Good CYA guidance
by Volker Weber
Jesper Jurcenoks, CTO of NetVigilance, a network vulnerability testing company, says 60% of businesses fail their PCI audit for one reason: they have no information security policy written down. So grab some paper and start from the basics, like “lock the door at night.” Then detail who can access data, define daily operational security procedures, and keep writing down policies.