What amount of time should be spent on preventing future Cybersecurity events? During this Beer Bug crisis we have learned that Information Technology is an “Essential” business. (Part of CISA classification “Critical Infrastructure Workers) Notice it is only “Information Technology”(or IT) not Cybersecurity. Even though it would be good if your IT … Read more
If you have a company that you own, and have some computers and other systems on a network, are you in charge of that network? Ultimately maybe you are _responsible_, but are you in charge of it? Or is it the computer users? or any user with a phone and device on the network? Is … Read more
For example – Apache Tomcat is a type of web server, and certain versions have a RCE vulnerability: The above is at nsfocusglobal.com page… It highlights a RCE vulnerability from April 2019 So if the CGI servlet is not disabled then a problem could arise. RCE remote code execution – implies one can execute code … Read more
Yes, the small company cyber security basics are included in PCI (Payment Card Industry)compliance. There are 12 steps to compliance: Firewall maintenance Change your default passwords (and create a password policy) Protect stored cardholder data (if you are not developing software or have a website that you are developing – this may not be necessary) … Read more
A new Secure Software Requirements and Assessment Procedures was released v1.0 on Jan 2019. So if you are developing software for the Payment card industry either for an application on a website or for a retail location you have a new framework and software requirements standard. Developing software to capture credit card information (and use … Read more