On 12/11/2009 3:37 PM, Bill arranged the binary bits such that:
Roger Vicker, CCP wrote:

Today I got a call from the GM that he wanted the entire share unsecured
so they could finish training with the vendor. He didn't care about
security/virus, just wanted it done NOW and worry about other things
later. The vendor told him they could secure everything from within
their application. The application only restricts users use of programs.
Remember AS/400 menu security. :-D


First warning sign. They trust the vendor more than they trust you.


Not exactly. He did say we would look at re-securing the folder later.
He was just in a big hurry as the trainers were going to leave and the
users didn't know near enough yet.
This is not a mom and pop business with just two or three users. It's
not a big one either but they have had a few employees that knew enough
to be dangerous but later got fired for other problems.



What I need, and am asking the list for, is some authoritative
documents/best practices to show the exposure the vendor is putting the
customer at risk of. The bigger the horror stories the better. Also,
standards that prove how easy (and long they have been around) it is to
have the application properly designed for security.



Your only ammunition is to remind them that many states, which began
with California, now require the notification of every cardholder in
that state if there is even a "chance" that their credit card
information has been breeched. I believe it is also the responsibility
of the company to pay for credit monitoring services for each of these
cardholders as well if there is a breech.


Been there. Although there is an argument that they aren't in "doing
business in those states" and just send a few bills to absentee
landlords there so aren't included. Yeah right! That is why the old (in
house) version has encryption and the keys backed up completely separate.

Roger


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.