All Questions
10
questions
1
vote
1
answer
140
views
Monitoring User (developer) interaction
I'm looking for a "tamper proof" way, if there is such a thing, to monitor what a developer/engineer does on a given system.
To expand a bit more about this, we have several systems that run ...
- 111
1
vote
1
answer
529
views
PCI Compliance Scan & Globalscape EFT Web App Cookies Not Marked Secure
I have a situation where we are performing external PCI compliance scans against our Globalscape EFT server. The scan is reporting:
HTTP (443/tcp) - Web Application Cookies Not Marked Secure
Per our ...
- 31
1
vote
2
answers
731
views
PCI DSS for web servers not storing credit card info
I plan on deploying our new company website to a dedicated server through a hosting provider. I will personally maintain the server with the exception of dealing with the physical hardware. The ...
- 11
2
votes
2
answers
347
views
PCI audits, TLS 1.0, and scoring
I'm new to security in a variety of ways. We have a PCI audit coming up soon. We've put together a risk mitigation/migration plan for TLS 1.0 and have submitted it to the auditors.
My boss is ...
- 33
3
votes
2
answers
343
views
Can Windows 8 be PCI compliant?
I am in the process of getting PCI. I am in the last step in which I would need a secure PC on my internal network. All the scans I must run are only available through a plugin in browsers for Windows ...
- 159
5
votes
4
answers
942
views
What is the job of an IT auditor?
I am going through training in information security, as a part of the course they included compliance standards like:
PCI DSS
ISO 27001-2005
Cobit framework
So after searching over Google, I came to ...
- 53
1
vote
1
answer
249
views
How does a PCI QSA audit a company?
Corporate setups are often complex with data centers in multiple locations, complex ACL's and networks setup between them.
How does a PCI auditor actually audit the systems ?
How does he get to know ...
- 2,118
0
votes
1
answer
248
views
PCI onsite QSA Audit Review
Has anyone had any success using video recordings from ObserveIT during a PCI onsite QSA audit review? We are scheduled to be audited in a few months and are considering adding ObserveIT to ...
2
votes
3
answers
1k
views
What is the best way to get a third party audit done of website security?
I have a website that needs to be PCI compliant. I have coded it using the guidelines but to be safe i wanted to get a third party audit done where this individual who runs a IT security firm and ...
- 165
3
votes
3
answers
6k
views
Any place where I can find some template or base documents for IT/Infosec Compliance?
We're facing an audit and we are sorely lacking in documentation regarding information security policies. I've done some Googling and have been surprised by the difficulty of finding a good "template" ...
