Friday, June 12, 2009

Fun Reading on Security and Compliance #16

Instead of my usual "blogging frenzy" machine gun blast of short posts, I will just combine them into my new blog series "Fun Reading on Security AND Compliance." Here is an issue #16, dated June 11, 2009 (read past ones here).

This edition of dedicated to PCI DSS: stop whining – start securing.

Today’s security reading actually has one topic only: “QSA” lawsuit. It is covered and debated in the following pieces:

  1. Security Assessor Sued in CardSystems Breach: Merrick Bank v. Savvis” (David, suit copy linked)
  2. Don't Sue Me, Sue the Auditor
  3. Audits Show Things At a Moment in Time; Silly To Sue For Breaches That Happen 1 Year After Audit Conclusion?
  4. Ex-"QSA" Sued over CardSystems” (from Branden)
  5. Merrick Bank vs. Savvis: What can I say?
  6. Data Breaches, Lawsuits, and Auditors - Oh My!
  7. Security auditor gets sued
  8. Why suing auditors won't solve the data breach epidemic
  9. Dangerous Times for PCI Regulations, Auditors
  10. QSA Liability – CardSystems and court precedence
  12. Finally the juiciest bit: David’s analysis of the suit “Merrick Bank v. Savvis: Analysis of the Merrick Bank Complaint”


Possibly related posts:

Dr Anton Chuvakin