[Info-vax] Variable declarations, was: Re: improving EDT
Kerry Main
kemain.nospam at gmail.com
Wed Nov 23 08:55:34 EST 2016
> -----Original Message-----
> From: Info-vax [mailto:info-vax-bounces at rbnsn.com] On Behalf
> Of David Froble via Info-vax
> Sent: 22-Nov-16 11:42 PM
> To: info-vax at rbnsn.com
> Cc: David Froble <davef at tsoft-inc.com>
> Subject: Re: [Info-vax] Variable declarations, was: Re:
improving
> EDT
>
> Arne Vajhøj wrote:
> > On 11/22/2016 4:04 PM, David Froble wrote:
> >> I've had two experiences that caused me to throw in the
> towel and do
> >> whatever people wanted.
> >>
> >> 1) I mentioned to a customer that storing credit card data
and
> >> checking account data with no protection on an IIS server
> wasn't a good idea.
> >> The response: "why not, everyone does it".
> >
> > One word:
> >
> > PCI-DSS
>
> Ayep! And, PCI isn't about security, it's about the credit
card
> companies wanting someone else to be responsible when stuff
> happens.
>
> >> 2) While discussing security with another customer I was
told
> "my
> >> boss doesn't care about security".
> >
> > Unfortunately that happens.
>
> Ayep!
>
Based on this conversation, this is a timely article from earlier
today:
How to Protect the Encryption Keys to Your Kingdom
http://bit.ly/2g3fxw4
"Tatu Ylönen, CEO and founder of SSH Communications Security, was
clearly frustrated as we talked over lunch. “Why can’t I get
through to them,” he asked, almost rhetorically. Ylönen was
expressing a level of dismay common in the security industry.
Getting senior management to invest in security can be a daunting
task."
Original will wrap:
http://www.eweek.com/security/how-to-protect-the-encryption-keys-
to-your-kingdom.html
Regards,
Kerry Main
Kerry dot main at starkgaming dot com
More information about the Info-vax
mailing list