Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×

Comment Re:PCI Compliance? (Score 3, Interesting) 402

Not exactly. Any business that processes credit cards has to be PCI compliant. That means truncating the credit card number or encrypting it. So any company that give the DHS access to unencrypted credit card numbers no longer PCI compliant and is liable for damages in the event of a breach (which this may be).

Comment The GLBA is a GOOD thing (Score 1) 184

I'm working for a company that falls under the Gramm Leach Bliley Act, and think that it's a good standard. Let's face it, without some laws in place, most companies don't care squat about security. The law probably doesn't go far enough, but companies that don't do anything can now get screwed in lawsuits like these. That's a good thing.

The result of the law going into effect is pressure from up-on-high in the company to be in compliance with the law and gives justification to spend money on people and equipment/software/etc. Another company I worked at wouldn't even spend money for firewall software, because management dismissed IT's cost/benefit justification. If it didn't directly contribute to sales figures, it didn't happen. I'm glad I'm not there anymore.

Now, IT security is talked about at all levels, from IT all the way up through management. The question is asked and discussed "Is the sensitive information adaquately protected?". Having the GLBA as the hidden hammer, gives the question a lot of weight. And it's made a difference, with a lot more thought being put into it. Any planning does have project time and resources set aside specifically for security. There's actually time to audit and review existing equipment, and authorization to change any blatant findings.

Is it perfect? Well, no. More time and money could certainly be used. But the effort put into it certainly exceeds the bar that the GLBA provides. I do admire the company for that.

Danny

Basic is a high level languish. APL is a high level anguish.

Working...