Penetration Testing
Physical Security audit (PCI DSS) Nov 07 2011 09:54AM
cribbar (crib bar hotmail co uk) (1 replies)
Re: Physical Security audit (PCI DSS) Nov 07 2011 06:46PM
Justin Rogosky (jrogosky gmail com) (2 replies)
Re: Physical Security audit (PCI DSS) Nov 07 2011 07:18PM
Chris Campbell (chris ctcampbell com)
Why not just use req. 9 of PCI DSS which deals with physical security?

On 7 Nov 2011, at 18:46, Justin Rogosky <jrogosky (at) gmail (dot) com [email concealed]> wrote:

> Have you checked out the PTES?
> http://www.pentest-standard.org/index.php/Main_Page
>
> It isn't a checklist per se but it has a technical guide that gives
> you lots of ideas for use during a pen test.
> http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines
>
> --Justin
>
> On Mon, Nov 7, 2011 at 4:54 AM, cribbar <crib.bar (at) hotmail.co (dot) uk [email concealed]> wrote:
>>
>> Hey,
>>
>> Does anyone have a comprehensive audit program/checklist for physical
>> security? I would want something that maps up to the PCI DSS standards
>> (although this â??dataâ? doesnâ??t process payment data it is highly sensitive
>> and thus meets the same security requirements). It isnâ??t a data centre we
>> are auditing, more a physical centre that wipes our disks on our behalf. A
>> few of the physical security audit programs I checked out through a Google
>> search werenâ??t up to much. Any such programs that you use and would be
>> willing to share would be great, right up to the policies, risk assessments,
>> BIA, logs and physical controls.
>>
>> Many Thanks
>>
>> --
>> View this message in context: http://old.nabble.com/Physical-Security-audit-%28PCI-DSS%29-tp32788712p3
2788712.html
>> Sent from the Penetration Testing mailing list archive at Nabble.com.
>>
>>
>> ------------------------------------------------------------------------

>> This list is sponsored by: Information Assurance Certification Review Board
>>
>> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>>
>> http://www.iacertification.org
>> ------------------------------------------------------------------------

>>
>>
>
> ------------------------------------------------------------------------

> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

>

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

[ reply ]
Re: Physical Security audit (PCI DSS) Nov 07 2011 07:10PM
Ali-Reza Anghaie (ali packetknife com)


 

Privacy Statement
Copyright 2010, SecurityFocus