Tuesday, March 22, 2011
If it can happen to RSA, it can happen to anyone
The recent RSA breach, in which the SecureID algorithm was pilfered, is just another reminder to test and monitor your systems. Of course, it's impossible to protect every system against all attacks, but if your systems are compromised, you want to be able to demonstrate that you took reasonable precautions to ensure system integrity. I have a client who is currently going through PCI-compliance testing. This client is fairly sophisticated in terms of their understanding of IT, yet they were surprised at some of the vulnerabilities the compliance testing uncovered. Even if your organization doesn't accept credit cards, the PCI DSS compliance process provides a great way to test and harden your systems. PCI offers a free Self Assessment Questionnaire to help you get started.