Thursday, February 22, 2007

TJ Maxx security lapse, PCI, and business value

eWeek has an article on TJX and its disclosures coming in bits and pieces. While the article has interviews from several industry fellows that indicate PCI compliance as the"ultimate" solver of the data theft problem, I honestly believe that many corporates use such "compliance" requirements to their disadvantage by being narrowly focused. All they want to do is get it out of their way so they have a stamp or seal from an "approved" PCI vendor. Proving that you meet 12 requirements in 6 areas is not going to bring value, but leveraging that and going the extra mile is what brings value. Hear again for the n'th time: "Compliance is not the end game! Leveraging compliance to support your business processes and bringing in shareholder value is".

2/22/2007 12:47:00 AM