Non-Compliance Lesson No. 4: Keep your head in the cloud when adopting new technologies
PCI DSS can be hard and not preparing for it just makes things harder. Following this advice is guaranteed to make it both more exciting and painful.
Posts about:
humour
Non-Compliance Lesson No. 3: Don't upgrade or patch your old stuff
PCI DSS can be hard and not preparing for it just makes things harder. Following this advice is guaranteed to make it both more exciting and painful.
- Don’t upgrade your end-of-life software, it’s fine. After all it’s not like you won’t be able to upgrade overnight when a zero-day gets published. Besides the vendor's sure to provide a patch.
- Don’t patch those pesky middle and high-risk items on internal networks. It’s not like an intruder will try and move laterally through your network.
- Ignore those network and security appliances. You didn’t install the OS and who ever heard of firmware vulnerabilities.
- You’re only doing this for a PCI checkbox, your assessor may not notice, and it isn’t like you should be worried about ransomware.
- Sleep better at night, it's run fine for years and just look at all the time, money, and effort you saved.
Non-Compliance Lesson No. 2: Outsource your payments/security and don't read the fine print | blog,pci,humour | Control Gap
PCI DSS can be hard and not preparing for it just makes things harder. Following this advice is guaranteed to make it both more exciting and painful.
- Assume you can outsource your accountability for security and compliance.
- Assume your service provider does everything for you and don't confirm your responsibilities.
- Change service providers to save money.
- Act surprised when your assessor asks you for your scans, pen-tests, code reviews, patching records, etc.
- Exercise your right to audit clause (if you have one) and include your service providers inside your annual assessment at your cost.
- Due diligence and preparation are just too boring.
Non-Compliance Lesson No. 1: Wait until your assessment to validate scope | blog,pci,humour | Control Gap
PCI DSS can be hard and not preparing for it just makes things harder. Following this advice is guaranteed to make it both more exciting and painful.
A Misadventure on THE AIRLINE THAT SHALL NOT BE NAMED | blog,humour | Control Gap
Whether you embrace or eschew the label of Road Warrior, if you've traveled extensively for business then you have experienced the trials and tribulations of that lifestyle. Your limits have been tested and your plans ruined. In the end you can get angry or get over it. Last week, one of our own had just such a day. The account below represents one persons determined attempt not to let it get to him. It is based on a true story, albeit viewed through the coloured lenses of frustration and joviality a really twisted sense of humour. The names have been changed to protect the guilty and to also avoid any GDPR entanglements.