|
Roger Vicker, CCP wrote:Not exactly. He did say we would look at re-securing the folder later.
Today I got a call from the GM that he wanted the entire share unsecured
so they could finish training with the vendor. He didn't care about
security/virus, just wanted it done NOW and worry about other things
later. The vendor told him they could secure everything from within
their application. The application only restricts users use of programs.
Remember AS/400 menu security. :-D
First warning sign. They trust the vendor more than they trust you.
Been there. Although there is an argument that they aren't in "doingThis is not a mom and pop business with just two or three users. It's
not a big one either but they have had a few employees that knew enough
to be dangerous but later got fired for other problems.
What I need, and am asking the list for, is some authoritative
documents/best practices to show the exposure the vendor is putting the
customer at risk of. The bigger the horror stories the better. Also,
standards that prove how easy (and long they have been around) it is to
have the application properly designed for security.
Your only ammunition is to remind them that many states, which began
with California, now require the notification of every cardholder in
that state if there is even a "chance" that their credit card
information has been breeched. I believe it is also the responsibility
of the company to pay for credit monitoring services for each of these
cardholders as well if there is a breech.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.