Toxic assets
Forrester just started calling lost credit card numbers “toxic asset”. Since when is data that is publicly available toxic?
Compliance franchise or real security
I’ve been saying for a long time now that compliance standards like PCI DSS 1.2 have created a marketing franchise for auditors instead of improving security. Empirical evidence of the past 2 years suggests that compliance focuses on meeting auditor requirements instead of assuring actual security of your systems and customer data assets. Here’s an […]
