The criminal hacker is out to get you – The auditors want you to have your paperwork in place. What is the real weak point that we need to focus on? http://www.scmagazine.com/compliance-with-requirement-11-in-pci-dss-drops/article/403249/ Security magazine discussed requirement 11 which is the test and validating all wireless access points. One must validate the wireless access point survey … Read more
http://blog.sucuri.net/ has an interesting post about “The Impacts of a Hacked Website” This is a good line: “We are learning the hard way, what large organizations already learned – being online is a responsibility and will eventually cost you something.” I now know that it was the Yoast Google Analytics plug-in that caused … Read more
PCI compliance has the basic settings for computer security but it will not ensure your corporation will be secure. For that to happen you must have personnel that implement security policies correctly, and it must be ingrained in all employees, as the weakest link is in our employee actions day after day. It is difficult … Read more
Why has Risk Management failed us? Every place you see “Accept risks” replace with Hacked computers. JP Morgan proved this concept even with a seeming unlimited security and IT budget, some mistakes creep into the organization. 76 million accounts affected Every box with monitor and manage risks replace with Computer hacked from the internal … Read more
I agree with the Governance people at ITgovernance: http://www.itgovernanceusa.com/blog/technological-cybersecurity-solutions-address-only-half-the-threats/ Technology only addresses some of the potential Cybersecurity hurdles that a company may have. The poster child of massive data breaches (Sony) was due to an internal breakdown, that plus previous documented failures show a lack of concern for IT Governance. In my mind I have … Read more
