Yes, the small company cyber security basics are included in PCI (Payment Card Industry)compliance. There are 12 steps to compliance: Firewall maintenance Change your default passwords (and create a password policy) Protect stored cardholder data (if you are not developing software or have a website that you are developing – this may not be necessary) […]
A new Secure Software Requirements and Assessment Procedures was released v1.0 on Jan 2019. So if you are developing software for the Payment card industry either for an application on a website or for a retail location you have a new framework and software requirements standard. Developing software to capture credit card information (and use […]
Since a picture says a thousand words here is an attempt at explanation of Risk Analysis. The rows are “Impact on Environment”: none, minimal, minor, significant, major, critical The “Likelihood” or “Likely – what is % to happen” isĀ the columns: not likely, low, medium, medium-high, high, will happen. These are not “real” systems in […]
Is it better to focus on compliance or a on a framework system? I.e. PCI or HIPAA compliance versus ITIL or COBIT for example. There are more regulations coming so let’s add a couple of the US based ones. SHIELD(Stop Hacks and Improve Electronic Data Security) and CCPA(California Consumer Privacy Act). SHIELD – Stop Hacks […]
The Number 1 reason is: “We do not do an adequate job of patching and paying attention to security!” Again and again we can find reports and stories of entities not doing basic tasks: Above image is from Protiviti report Why are the basics not being done? Because a concerted effort to manage IT […]