Roger Vicker, CCP wrote:
Today I got a call from the GM that he wanted the entire share unsecured
so they could finish training with the vendor. He didn't care about
security/virus, just wanted it done NOW and worry about other things
later. The vendor told him they could secure everything from within
their application. The application only restricts users use of programs.
Remember AS/400 menu security. :-D

First warning sign. They trust the vendor more than they trust you.

This is not a mom and pop business with just two or three users. It's
not a big one either but they have had a few employees that knew enough
to be dangerous but later got fired for other problems.

What I need, and am asking the list for, is some authoritative
documents/best practices to show the exposure the vendor is putting the
customer at risk of. The bigger the horror stories the better. Also,
standards that prove how easy (and long they have been around) it is to
have the application properly designed for security.


Your only ammunition is to remind them that many states, which began with California, now require the notification of every cardholder in that state if there is even a "chance" that their credit card information has been breeched. I believe it is also the responsibility of the company to pay for credit monitoring services for each of these cardholders as well if there is a breech.

Bill

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.