ITSecurity Training

Small Company Cybersecurity basics: PCI Compliance!

Posted on

Yes, the small company cyber security basics are included in PCI (Payment Card Industry)compliance. There are 12 steps to compliance: Firewall maintenance Change your default passwords (and create a password policy) Protect stored cardholder data (if you are not developing software or have a website that you are developing – this may not be necessary) […]

Securitybreaches

Risk Analysis Gone Wrong?

Posted on

Since a picture says a thousand words here is an attempt at explanation of Risk Analysis. The rows are “Impact on Environment”: none, minimal, minor, significant, major, critical The “Likelihood” or “Likely – what is % to happen” isĀ  the columns: not likely, low, medium, medium-high, high, will happen. These are not “real” systems in […]

securitycompliance

Compliance vs Framework

Posted on

Is it better to focus on compliance or a on a framework system? I.e. PCI or HIPAA compliance versus ITIL or COBIT for example. There are more regulations coming so let’s add a couple of the US based ones. SHIELD(Stop Hacks and Improve Electronic Data Security) and CCPA(California Consumer Privacy Act). SHIELD – Stop Hacks […]

ITSecurity Training

Why Are Hackers Successful?

Posted on

The Number 1 reason is: “We do not do an adequate job of patching and paying attention to security!” Again and again we can find reports and stories of entities not doing basic tasks: Above image is from Protiviti report   Why are the basics not being done? Because a concerted effort to manage IT […]