Israeli Software

Not every threat can be mitigated by buying a piece of technology

I noticed this week that one of the better known application data security and compliance vendors is promising PCI DSS 1.1 Compliance if you just buy their product. Well....let's see - their product doesn't do anything about locating payment card data, encrypting or masking. Back in the days of PCI DSS 1.0 there were no requirements for database application firewalls but in the DSS 1.1 spec, it's mentioned as an optional control.

I guess we have to be careful about buying technology before assessing risk.

The PCI standard combines best practices from the card associations. It tells retailers exactly what they need to do to be secure, without telling them where to start and how to prioritize threats against vulnerabilities. The standard does not consider how to balance the value of retailer payment data assets against his cost of implementing the security controls specified in the standard.

Read more on my article at How to do a PCI DSS 1.1 self-assessment the right way

It's Erev Yom Kippur now and we're getting ready to eat lunch - which means I have about 5' to knock out a blog entry.

This year I started reading one chapter a day of the Rambam Hilchot Teshuva during the ten days of repentance from Rosh Hashana to Yom Kippur. Wednesday morning, I read chapter 7 - the second halacha says that a person should always consider today his last day on earth - and therefore he should correct his ways (perform teshuva) now - not putting it off to Yom Kippur or any other time in the future.

This is an amazing thought because of it's implications on how we run our lives and how we manage time. I am not sure I personally can do such a great job - but it least - the Rambam has put our priorities in the right place.

Gmar Hatima Tova!