Via @sec_prof Trouble determining PCI assessment scope? Open PCI Scoping Toolkit is here! 50+ PCI experts distilled - http://itrevolution.com/pci-scoping-toolkit/ …
-
-
@attritionorg I didn't write it... don't shoot the messenger. -
@Wh1t3Rabbit but you helped spread it. you think it is a good idea or support it in some fashion by the RT essentially
End of conversation
New conversation -
-
-
@attritionorg@Wh1t3Rabbit But if a tool or process is the difference between incrementalism and stagnation is it not an improvement? -
@TomSellers@wh1t3rabbit Find yourself naked in the Alps. Someone hands you a pair of socks. IMPROVEMENT. -
@attritionorg@wh1t3rabbit I've been in situations where the only choices were a half measure vs no measure. -
@TomSellers@wh1t3rabbit I argue you (or your boss) put yourself in the bad position if you had absolutely no other alternative. -
@attritionorg@wh1t3rabbit Not my call and I couldn't over rule it. Became a pattern of behavior. So I left.. -
@TomSellers@wh1t3rabbit Absolutely the right thing to do. The org clearly didn't care, why should you. -
@attritionorg@wh1t3rabbit .. due to consuming resources, false sense of security, and giving the impression that the problem is solved.
End of conversation
New conversation -
-
-
@attritionorg@wh1t3rabbit Well, to many PCI assessors, the PCI scope of assessment is the entire enterprise. Foul! Overscoped!@sec_prof -
@RealGeneKim@attritionorg@wh1t3rabbit@sec_prof and yet… there is more (important stuff) the ENTERPRISE needs to protect than CardData. -
@joshcorman@attritionorg@wh1t3rabbit@sec_prof Precisely. Thus the need for concrete guidance on how to appropriately/correctly scope PCI -
@RealGeneKim Except there is no "appropriate" or "correct" scope. PCI scope is *always* smaller than the attacker's scope.
End of conversation
New conversation -
-
-
@attritionorg@Wh1t3Rabbit@joshcorman the auditor is my attacker.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.