I was recently asked by one of my clients going through a PCI compliance assessment, if they were a merchant or a service provider? Sounds like a simple question. So, let’s dig deeper. The PCI Security Standards Council (SSC) defines a merchant this way: For the purposes of the PCI DSS, a merchant is defined…
Month: October 2020
The Inevitability of Cloud
Cloud is here to stay. There are no two ways about it. The question to ask is whether or not you are ready for it. Here’s a quick primer on how to stay on top of your cloud game – Build your cloud skills – if you want to be in the fast lane on your…
Best Practices on OCI Part 3: Logging & Monitoring
Here are some key recommendations for configuring logging and monitoring on Oracle Cloud Infrastructure – Ensure audit log retention period is set to 365 days – Log retention controls how long activity logs should be retained. Studies have shown that The Mean Time to Detect(MTTD) a cyber breach is anywhere from 30 days in some sectors to up…
Best Practices on OCI Part 2: Network
Here are some key recommendations for configuring your virtual Network on Oracle Cloud Infrastructure – Ensure no security lists or network security groups allow ingress from 0.0.0.0/0 to port 22 – Removing unfettered connectivity to remote console services, such as Secure Shell (SSH), reduces a server’s exposure to risk. Ensure no security lists or network security groups…
Best Practices on OCI Part 1: IAM
Here are some key recommendations for Identity and Access Management on Oracle Cloud Infrastructure – Ensure service level admins are created to manage resources of particular service -Creating service-level administrators helps in tightly controlling access to Oracle Cloud Infrastructure (OCI) services to implement the least-privileged security principle. Ensure permissions on all resources are given only to…