|
|
|
|
|
|
by gruturo
2955 days ago
|
|
|
> I mean, can you actually convince execs it's a good idea, no matter how charismatic you are? As a citizen, an engineer, and a consumer I think software and infrastructure security needs to be taken much more seriously due to how much breaches hurt people. On SWIFT, yes, you can, thanks to their own reply to the Bangladesh incident: a reasonably thorough set of security guidelines called CSP/CSCF (Customer Security Program/Control Framework), compliance to which is now mandatory. Network isolation, 2-factor authentication, secure VDI for access, physical access controls, log retention, it's all in there. It's the perfect chance to get money and people from management and sanitize the situation. Actually if in May 2018 you don't already have a running project and resources for compliance, you should be quite worried. |
|
|
https://www2.swift.com/uhbonline/books/a2z/customer_security...
is there a openly published version of this - it would be interesting to see what best practise looked like