Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Cyber Monday Sale! Courses ranging from coding to project management - all eLearning deals 25% off with coupon code "CYBERMONDAY25". ×

Comment Re:PCI Compliance? (Score 3, Interesting) 402

Not exactly. Any business that processes credit cards has to be PCI compliant. That means truncating the credit card number or encrypting it. So any company that give the DHS access to unencrypted credit card numbers no longer PCI compliant and is liable for damages in the event of a breach (which this may be).

Comment The GLBA is a GOOD thing (Score 1) 184

I'm working for a company that falls under the Gramm Leach Bliley Act, and think that it's a good standard. Let's face it, without some laws in place, most companies don't care squat about security. The law probably doesn't go far enough, but companies that don't do anything can now get screwed in lawsuits like these. That's a good thing.

The result of the law going into effect is pressure from up-on-high in the company to be in compliance with the law and gives justification to spend money on people and equipment/software/etc. Another company I worked at wouldn't even spend money for firewall software, because management dismissed IT's cost/benefit justification. If it didn't directly contribute to sales figures, it didn't happen. I'm glad I'm not there anymore.

Now, IT security is talked about at all levels, from IT all the way up through management. The question is asked and discussed "Is the sensitive information adaquately protected?". Having the GLBA as the hidden hammer, gives the question a lot of weight. And it's made a difference, with a lot more thought being put into it. Any planning does have project time and resources set aside specifically for security. There's actually time to audit and review existing equipment, and authorization to change any blatant findings.

Is it perfect? Well, no. More time and money could certainly be used. But the effort put into it certainly exceeds the bar that the GLBA provides. I do admire the company for that.


Machines certainly can solve problems, store information, correlate, and play games -- but not with pleasure. -- Leo Rosten