NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 CIO BlackBerry News and Tips
 CIO Research and Analysis
 CIO Microsoft
 CIO Insider
More Newsletters | Edit Profile
 
RSS Feeds »
 
 
SUBSCRIBE TO CIO
 
Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

Subscription Services »
Reprints »

 


Thu, Oct 29, 2009 6:29 EDT

PCI Compliance Does Not Equal Security

Anonymous user

Posted by: Anonymous in Best Practices

Topic: Enterprise Management

Current Rating: 5 Comment: 1

I recently saw an article entitled Compliance is the New Security Standard. The basic thesis of the blog post was that since companies have to spend money on compliance, they might as well spend the money once and rename the effort “security”. This is an interesting notion – although perhaps “placebo security” might be a cheaper approach. Compliance is not equivalent to security for several fundamental reasons…

http://information-security-resources.com/2009/10/28/pci-compliance-does-not-equal-security/

You do not have flash or javascript support.
Average (1 vote)
5
comment icon Reply
 
All Comments Comments
 
Thu, Oct 29, 2009 14:27 EDT
Setting the record straight
Anonymous user
Posted by: Anonymous
Rating:

It's always gratifying when a blog post gets noticed, and I should be flattered since the author above (listed as Anonymous; his name is Danny Lieberman) has commented on my blog post at different sites at least five times! Each time, however, he's misrepresented the content of the blog post. Normally I don't respond to comments to my blog, but in this case I need to set the record straight.

First, he gets the title wrong. The blog article is entitled "Is Compliance the New Security Standard?" (a question), not "Compliance is the New Security Standard" (an assertion). If someone can't cut and paste a title correctly, what are we to think of how they relate the content of the article?

As the opening paragraph of my article makes clear it's a continuation of a discussion from the "Cornerstones of Trust 2009" conference which I had attended a day earlier. Here's the blog summary (taken from the content of the article):

"Given the compelling case for securing the enterprise, why do CEOs fail to invest more in security solutions? Does this simply represent a failure of IT and security staff to make a compelling business case? Or are the CEOs in fact being short-sighted?"

Nowhere in my article do I imply, as stated above, that since companies have to spend money on compliance, they might as well spend the money once and rename the effort “security” -- as stated above. You be the judge: read the blog post yourself at http://www.cloud-compliance.com/blog/bid/27935/Is-Compliance-the-New-Security-Standard.

Lieberman says in another comment that I'm "selling snake oil". Of course bloggers like to be controversial to get read, but I would suggest that getting ones facts right is far more important.

If we want to have an honest discussion of an important topic, let's make it fact-based. You may disagree with my hypothetical CEO perspective; you may disagree that compliance provides a liability shield; you may disagree with the Ponemon study regarding the cost of a data breach; and you may disagree that compliance spending is a factor in making security spending decisions. But please don't intentionally misrepresent the points made and smear the author with "snake oil" insults. That doesn't get us any closer to understanding issues around an important topic -- a topic with no easy answers as evidenced by the thoughtful discussion among security professionals at the "Cornerstones of Trust 2009" conference.

- Robbie Forkish

You do not have flash or javascript support.

Post new comment

* Subject:
* Username:
* E-mail:
The content of this field is kept private and will not be shown publicly.
Homepage:
* Body:
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <blockquote> <strike> <p> <br>
  • Lines and paragraphs break automatically.
More information about formatting options

* Denotes required field.
Hot Conversations

So Long, SAP's Leo Apotheker, We Hardly Knew Ye

Posted by Thomas Wailgum in News | 5 comments

Ex-Microsofties Look Back in Anger

Posted by Shane ONeill in News | 4 comments

The Price of IT Outsourcing

Posted by Beth Bacheldor in Best Practices | 2 comments

The iPad and Netbooks: Comparing Them Is Stupid

Posted by Shane ONeill in News | 1 comments

Enterprise IT's Top Enemy: Its Own Arrogance

Posted by Thomas Wailgum in News | 10 comments

Start a Conversation
Click to post

Got something to say? We want to hear it! Click the Post button to get started. GO»

EXPERT ADVICE
See our roster of experts.

Advice & Opinion from more than 115 of IT's most insightful thinkers.

  PARTNERS       WEBCASTS    
 

Windows 7 Webcast Series

There's a lot of buzz about Windows 7 out there. Each month in our webcast series, listen to analysts and customers discuss how Windows 7 and the Windows Optimized Desktop is impacting large companies around the world. Learn how they evaluated Windows 7, including the cost of deployment, deployment strategies, and tangible benefits.

Sponsored by Microsoft  Listen to on-demand Recordings »

 

A Framework for Better Application Delivery

The complexity of application delivery is driven in part by the evolving applications environment. Instead of approaching application delivery from a siloed fashion, this handbook looks at end-to-end guidance and discusses the impact of ignoring the WAN, Web apps that are chatty, data center consolidation, SaaS, Web 2.0 and virtualization.

Sponsored by Riverbed  Read this White Paper »

 

Microsoft® Exchange 2010 includes archiving - but is it enough?

Microsoft® Exchange 2010 includes basic email archiving. But many organizations will find that it does not meet their requirements. This paper describes why organizations need to archive, what capabilities Exchange 2010 includes and why 3rd party archiving solutions will be necessary for most organizations.

Sponsored by Google, Inc.   Read this White Paper »

More Partners »
Resource Alerts

Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.

More Podcasts »
Resource Alerts

Get instant email notification when white papers, webcasts, and case studies are added to our library. Don't just be up-to-date—be up to the minute with our new Resource Alerts.

Enterprise Capture: Your Onramp to Business Process Automation

Today more than ever companies are seeking to reduce costs and...  View Now »

 

The True Cost of Legacy Systems

How well are you maximizing existing software assets? This webcast reveals the results of a commissioned study on top migration and modernization priorities for IT leaders.   View Now »

 

How To Maximize Your Virtualization Strategy and Deployment

Join award-winning technology journalist Stan Gibson in this webcast as he discusses how to enhance your virtualization strategy with the ROI, planning, implementation and platform advice. Exploit the business benefits of virtualization and successfully expand your current deployment.   View Now »

More Webcasts »
Resource Alerts

Get instant email notification when white papers, webcasts, and case studies are added to our library. Don't just be up-to-date—be up to the minute with our new Resource Alerts.

 
NEWSLETTER

Sign-up for the Blogs & Discussion Newsletter




*Required fields

By clicking the sign-up button, you agree to the Privacy Policy.

View all newsletters »

 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Manage limitless content todayread EMCs 15-minute guide to ECM.

HP Exstream. Get a Free Document Assessment for Financial Services.

Take the Netezza TwinFin TestDrive!

Webinar: Jump-start your in-house e-discovery with Ringtail QuickCull from FTI Technology

Let Progress Software help your business make progress.

Best Practices to Reduce IT Operational Costs

Real-world testing ranks Trend Micro #1 against malware. See results.

Forrester: The real-world financial impact of Windows 7

Turn your desk phone and mobile phone into one with Sprint Mobile Integration.

Maximizing efficiencies with unified communications.

Stay informed with custom newsletters from Tech Dispenser

Selecting the Right Reporting Technology

An IT Leadership Action Plan for the Economic Recovery

Consolidate data centers and lower IT service costs. Learn How.

WAN optimization techniques significantly improve application performance. Read More.

The Revolution and Evolution of Private Cloud Computing

ROI of Application Delivery Controllers

Cut Costs & Green Your IT Operations with PC Power Management

Enterprise Capture: Your Onramp to Business Process Automation

Adobe® LiveCycle®solutions for intuitive user experience

Unlocking the Mainframe: Modernizing Legacy System to SOA

State of the Data Integration Market

Enhance Customer Loyalty through Higher Responsiveness

Achieving Business Agility with Application Grid

Seven Ways ITIL Can Help You in an Economic Downturn

Does your IDS really work? Find out with a free Endace Audit

Verint Systems. Discover the Power of Intelligence in Action"

CA ARCserve r12.5 is More Than Backup! Download Trial Version Today

Enterprise search helps employees get more done. Get the facts from Google.

See why ShoreTel is named best overall VoIP provider by Nemertes Research

Trend Micro ranked #1 against real-world malware. Read more.

AT&T Application Management & Hosting. Let us help you STRETCH

Microsofts new client operating system helped Pella reduce power consumption.

Efficiency goes up. Costs come down.

Dark Fiber from Sunesys Save on Unlimited Bandwidth with Fixed Costs.

Trend Micro ranked #1 against real-world malware. Read more.

Webcast: Solve Your Data Visualization Needs with Open Source BI

Webcast: Delivering the Enterprise-Ready Cloud

Ensure cost effective application delivery. Learn More.

Cloud Computing: The Impact CIOs See

What's Next for Enterprise Resource Planning?

Gartner Magic Quadrant, Application Delivery Controllers 2009

Global Research: CIOs Weigh In On Virtualization

Adobe® LiveCycle® solutions for business process automation

What's New in SOA Suite 11g?

Unleash the Power of Java with Oracle JRockit Real Time

SOA Best Practices and Design Patterns

Application Grid: Ideal Platform for IT Consolidation

Taking the Service Desk to the Next Level