Takovýto p?ehled p?ipravila Ericka Chickowski:
- Not Following Rule Of Least Privilege
- Ignoring Virtualization Compliance
- Failing To Change Vendor Default Configurations
- Failing To Properly Define Scope
- Fixating On Putting Things Out Of Scope
- Using Compensating Controls As A Crutch
- Bringing PA DSS-Certified Software Out Of Compliance
- Failing To Separate Duties
- Poorly Managing Encryption Keys
- Failing To Track Cardholder Data Flows
Podobný p?ehled je na stránce
PCI pitfalls for retailers:
- Faulty firewall installation or configuration
- Relying on vendor supplied defaults for system passwords
- Failing to utilize IPS to protect stored cardholder data
- Not encrypting transmission of cardholder data across open, public networks
- Failing to use and regularly update anti-virus software or programs
- Not maintaining secure systems and applications
- Providing access to cardholder data to those who do not need to know
- Forgetting to track and monitor all access to network resources and cardholder data
- Not having an information security policy