A new Secure Software Requirements and Assessment Procedures was released v1.0 on Jan 2019. So if you are developing software for the Payment card industry either for an application on a website or for a retail location you have a new framework and software requirements standard. Developing software to capture credit card information (and use … Read more
Since a picture says a thousand words here is an attempt at explanation of Risk Analysis. The rows are “Impact on Environment”: none, minimal, minor, significant, major, critical The “Likelihood” or “Likely – what is % to happen” isĀ the columns: not likely, low, medium, medium-high, high, will happen. These are not “real” systems in … Read more
Is it better to focus on compliance or a on a framework system? I.e. PCI or HIPAA compliance versus ITIL or COBIT for example. There are more regulations coming so let’s add a couple of the US based ones. SHIELD(Stop Hacks and Improve Electronic Data Security) and CCPA(California Consumer Privacy Act). SHIELD – Stop Hacks … Read more
The Number 1 reason is: “We do not do an adequate job of patching and paying attention to security!” Again and again we can find reports and stories of entities not doing basic tasks: Above image is from Protiviti report Why are the basics not being done? Because a concerted effort to manage IT … Read more
From WSJ article On May 7th hackers were able to shut down a number of city of Baltimore computers. They demanded $100k worth of bitcoins to release their stranglehold. On this day that is about 13 Bitcoins (value of Bitcoins fluctuates). So Baltimore is refusing to pay as they should. The ransomware the hackers used … Read more