tag:blogger.com,1999:blog-28884111.post135651818181724778..comments2023-10-17T12:05:05.254-04:00Comments on Barry Rubin Technology Talk: Credit-card security standards questioned, survey says – I DO NOT AgreeBarry Rubinhttp://www.blogger.com/profile/09070528487422438138noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-28884111.post-43604793121888115632009-10-01T12:26:39.835-04:002009-10-01T12:26:39.835-04:00The point is that proper Information Security is a...The point is that proper Information Security is a superset of compliance. Attaining PCI (or HIPAA or SOX) compliance does *not* mean that your environment is secure, even if it is better than it was before you engaged in the compliance initiative.<br /><br />Sometimes, organizations are more willing to be complaint than they are to be secure, and this does them no good in the end.<br /><br />See: <a href="http://home.asbzone.com/ASB/archive/2009/03/12/the-compliance-trap.aspx" rel="nofollow">The Compliance Trap</a><br /><br />-ASB: http://xeesm.com/AndrewBakerASB https://www.blogger.com/profile/06879354960197316417noreply@blogger.com