The True Price of Being Hacked [??]
PCI DSS only exists to protect the card issuer and the bank. It transfers risk to the merchant.
What would be really interesting is how much the PCIDSS fines are. I suspect that they are not very much and I suspect that they are rarely enforced. It's all about reputation: Sony = big deal. Bikesonline site (hacked recently, lots of losses) = not so big.
I wonder what else happened to deliver the drop in card fraud. chip and pin? that's not in my interests as any loss incurred through chip and pin is now my liability, whereas it used to be the bank.
chin chin
@infosecchap
UK government says it can attract and retain the cyber defence skills it needs
The whole problem here is that HMG don't pay the same as industry. A
CLAS, CHECK or similar contractor can command around £700 per day.
That's about £140K just for following orders. Even as a permie the
salaries are in the £50 to £80K range. A reasonable amount when you
consider that this is about what a Senior Civil Servant grade gets at
Grade 7 and above.
I thought that GCHQ/CESG were getting into
bed with the BCS and IISP to professionalise the industry. They should
be using that in their internal teams
@infosecchap
Business survey shows ballooning security budgets
Security and information assurance has to becone a commodity item.
Security As A Service. Pen testing over t'web and managed offerings are
what it's all about. There are no end of vendors who do this: Vistorm
(before it dissolved into HP) and Integralis for example.
As time moves on, the technology gets more sophisticated, costs get
reduced and we outsource. We are always playing catch up, but being
smarter means spending less and being more focussed.
chin chin
infosecchap
No comments:
Post a Comment