Evans Resource …

Evans Resource Group has been selected as General Business Deal Lead for AMS Sales by IBM. Stay Tuned.

Hello world!

Welcome to my Blog: WMQSecureNow!

A blog for CISOs, Compliance/Risk Officers, CIOs, WMQ or System Administrators, PCI Vendors, SOX Auditors and others that care about securing the middleware technology stack: IBM’s WebSphere MQ

Did you know there are several reported breaches a day?  Did you know that compliance initiatives are now focusing on WMQ as the likely attack vector for breaches like Hannaford and others?  Did you know that auditors are NOT assessing WMQ?  Why, you might ask…  The penetration tests available to PCI, SOX and other assessors do not work with MWQ.  WMQ is the de-facto standard for systems integration software with over 15,000 customers Worldwide and is imbedded in all major WebSphere products such as WebSphere Application Server (WAS), Commerce and Portal to name a few.

This blog will provide those with fiduciary responsibilities to protect networks inducing CISOs, CIOs, Risk and Compliance Officers with information needed to manage risk and ensure availability, integrity and confidentiality of their ENTIRE network, not just the perimeter (applications and databases).  It will provide Administrators of these systems with transparency into their role, best practices and tools to assess and remediate WMQ environments.

I will provide you the latest security news for middleware focusing on WMQ, best practices and tools to help you understand what it takes to secure a WMQ network. 

If you are a PCI Vendor or SOX Auditor, this blog is for you too.  Savvis was sued for claiming their client was PCI Compliant prior to being hacked.  Merrick claims the hack cost it about $16 million in fraud losses paid to banks that issued the cards, as well as in legal fees and penalties it suffered for contracting with a non-compliant card processor. Merrick says Savvis “owes a duty of care” to audit companies and “breached its duty to competently and professionally assess CardSystems’ compliance.” 

Duty of care is a legal term and concept used to help determine liability in a court of law.  If someone is practicing due care, they are acting responsibly and will have a lower probability of being found negligent and liable if something bad takes place.  It is this author’s opinion that includes the system that sends transactional information between applications, databases and business partners.

Here’s to a secure future for all of us.  G-d bless.

Maryellen