Penetration Testing mailing list archives
Re: Physical Security audit (PCI DSS)
From: Chris Campbell <chris () ctcampbell com>
Date: Mon, 7 Nov 2011 19:18:13 +0000
Why not just use req. 9 of PCI DSS which deals with physical security? On 7 Nov 2011, at 18:46, Justin Rogosky <jrogosky () gmail com> wrote:
Have you checked out the PTES? http://www.pentest-standard.org/index.php/Main_Page It isn't a checklist per se but it has a technical guide that gives you lots of ideas for use during a pen test. http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines --Justin On Mon, Nov 7, 2011 at 4:54 AM, cribbar <crib.bar () hotmail co uk> wrote:Hey, Does anyone have a comprehensive audit program/checklist for physical security? I would want something that maps up to the PCI DSS standards (although this “data” doesn’t process payment data it is highly sensitive and thus meets the same security requirements). It isn’t a data centre we are auditing, more a physical centre that wipes our disks on our behalf. A few of the physical security audit programs I checked out through a Google search weren’t up to much. Any such programs that you use and would be willing to share would be great, right up to the policies, risk assessments, BIA, logs and physical controls. Many Thanks -- View this message in context: http://old.nabble.com/Physical-Security-audit-%28PCI-DSS%29-tp32788712p32788712.html Sent from the Penetration Testing mailing list archive at Nabble.com. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Physical Security audit (PCI DSS) cribbar (Nov 07)
- Re: Physical Security audit (PCI DSS) Justin Rogosky (Nov 07)
- Re: Physical Security audit (PCI DSS) Ali-Reza Anghaie (Nov 07)
- Re: Physical Security audit (PCI DSS) Chris Campbell (Nov 07)
- Re: Physical Security audit (PCI DSS) Justin Rogosky (Nov 07)