic read, but also slightly humorous in nature. I’m going to leave Heartland’s situation out of this post, and look at how other companies that have dealt with breaches. If you want to see what others are saying, check Rich Mogul, Mike Rothman, and Andy Willingham. Nearly every company I have worked with suddenly “Gets Religion” after a breach. Prior to it, security is not top of mind, therefore things like PCI become burdensome as opposed ...
Continue Reading