Via @sec_prof Trouble determining PCI assessment scope? Open PCI Scoping Toolkit is here! 50+ PCI experts distilled - http://itrevolution.com/pci-scoping-toolkit/ …
-
-
Replying to @Wh1t3Rabbit
@Wh1t3Rabbit what a colossal waste of time and energy. no matter how you scope a PCI assessment, it is *always* smaller than attacker scope4 replies 4 retweets 1 like -
Replying to @attritionorg
@attritionorg@wh1t3rabbit Well, to many PCI assessors, the PCI scope of assessment is the entire enterprise. Foul! Overscoped!@sec_prof2 replies 0 retweets 0 likes -
Replying to @RealGeneKim
@RealGeneKim@attritionorg@wh1t3rabbit@sec_prof and yet… there is more (important stuff) the ENTERPRISE needs to protect than CardData.2 replies 0 retweets 0 likes -
Replying to @joshcorman
@joshcorman@attritionorg@wh1t3rabbit@sec_prof Precisely. Thus the need for concrete guidance on how to appropriately/correctly scope PCI2 replies 0 retweets 0 likes
@RealGeneKim Except there is no "appropriate" or "correct" scope. PCI scope is *always* smaller than the attacker's scope.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.