ProPay Data Security Summit: a day 1 summary
Event attendance is an intriguing experience. If you have not heard the term “backchannel”, let me explain…rather, let me link to something on the subject. Read that, or at least the intro, and return…I don’t mind waiting.
To me the backchannel is not only enabled by technology, but occurs around coffee tables and in the halls and in the murmurs during presentations. Sometimes, it is in these backchannel communications that the most can be learned. This conference is slightly different. Although the backchannel is still vibrant and intriguing…the Q/A sessions, panel discussions, and boldness of attendees have thrust much of the backchannel conversations to the forefront.
And the topic du’jour has been “How do I decrease compliance scope?”
The discussion has been lively, heated, and quite interesting. But, for now, I’m going to leave it sit as tomorrow’s sessions prove to have similar discussions and capturing the entirety of the feelings of attendees is important in addressing the issue holistically.
I will acknowledge that my role in a Platform company provides me with a unique perspective on the issues of security & compliance. Perhaps it is because of this perspective that I was extremely surprised that the concept of PA DSS and its impact on PCI was never discussed. In fact*, I only heard the term “PA DSS” mentioned 3 times in total.
Tomorrow’s sessions include Bob Russo, PCI Security Standards Council and Tia Ilori, Visa so it will be interesting to see if the subject is raised.
As an interesting aside, there was a presentation from Matt Sarrel (Sarrel Group) that represented the first primary research, that I have seen, that attempts to quantify the impact of a data breach on market capitalization. I will need to spend some additional time with the datum to parse it in full detail, but I found the session extraordinarily interesting and well researched. As I posted on twitter:
Losses due to breach indirectly proportional to the market cap of the company breached. aka. small company + big breach = big decline
I will continue to tweet from the event tomorrow, and am happy to ensure any of your questions are asked…
What’s your perspective? Agree? Disagree? Anything to add? Critiques? The comment form is below…
* And I may have missed a mention or two
March 9, 2010