"To add more pain to the breach, Network Solutions says it was PCI compliant at the time of the breach".
O que será que eles querem provar com isso? De qualquer forma o Bob Russo (General Manager do PCI Council) respondeu.
"Just because a company has passed its compliance validation, it doesn't mean that the need for vigilance of security measures should stop."
"Until a forensics investigation is completed, an organization can not comment accurately on its compliance status."
"Security doesn't stop with PCI compliance validation."
Mais informações em:
http://www.bankinfosecurity.com/articles.php?art_id=1660&rf=073109eb
http://www.careandprotect.com
Nenhum comentário:
Postar um comentário