WaGuns.org :: View topic - Compliance and Network Security

Guntrader wrote:

Generous offer.
PCI compliance is a whole new can of worms for a lot of people.
I've had prospective clients bitching about why they couldn't download malware screensavers, store credit card numbers in plain text, and couldn't keep the same password they used for the past 8 years.

Guntrader wrote:

I have seen the 'increment by one' scheme, may have even been in literature from PCI.

My ex was a pension analyst for the Teamsters Trust.
They had to change passwords every two weeks, couldn't contain more than 7 characters from the last password, upper, lower, number, extended characters, etc.
So they just taped them to their monitors or desk.

Weakest link in infosec is always people.

Col_Temp wrote:

Are you looking or interested in working with other companies on this compliance?
I know its a pain and some of my clients have been messing with it off and on. When it comes up again you have any desire to assist (for pay of course).

Massivedesign wrote:

Col_Temp wrote:

Paris... This was a 3 year old thread man... :bonghit:

Author:	leaferikson [ Wed Apr 27, 2016 6:37 pm ]
Post subject:	Compliance and Network Security
Noticed a post in the FFL area about a vendor working on PCI compliance for taking credit cards. I wanted to offer free consultation to any small FFL if they run in to issues or have concerns regarding PCI compliance or security. I've been in this field for 10 years, and I'd love to help anyone that needs it.

Author:	Guntrader [ Wed Apr 27, 2016 6:49 pm ]
Post subject:	Re: Compliance and Network Security
Generous offer. PCI compliance is a whole new can of worms for a lot of people. I've had prospective clients bitching about why they couldn't download malware screensavers, store credit card numbers in plain text, and couldn't keep the same password they used for the past 8 years.

Author:	leaferikson [ Wed Apr 27, 2016 7:03 pm ]
Post subject:	Re: Compliance and Network Security
Guntrader wrote: Generous offer. PCI compliance is a whole new can of worms for a lot of people. I've had prospective clients bitching about why they couldn't download malware screensavers, store credit card numbers in plain text, and couldn't keep the same password they used for the past 8 years. My first day at a really well known company, IT told us "just use a pets name and add the number one on the end, then when you have to update, you just make it two"

Author:	Guntrader [ Wed Apr 27, 2016 7:11 pm ]
Post subject:	Re: Compliance and Network Security
I have seen the 'increment by one' scheme, may have even been in literature from PCI. My ex was a pension analyst for the Teamsters Trust. They had to change passwords every two weeks, couldn't contain more than 7 characters from the last password, upper, lower, number, extended characters, etc. So they just taped them to their monitors or desk. Weakest link in infosec is always people.

Author:	leaferikson [ Wed Apr 27, 2016 7:12 pm ]
Post subject:	Re: Compliance and Network Security
Guntrader wrote: I have seen the 'increment by one' scheme, may have even been in literature from PCI. My ex was a pension analyst for the Teamsters Trust. They had to change passwords every two weeks, couldn't contain more than 7 characters from the last password, upper, lower, number, extended characters, etc. So they just taped them to their monitors or desk. Weakest link in infosec is always people. For sure, sometimes people forget the balance between productivity and security. Too Secure = No business

WaGuns.org https://www.waguns.org/

Compliance and Network Security https://www.waguns.org/viewtopic.php?f=151&t=68217	Page 1 of 1

Author:	3584ELK [ Wed Apr 27, 2016 7:38 pm ]
Post subject:	Re: Compliance and Network Security
Very generous of you- for my business, I am going to run the SAQ again and see if I am compliant. Last time I was only one or two questions shy of the green light. PCI compliance is far beyond password security in complexity, scope, and depth. It has been an experience...

Author:	lunacite [ Wed Apr 27, 2016 10:07 pm ]
Post subject:	Re: Compliance and Network Security
It sucks having to make any services I offer ITAR compliant.

Author:	Col_Temp [ Sat May 25, 2019 11:49 am ]
Post subject:	Re: Compliance and Network Security
Are you looking or interested in working with other companies on this compliance? I know its a pain and some of my clients have been messing with it off and on. When it comes up again you have any desire to assist (for pay of course).

Author:	Massivedesign [ Sat May 25, 2019 12:35 pm ]
Post subject:	Re: Compliance and Network Security
Col_Temp wrote: Are you looking or interested in working with other companies on this compliance? I know its a pain and some of my clients have been messing with it off and on. When it comes up again you have any desire to assist (for pay of course). Paris... This was a 3 year old thread man...

Author:	Col_Temp [ Fri Jun 07, 2019 1:45 pm ]
Post subject:	Re: Compliance and Network Security
Massivedesign wrote: Col_Temp wrote: Are you looking or interested in working with other companies on this compliance? I know its a pain and some of my clients have been messing with it off and on. When it comes up again you have any desire to assist (for pay of course). Paris... This was a 3 year old thread man... Yeah but I'm pretty sure he is still around.... I'll message him and see.

Page 1 of 1	All times are UTC - 8 hours
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/