Further more if its a publicly traded company the board of directors and the stock holder have a right to sue every one with a C(E, I, T, etc)O title for damages if they don't do their "Due Diligence" just for that reason when my company hired a new CIO his first order was he wanted a full security audit of every thing including a full pen test. Let me tell you when you work for a multibillion dollar international corporation with many subsidiaries that's a nightmare but every one understands why he wants it so none of the people coordinating it are complaining.
-- Sent from my HP Pre3
On Apr 11, 2014 23:54, ToddAndMargo <toddandma...@zoho.com> wrote:
On 04/10/2014 07:45 AM, Paul Robert Marino wrote:
> Keep in mind PCI compliance is a CYA exersize more than any thing else.
Hi Paul,
I tell my customers it is not about security, it is
about liability shifting. From the card processor
to you. That gets their attention. If they can't
prove "Due Diligence" they might as well declare
bankruptcy.
Still, most just blow it off. And it is the Law in
this state (Nevada) too.
And, I am getting really tired of quoting the SAQs (self
assessments questionnaires) to card processors. The
one shining light is Pay Pros, who are deadly serious
about it. Love working with them.
-T
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
