PCI 2.0: Still Compromising Controls and Compromising Security presented at Defcon19 2011

by James Arlen, Jack Daniel, Joshua Corman, Dave Shackleford, Martin Mckeay, Alex Hutton,

Summary : Building on last year's panel discussion of PCI and its impact on the world of infosec, we are back for more- including "actionable" information. Having framed the debates in the initial panel, this year we will focus on what works, what doesn't, and what we can do about it.
Compliance issues in general, and PCI-DSS in particular, are driving security in many organizations. In tight financial times, limited security resources are often exhausted on the "mandatory" (compliance) at the expense of the "optional" (actual security). We will focus on the information needed to reconcile these issues, and encourage the audience to continue the discussion with us.