Instead of my usual "blogging frenzy" machine gun blast of short posts, I will just combine them into my new blog series "Fun Reading on Security AND Compliance." Here is an issue #16, dated June 11, 2009 (read past ones here).
This edition of dedicated to PCI DSS: stop whining – start securing.
Today’s security reading actually has one topic only: “QSA” lawsuit. It is covered and debated in the following pieces:
- ”Security Assessor Sued in CardSystems Breach: Merrick Bank v. Savvis” (David, suit copy linked)
- “Don't Sue Me, Sue the Auditor”
- ”Audits Show Things At a Moment in Time; Silly To Sue For Breaches That Happen 1 Year After Audit Conclusion?”
- ”Ex-"QSA" Sued over CardSystems” (from Branden)
- ”Merrick Bank vs. Savvis: What can I say?”
- “Data Breaches, Lawsuits, and Auditors - Oh My!”
- “Security auditor gets sued”
- “Why suing auditors won't solve the data breach epidemic”
- “Dangerous Times for PCI Regulations, Auditors”
- “QSA Liability – CardSystems and court precedence”
- "AUDITOR(S) TO BE HELD TO ACCOUNT? - CARDSYSTEMS AND SAVVIS"
- Finally the juiciest bit: David’s analysis of the suit “Merrick Bank v. Savvis: Analysis of the Merrick Bank Complaint”
Possibly related posts:
- All other security reading posts.