Failing to understand a security mechanism
Posted in Compliance, Security Architecture on Oct 31st, 2010
PCI DSS is a very interesting compliance framework. It may be very prescriptive describing exactly what to do but when you really understand it you see that it is mainly telling you what to look for in a mechanism and how to measure that it is actually effective. It is here that most companies fail. […]