Having been in a somewhat similar situation AND responsible for InfoSec and Compliance (minus the firing) at one of the "Big 4" card companies who mandates the PCI compliance, it saddens me that large risks are swept under the carpet. Knowing what I do, having witnessed several CISSP/CISM/CISA-certified personnel turning a blind eye or simply shrug for the sake of a year-end bonus makes me want to vomit. Ethics? When tied to a dollar amount, you'd be amazed how they fly out the window. Risk seems to magically disappear! The customers no longer matter.

It saddens me that there is a lack of interest or leadership within TJX to have overlooked the concerns of an employee with "security 101" quick fixes; especially after the largest breach.

But this is nothing new. Is it?

Perhaps with the governmental administrative changes forthcoming, the dawn of a new Security area will surface. We can only hope.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11520/35296#35296