My newest information security poll on the PCI/DSS ended yesterday and it looks like we almost have a tie. Out of the thousands of votes (OK, maybe not quiet thousands but at least 10) the results were 55% said PCI was basically common security 101 and 45% said that it was complex and costly. There were 5 possible answe
- Too Complex 40%
- Easy to Understand 30%
- Too costly for most 20%
- Too time consuming 0%
- Basic Security 101 40%
So I guess it goes back to my original thought that the level of difficulty that PCI compliance involves depends on the shape of the network you are working with. Large or small if it is a poorly designed network you are going to have a struggle. If it is a securely designed network then your job will be much easier. The issue isn't understanding what is required it's putting the requirements into practice.
I'll have another poll soon. This week has been all audit all the time so I've not had a chance to think of another question and nothing in the RSS feed has jumped out at me. If any of you have any suggestions let me know. And lets get more involved with the process. Poll response has been less than steller. Consider it practice for the November election. :)