Independent Verification & Validation (IV&V)
Alaniz Consulting Group LLC (ACG) starts off by performing an IV&V to the business. Why is this important? Well, to set a baseline and to get an accurate picture of the status of any business system and environment. It is a snapshot in time of that business, viewed from a Cybersecurity Lens. ACG 'ALWAYS' leads its process with an IV&V and then reports the results to Sr. Management and Business Owners.
A basic IV&V is a Verification and Validation activity performed by an Agency or Security Company that is not under the Control of the Business on the business Cybersecurity system(s) and environment.
A process under the IV&V is a comprehensive review, analysis, and some testing of Hardware (HW) and Software (SW) performed by an objective third party like Alaniz Consulting Group LLC (ACG) to confirm (i.e., verify) that the requirements are correctly defined, and to confirm (i.e.) that the business system correctly implements the proper required functionary and security requirements.
ACG's Owner and President has performed numerous IV&Vs as a Consultant for Federal agencies like NASA, the IRS, and the Department of Defense (DoD). Our goal is to bring this type of analysis to the public. While NIST Federal agencies and DoD use the Risk Management Framework (RMF), the general public usually uses a Cybersecurity Framework (CSF), but in the end, the results work on both levels.
Most Common Cyber Threats that Impact Retailers:
- POS Systems Attacks
-Vulnerabilities in Supplier Systems
-In-Store and Corporate Threats
-Wide-spread reliance on OPEN-Source Software (SW)
-Insider Credit Card Theft
-Supply Chain Sabotage
-Data Breaches and Leaks (DAR/DAT)
-The variety of Connected Assets (IoT)
-3rd Party Access to Business Systems
-Ransomware
-Insecure Web Apps and APIs
-Lack of Employee Cybersecurity Awareness
-E-Commerce Fraud
-E-Skimming
-Advanced Persistent Threats (APIs)
-Credential Stuffing and Sniffing
-Form-jacking (CSS/Injections)
-Website Cloning
-Denial of Service (DOS)
-Man-In-Middle (MIM)
-Automated Malware creation
-Proximity skimming on HIDs etc