Penetration Testing mailing list archives
Re: Physical Security audit (PCI DSS)
From: Ali-Reza Anghaie <ali () packetknife com>
Date: Mon, 7 Nov 2011 14:10:28 -0500
The US DSS provides manuals like http://www.dss.mil/seta/documents/self_inspect_handbook_nisp_08.pdf that have portions and check-lists applicable to unclassified secured areas. You can find many like that on their site and Cryptome. Cheers, -Ali On Mon, Nov 7, 2011 at 13:46, Justin Rogosky <jrogosky () gmail com> wrote:
Have you checked out the PTES? http://www.pentest-standard.org/index.php/Main_Page It isn't a checklist per se but it has a technical guide that gives you lots of ideas for use during a pen test. http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines --Justin On Mon, Nov 7, 2011 at 4:54 AM, cribbar <crib.bar () hotmail co uk> wrote:Hey, Does anyone have a comprehensive audit program/checklist for physical security? I would want something that maps up to the PCI DSS standards (although this “data” doesn’t process payment data it is highly sensitive and thus meets the same security requirements). It isn’t a data centre we are auditing, more a physical centre that wipes our disks on our behalf. A few of the physical security audit programs I checked out through a Google search weren’t up to much. Any such programs that you use and would be willing to share would be great, right up to the policies, risk assessments, BIA, logs and physical controls. Many Thanks -- View this message in context: http://old.nabble.com/Physical-Security-audit-%28PCI-DSS%29-tp32788712p32788712.html Sent from the Penetration Testing mailing list archive at Nabble.com. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Physical Security audit (PCI DSS) cribbar (Nov 07)
- Re: Physical Security audit (PCI DSS) Justin Rogosky (Nov 07)
- Re: Physical Security audit (PCI DSS) Ali-Reza Anghaie (Nov 07)
- Re: Physical Security audit (PCI DSS) Chris Campbell (Nov 07)
- Re: Physical Security audit (PCI DSS) Justin Rogosky (Nov 07)