Security is such a big issue for us – for all of us. Getting the balance right between being able to operate and staying safe is an ongoing trick. It is a moveable feast.
There are some bad people out there in cyber-land. Security is everyone’s responsibility.
That is why I have chosen firebrick red. In my mind, that is what our firewalls should be made of. They keep us safe from the millions of attempted hacks every week. They are solid, reliable, dependable and as safe as houses.
We have two main compliance regimes to live up to, Public Service Network (PSN) and Payment Card Industry Data Security Standard (PCI DSS). There are times when acronyms are useful. We have been compliant with PSN for several years now but PCI has been a more recent achievement.
Today I attended a PCI workshop at Sunderland Software Centre. I seem to spend a lot of time there. It is always about security as well. It was another event that Graham had organised and was well attended by technical and non-technical people from across the region. For me these kinds of events are what the North East ICT Managers group does best, sharing good practice, bringing in industry experts and creating connections between people.
A local company came into to tell us about how payment card security was a complex process yet followed common sense flows and rules. There are ten groups of players but the main ones are the payment processor, payment systems and gateway services. It may not be rocket science yet the PCI DSS has twelve requirements within six categories covering three hundred and twenty five controls. It is a lot of work to achieve compliance and to remain up to date.
Apparently clothing retailers are most vulnerable to successful attacks while small organisations account for seventy eight per cent of breaches.
One of the main lessons from the afternoon is to keep all of your software patched otherwise it will be more than your face that will be firebrick red.