Sunday, 24 June 2007

I don't understand

I don't understand the lack of focussed PCI DSS related sites on the internet. Considering the depth of the requirements and the coverage area that it can have on organisations' network systems and business processes, I would have thought that there would be a lot more.

There is the following dedicated site:-

PCI Answers

which is a good source of general info. I like it (and contribute when relevant) because it discusses the underlying issues linked to PCI DSS and not just individual aspects. Even so, I wouldn't say that it is heavily used (although it may be heavily read, I guess).


I've found the following forums:-

PCI Answers Forum
PCIFile Forum

which do not have that many members and no where near the traffic I would have expected.

There is also the following Yahoo Group which has very low traffic:-

PCI Standards

However, even all these together don't get anywhere near what I would have expected. I have Googled for others, no dice. I have tried Technorati and although there are many individual posts relating to PCI DSS, no dedicated sites.

Perhaps this is because PCI DSS is considered "just another compliance requirement". I'm not sure about that because then you would expect more chatter on generalised forums and communities like Security Catalyst Community . This is a very good all round community site with some exceptionally talented people on it. However, I posted a question about PCI DSS a while back and got one reply.

I don't get it. Maybe I'm missing something but I think PCI DSS is a bigger deal than this.

Posted by Andrew Mason at 11:19

Subscribe to: Comment Feed (RSS)