VISA had a presentation last week online to discuss this very question “PCI DSS Validation Process” We will get into the list shortly… First let’s discuss why one needs a validation process. PCI stands for Payment Card Industry and in fact the PCI standards organization is composed of Visa, Mastercard, Discover, American Express and JCB(Japan … Read more
So we all must have an Incidence response plan, which is only used after a computer security problem: Detect problem Investigate problem What type of the threat to the business? Does it rise to level of “Breach”? With significant legal disclosure requirements Did the attackers steal information/data? We know practice makes perfect, but how … Read more
So the Defense (also known as Blue team) has been inundated with spam, the goal of the spam(for the hackers) is for an unsuspecting user to give up their credentials(username and password). Hackers are always trying to get your usernames and passwords. Opening a word document? What if it included a small file that is … Read more
NIST 800-171 Compliance actually means DFARS Cybersecurity requirements must be met. The NIST 800-171 requirements have always vexed small manufacturers due to the specific wordiness, so the NIST (National Institute of Standards and Technology) has been trying to make this easier to understand with the following pdf: https://nvlpubs.nist.gov/nistpubs/hb/2017/NIST.HB.162.pdf This is an important paragraph: from pdf Executive … Read more
Outsourcing is good, since we cannot specialize in everything we can focus on sales or inventory instead of mundane tasks. So what is important and what is mundane? That depends on your business… most businesses are not a software company, so obtaining software needs by outsourcing may be smart. Then the question is should you … Read more