Re: Physical Security audit (PCI DSS)



Why not just use req. 9 of PCI DSS which deals with physical security?



On 7 Nov 2011, at 18:46, Justin Rogosky <jrogosky@xxxxxxxxx> wrote:

Have you checked out the PTES?
http://www.pentest-standard.org/index.php/Main_Page

It isn't a checklist per se but it has a technical guide that gives
you lots of ideas for use during a pen test.
http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines

--Justin

On Mon, Nov 7, 2011 at 4:54 AM, cribbar <crib.bar@xxxxxxxxxxxxx> wrote:

Hey,

Does anyone have a comprehensive audit program/checklist for physical
security? I would want something that maps up to the PCI DSS standards
(although this “data” doesn’t process payment data it is highly sensitive
and thus meets the same security requirements). It isn’t a data centre we
are auditing, more a physical centre that wipes our disks on our behalf. A
few of the physical security audit programs I checked out through a Google
search weren’t up to much. Any such programs that you use and would be
willing to share would be great, right up to the policies, risk assessments,
BIA, logs and physical controls.

Many Thanks

--
View this message in context: http://old.nabble.com/Physical-Security-audit-%28PCI-DSS%29-tp32788712p32788712.html
Sent from the Penetration Testing mailing list archive at Nabble.com.


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • RE: Which Commercial Web App Scanner?
    ... so assuming that leaves WebInspect and Acunetix ... actually do a proper penetration test. ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: Pentest exams
    ... would be a dynamic duo of pen testing certs. ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually ... do a proper penetration test. ...
    (Pen-Test)
  • Fwd: Evaluating pentesters
    ... (Being a pen-tester). ... usually get a good feel of how they work and some of the methodologies ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ...
    (Pen-Test)
  • Re: Pentesting lab
    ... Most pros that I have ever heard of/met/read use Metasploit. ... One subject is pen-testing and second subject is malware analysis. ... actually do a proper penetration test. ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: Pentesting lab
    ... One subject is pen-testing and second subject is malware analysis. ... actually do a proper penetration test. ... Information Assurance Certification Review Board ...
    (Pen-Test)