* Posts by Deborah Berchem

1 publicly visible post • joined 17 Apr 2008

Regulatory compliance 'irrelevant' to security

Deborah Berchem

Really, doesnt cover ALL Compliance?!?!

Here in the US we have companies that really do believe that they are secure and that they will never have a breach, and PCI is their rule stick.

I deal with persons everyday that tell me that they are compliant, I know they have no clue, and as of Nov. 1 we will be separating the wheat from the chaff.

PCI does not protect you from having a CSO, matter of fact that is one of the new rules that are being implemented, there is no added cost since the CSO can be a person already in your company, they just need training on how to recognize potential threats, and to be listened to when they bring up critical areas for a potential breach.

The problems are not with FACTA, PCI or any other regulation, it is with implementation of the regulations, and this is NOT an IT problem it starts with the CEO's and the board rooms, and the new regulations put the responsibility right where it needs to be, if the business is not compliant and they haven’t trained their employees, then the board and CEO's are looking at civil and criminal liability.

The sooner businesses realize that this is not a joke, and that they need to be compliant the sooner that the consumers will be protected; I can’t wait to hear the explanations from them when they have a breach after Nov. 1, 2008.

That is called "willful non-compliance" they will be twisting in the wind, while the IT people will be saying "told you so", if the CEO doesn’t listen, document that you informed them, and wait, until they (CEO's) listen you are wasting your good breathe.