PCI Industry standard audit checklist




IT Compliance Institute just released PCI Industry standard audit checklist. It also include a self-assessment questionniare.


Comments

Post a Comment

Popular posts from this blog

Unsolicited Electronic Messages Bill

Image
Hong Kong after months of public consultations is proposing an Unsolicited Electronic Messages Bill. This proposed bill has the following major features: 1. Enforce Opt-out (One needs to check before sending) 2. Technology Neutral (cover SMS, FAX and Email) 3. Prohibit address harvesting Generally, HK Government's effort is appreciated and the bill is comprehensive. There is not loophole the drafted bill does not quite get it. Under this bill, government propose to empower the Telecommunications Authority (TA) to set up "do-not-call registers", "which would be to facilitate recipients to opt out from receiving further commercial electronic messages from all electronic marketers and for senders of commercial electronic messages to ascertain the electronic addresses to which they should not send further commercial electronic messages unless they have specific consents. "This kind of register is very likely to be abused by malicious person to validate email address...
Read more

Stealing credit card numbers via home Wifi network

The Hong Kong district court heard a computer crime case on 18th June 2007. An African visitor had rented a flat and stole credit card numbers from his neighbor using wireless sniffing, then he used the credit card information to do online shopping. The charge was brought under HK Crime Ordinance Chapter 200 s116 . More detailed information will be available when the judgment is posted online. The 23-year old defendant was caught since he had used his home address for online shopping and the police were able to trace the delivery records. His ignorance of fraud detection systems and traceability of online shopping transactions seems to suggest that he is not a professional criminal. There are lots of ways to use stolen credit card numbers, buying cash coupons and delivering to an unoccupied house's mail box are common. According to statistics , credit card fraudis increasing and costs 3 billion USD in 2006, up from 2.7 billion in 2005. Different measures (like adding chips or usi...
Read more

Blackhole for network security

There is a few paper on the net discuss how to divert and mitigate the damages caused by network attacks, in particular DDOS. Both papers describe a means to create a “black hole” on the network. One is on the network layer and one is on the web server layer Cisco Black Hole Filtering Cisco's paper explain a specifically built infrastructure can help ISP to route malicious packets to a null interface(blackhole filtering). Microsoft Beat Hackers At Their Own Game With A Hackerbasher Site Utilizing the principle that all vistors must know my name. This method divert incoming traffic using IP address not hostname. These papers give a good illustration that security can be achieved by thoughtful design. All the tools and technology is available to everyone or what they call built-in. By good designing, we increase the effectiveness of our security investment.
Read more