The Canada Emergency Response Benefit (CERB) is the financial support from the Government of Canada for Canadians who are directly affected by COVID-19. The Canada Revenue Agency (CRA) is responsible for managing applications and payments for the CERB to Canadians. As of August 30, 2020, the CRA received 24.
There are several compliance frameworks these days that organizations have to implement for different reasons. I still see many organizations that struggle with all these frameworks. Each framework usually has an impressive set of objectives and controls. Does an organization have to process credit card information?
Multi-factor authentication (MFA) is generally available these days with popular services e.g. Facebook, Google, Amazon, etc. Even more traditional industries, such as banks, are also doing, slowly, the same. A good mention here for my previous employer, a credit union, that has implemented multi-factor authentication around 2019.
As always, I was not really active around for the last few months or even the last year. At least, I had a good reason this time. I was kind of busy writing my essay for the master’s degree. I began a graduate degree in September 2013 with a specialization in IT governance, audit, and security at Université de Sherbrooke.
Well, I should definitely work on my master’s essay but I thought it could be a good time to update my website. Again. Less than 2 months after the previous version… WordPress to Hugo Framework WordPress is certainly the most popular blog platform.
I finally obtained the Certified Information Systems Security Professional (CISSP) certification. It is definitely the most well-known certification in the information security industry and the one recommended for any professionals in this field. What is the CISSP? It is not necessarily the most technical or specialized certification.
You finally decided to use cloud services for your organization? Great! There are definitely many advantages. Your objective was also to outsource the security to the provider? Sorry, not quite. The security of your information will always be your own responsibility.
We trust cloud services to keep our data secure. But we don’t always think about the impact in the event where the service would have some downtime. Even less in a situation where the provider would decide to disable the service.
PCI DSS is probably one of the most misunderstood compliance obligations among IT professionals. It is in fact the Payment Card Industry Data Security Standard (PCI DSS) governed by the PCI Security Standards Council (PCI SSC) founded in 2006 by American Express, Discover Financial Services, JCB International, MasterCard and Visa.
There are more and more organizations interested in a penetration test, or simply a “pentest”, on their infrastructure. However, there is a requirement for specific skills and this expertise is not often available within most organizations. It is also a good idea to have an external opinion, someone who will be impartial and doesn’t know too much about the current configuration.
In August 2014, I published a post about my experience with the CISA exam and the required experience. Even 3 years later, it is still the most popular post here and not so long ago, I was always seeing more requests after the exam dates.
Many cloud providers are often criticized for the security provided with object storage services. Even more after the disclosure of private information that occurred in 2017 by using these services. These security breaches were also from well-known organizations such as Verizon, Accenture, Booz Allen Hamilton, Viacom, National Security Agency, National Credit Federation, Australian Broadcasting Corporation, Department of Defense, Republican National Committee, etc.