The potential for conflict of interest with the same person selling security equipment who is conducting the audit is poor. The only way around this is independent certification of security products to determine whether they are compliant as per PCI standards. The ONLY company which is doing this right now to my knowledge is NSS Labs (out of Chicago). NSS has a long history of security testing and certification and, more importantly, appears to be the ONLY independent security testing and certification facility which is truly independent (i.e. is not owned by or affiliated with a company with a vested interest in selling security products or managed services). One of the vendors we use is already going through the NSS PCI certification process and it look pretty good - will certainly be of use to us in the future when it comes to selecting security products to maintain our PCI compliance.
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
