If you have a company that you own, and have some computers and other systems on a network, are you in charge of that network? Ultimately maybe you are _responsible_, but are you in charge of it? Or is it the computer users? or any user with a phone and device on the network? Is … Read more
For example – Apache Tomcat is a type of web server, and certain versions have a RCE vulnerability: The above is at nsfocusglobal.com page… It highlights a RCE vulnerability from April 2019 So if the CGI servlet is not disabled then a problem could arise. RCE remote code execution – implies one can execute code … Read more
Yes, the small company cyber security basics are included in PCI (Payment Card Industry)compliance. There are 12 steps to compliance: Firewall maintenance Change your default passwords (and create a password policy) Protect stored cardholder data (if you are not developing software or have a website that you are developing – this may not be necessary) … Read more
A new Secure Software Requirements and Assessment Procedures was released v1.0 on Jan 2019. So if you are developing software for the Payment card industry either for an application on a website or for a retail location you have a new framework and software requirements standard. Developing software to capture credit card information (and use … Read more
Since a picture says a thousand words here is an attempt at explanation of Risk Analysis. The rows are “Impact on Environment”: none, minimal, minor, significant, major, critical The “Likelihood” or “Likely – what is % to happen” is the columns: not likely, low, medium, medium-high, high, will happen. These are not “real” systems in … Read more
