I'm really getting tired of all the conflicts in the world; there are conflicts everywhere. But there is one that does not get much press attention. You don't hear about this on Fox News, CNN or other media outlets, at least not yet. It's a secret conflict that for the most part, only has one side! Huh? you ask. How can a conflict only have one side? Well here is the latest conflict I am referring to: Trustwave acquires BitArmor. The conflict? Interest -- QSA's selling security solutions.
Thus far, the PCI Security Council has all but ignored the conflict of interest in QSA's selling security wares. I predict that this will eventually give PCI a big black eye. If I'm not mistaken, wasn't it similar conflicts that toppled Enron and WorldCom -- CPA's auditing the books as well as maintaining the books? I don't see much of a difference in this example with CPA's vs. QSA's for auditing security compliance while providing the security services and solutions being used.
My prediction is that these conflicts will make headlines in the near future. I have to imagine that if Heartland or TJ-Max were not only stamped as PCI compliant by their QSA, but were also relying on their QSA's products or services to become compliant, that this little conflict of interest would gained as much attention as the breach itself.
No comments:
Post a Comment