I’ve been saying for a long time now that compliance standards like PCI DSS 1.2 have created a marketing franchise for auditors instead of improving security. Empirical evidence of the past 2 years suggests that compliance focuses on meeting auditor requirements instead of assuring actual security of your systems and customer data assets. Here’s an …
Read more »Quantity or quality - that is the question! There is a great deal of debate between the supporters of quantitative risk assessment and the supporters of qualitative risk assessment in the security and compliance business. The qualitative people say that since it is impossible to estimate risk as an absolute number such as “87 percent …
Read more »I was working on an article on a holistic approach to data leakage, fraud and revenue leakage today. Spend most of my Sunday, reading and trying to summarize some of the work we’ve done with our telecom service provider customers in Israel and Poland. I came across a thread entitled What is the acceptable percentage …
Read more »