Subscribe to the "Tomatoes and Security" web feed.Subscription options
Excerpt from:  IT Compliance
.
July 08, 2008

Tomatoes and Security

Similarities between the recent tomato incident and POS security

Tomato scare is like POS security As I cooked this weekend, I reached into my refrigerator for some tomatoes. These were not home grown but store bought, and I had just finished reading a New York Times article about the potential for salmonella. I inspected the red round fruit and found them to be in perfect shape, with no bruises, cuts or punctures. I also washed them thoroughly and felt I could safely eat them. While it's great that we are able to monitor and track these types situations, but why can't there be better protection from them?

From the NY Times article: "No one knows whether food has gotten more dangerous or whether the growing number of outbreaks results from better surveillance, said Dr. Patricia Griffin, the chief of the disease centers’ enteric disease epidemiology branch. Both may be true, Dr. Griffin said."

The Payment Card Industry Data Security Standard (PCI DSS) is all about tracking and monitoring changes in the environment of payment card systems. However, l see many similarities from the tomato incident that also apply to point-of-sale (POS) security. Tracking and monitoring help to triage a situation, but its not security. Some lessons learned that apply to both situations:

  1. Know what's running on your system. Put it under a microscope and identify only the applications necessary for the POS system - all others should be consider potential harmful.  Many threats hide themselves almost invisibly within the system files, very much like the bacteria on the infected tomatoes.
  2. Don't rely on others for critical functions. Don't assume the vendors, distributors or suppliers have deployed sanitized systems for your POS processing, but verify it for yourself. It may be packaged for convenience but always apply a second cleansing to ensure safety.
  3. Deploy technology that provides true protection - not just tracking and monitoring. PCI DSS is a guide for providing a baseline for operating practices, it is not a security method. Look for technology that goes beyond the PCI requirements and provides protection from future threats. My recommendation for POS security is Solidcore's S3 Control Embedded for lock-down. My recommendation for tomatoes is a portable UV Disinfector Home Scanner & Sterilizer.

Eat well!

Kim Singletary
Director of Embedded Solutions
ksingletary@solidcore.com

.
PermalinkF.D.A. Reports Progress in Tracing Salmonella
.New York Times article about tomato scare
.http://www.nytimes.com/2008/06/11/washington/11tomato.html?ex=1228795200&en=6660db1c09bcccec&ei=5087&excamp=GGGNtomatoscare&WT.srch=1&WT.mc_ev=click&WT.mc_id=GN-S-E-GG-NA-S-tomato_scare
.
PermalinkBest software for POS security
.Solidcore S3 Control Embedded Web page
.http://www.solidcore.com/products/s3control_embedded.html
.
PermalinkPCI DSS Compliance
.PCI standard council Web site
.https://www.pcisecuritystandards.org/
Topic Tags:  , , ,
by tthompson | ↑top | link to this#
Syndication OptionsRSS (Rich Site Summary) Feed Atom Feed OPML (Outline Processor Language) Feed MYST-ML (MyST Markup Language) Content Feed MS-Office Smart Tag Subscription