Tag Archives: PCI

How to Audit User Access

How to Audit User AccessWhen checking system access, make sure you look at all the different items that affect the user’s access. For example, the user might need one or more of the following:

  • Application ID
  • Application role or group
  • Membership in an local server group, Active Directory (AD) group, or UNIX Group
  • Access to the application’s share and/or folder on the server
  • Database ID
  • Database role, including access permissions (read/write)
  • Other permission (from a home-grown application code or enterprise identify management system)

Continue reading



Filed under Audit, How to..., Security, Technology

SANS Audit Checklists

The SANS Audit Advice and Resources* website has a free checklists section:

6 VMWare Settings Every IT Auditor Should Know About

5 Things Every IT Auditor Needs to Know About: SSH Configuration

Continue reading

Leave a comment

Filed under Audit, Security

Visa Yanks PCI Compliance of Processors

Dan Goodin reports that RBS WorldPay and Heartland Payment Systems are no longer considered Payment Card Industry (PCI) compliant by VISA. Both credit card payment processors had recent breaches.

Gartner analyst Avivah Litan, who tracks payment card security, said, “Retailers and other companies are not allowed to do business with processors that are not PCI compliant so this puts all of Heartland’s customers and all of RBS’s customers out of compliance,” she told The Register. “It’s nebulous, as most of PCI enforcement is.”

If you’re PCI compliant, it’s a good time to remind management that compliance isn’t the end of the road. Being compliant does not mean your security is ironclad; it means that you have taken some of the first steps forward. Don’t rest.

More on the PCI Data Security Standard.


Leave a comment

Filed under Security