I hope people will educate themselves enough to understand the standard and how to apply it. Yes, the standard will change over time in response to industry needs, but it should not be rewritten to encompass every new technology.
You would think by many people’s reactions over the last couple of years that PCI DSS contained radical new approaches and ideas to good information security practice. More worrying when these views come from Information Security specialists.
I hope people will educate themselves enough to understand the standard and how to apply it. Yes, the standard will change over time in response to industry needs, but it should not be rewritten to encompass every new technology.
You would think by many people’s reactions over the last couple of years that PCI DSS contained radical new approaches and ideas to good information security practice. More worrying when these views come from Information Security specialists.