We have a dilemma when deciding how and when to patch the software we depend on. Not all vulnerability patches are built to fix the problems they were set to resolve without causing any other problem. Picture is from #TheHackerNews How do we resolve this while also realizing that the window to patch our software … Read more
The criminal hacker is out to get you – The auditors want you to have your paperwork in place. What is the real weak point that we need to focus on? http://www.scmagazine.com/compliance-with-requirement-11-in-pci-dss-drops/article/403249/ Security magazine discussed requirement 11 which is the test and validating all wireless access points. One must validate the wireless access point survey … Read more
http://blog.sucuri.net/ has an interesting post about “The Impacts of a Hacked Website” This is a good line: “We are learning the hard way, what large organizations already learned – being online is a responsibility and will eventually cost you something.” I now know that it was the Yoast Google Analytics plug-in that caused … Read more
PCI compliance has the basic settings for computer security but it will not ensure your corporation will be secure. For that to happen you must have personnel that implement security policies correctly, and it must be ingrained in all employees, as the weakest link is in our employee actions day after day. It is difficult … Read more
Why has Risk Management failed us? Every place you see “Accept risks” replace with Hacked computers. JP Morgan proved this concept even with a seeming unlimited security and IT budget, some mistakes creep into the organization. 76 million accounts affected Every box with monitor and manage risks replace with Computer hacked from the internal … Read more