If you had to start over how would you do it? The NIST (National Institute Science Technology) document is a good place to start http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-rev1-final.pdf Publication 800-37 Guide for Applying the Risk Management Framework to Federal Information Systems the document outlines how to set up a Risk Management Framework including partnerships with third party providers, … Read more
We have a dilemma when deciding how and when to patch the software we depend on. Not all vulnerability patches are built to fix the problems they were set to resolve without causing any other problem. Picture is from #TheHackerNews How do we resolve this while also realizing that the window to patch our software … Read more
The criminal hacker is out to get you – The auditors want you to have your paperwork in place. What is the real weak point that we need to focus on? http://www.scmagazine.com/compliance-with-requirement-11-in-pci-dss-drops/article/403249/ Security magazine discussed requirement 11 which is the test and validating all wireless access points. One must validate the wireless access point survey … Read more
http://blog.sucuri.net/ has an interesting post about “The Impacts of a Hacked Website” This is a good line: “We are learning the hard way, what large organizations already learned – being online is a responsibility and will eventually cost you something.” I now know that it was the Yoast Google Analytics plug-in that caused … Read more
PCI compliance has the basic settings for computer security but it will not ensure your corporation will be secure. For that to happen you must have personnel that implement security policies correctly, and it must be ingrained in all employees, as the weakest link is in our employee actions day after day. It is difficult … Read more
