The Treasury Institute is focused on PCI compliance for colleges and universities.
The person posting on this blog is "Gene Willacker [who] is the PCI Compliance Officer for Michigan State University (MSU)".
Gene has compiled a great list of PCI 3.0 information in his blog.
The link is [here]
Sunday, September 22, 2013
Saturday, September 21, 2013
Study Material - Some web explanations
Sometimes it helps to get a second explanation or description of things. Here are some:
Requirements 1.1.3, 1.3.1, 1.3.2, 1.3.4 DMZ
http://searchsecurity.techtarget.com/definition/DMZ
Requirement 1.3.6 Stateful Inspection
http://kb.kerio.com/product/kerio-control/firewall-packet-filtering/what-is-stateful-packet-inspection-429.html
Requirement 1.3.8 Network Address Translation (NAT)
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_q_and_a_item09186a00800e523b.shtml
Requirement 1.3.8 Proxy Servers
http://whatismyipaddress.com/proxy-server
Requirement 2.1, 2.1.1 Simple Network Management Protocol (SNMP)
http://compnetworking.about.com/od/networkprotocols/g/snmp-management-protocol.htm
Requirement 2.1.1 Wired Equivalent Privacy (WEP)
Note: This encryption technique is not secure.
http://searchsecurity.techtarget.com/definition/Wired-Equivalent-Privacy
Requirement 2.1.1 Wi-Fi Protected Access version 2 (WPA2)
http://www.computerworld.com/s/article/9002706/Tutorial_How_to_set_up_WPA2_on_your_wireless_network_
Requirement 2.2 Industry accepted standard organizations
Center for Internet Security (CIS)
http://www.cisecurity.org/
International Organization for Standardization (ISO)
http://www.iso.org/iso/home.html
SysAdmin Audit Network Security (SANS)
http://www.sans.org/
National Institute of Standards Technology (NIST)
http://www.nist.gov/
Requirement 2.2.1 Domain Name Servers (DNS)
http://www.howstuffworks.com/dns.htm
Requirement 2.2 Secure Shell (SSH)
https://kimmo.suominen.com/docs/ssh/
Requirement 2.2 Secure File Transfer Protocol (S-FTP)
http://kb.iu.edu/data/akqg.html
Requirement 2.2 Secure Sockets Layer (SSL)
https://www.ssllabs.com/projects/rating-guide/
Requirement 2.2 IP Security Encryption (IPSec)
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml#intro
Requirement 6.5.7 Cross Site Scripting (XSS)
https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
Requirement 6.5.9 Cross Site Request Forgery (CSRF)
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29
Requirement 12.3.2 Token
http://searchsecurity.techtarget.com/definition/security-token
Requirements 1.1.3, 1.3.1, 1.3.2, 1.3.4 DMZ
http://searchsecurity.techtarget.com/definition/DMZ
Requirement 1.3.6 Stateful Inspection
http://kb.kerio.com/product/kerio-control/firewall-packet-filtering/what-is-stateful-packet-inspection-429.html
Requirement 1.3.8 Network Address Translation (NAT)
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_q_and_a_item09186a00800e523b.shtml
Requirement 1.3.8 Proxy Servers
http://whatismyipaddress.com/proxy-server
Requirement 2.1, 2.1.1 Simple Network Management Protocol (SNMP)
http://compnetworking.about.com/od/networkprotocols/g/snmp-management-protocol.htm
Requirement 2.1.1 Wired Equivalent Privacy (WEP)
Note: This encryption technique is not secure.
http://searchsecurity.techtarget.com/definition/Wired-Equivalent-Privacy
Requirement 2.1.1 Wi-Fi Protected Access version 2 (WPA2)
http://www.computerworld.com/s/article/9002706/Tutorial_How_to_set_up_WPA2_on_your_wireless_network_
Requirement 2.2 Industry accepted standard organizations
Center for Internet Security (CIS)
http://www.cisecurity.org/
International Organization for Standardization (ISO)
http://www.iso.org/iso/home.html
SysAdmin Audit Network Security (SANS)
http://www.sans.org/
National Institute of Standards Technology (NIST)
http://www.nist.gov/
Requirement 2.2.1 Domain Name Servers (DNS)
http://www.howstuffworks.com/dns.htm
Requirement 2.2 Secure Shell (SSH)
https://kimmo.suominen.com/docs/ssh/
Requirement 2.2 Secure File Transfer Protocol (S-FTP)
http://kb.iu.edu/data/akqg.html
Requirement 2.2 Secure Sockets Layer (SSL)
https://www.ssllabs.com/projects/rating-guide/
Requirement 2.2 IP Security Encryption (IPSec)
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml#intro
Requirement 6.5.7 Cross Site Scripting (XSS)
https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
Requirement 6.5.9 Cross Site Request Forgery (CSRF)
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29
Requirement 12.3.2 Token
http://searchsecurity.techtarget.com/definition/security-token
Tuesday, September 17, 2013
Study Material - SDLC
The Systems Development Life Cycle (SDLC) is a commonly used "methodology" for creating applications and systems.
The SDLC steps vary depending on who you talk to but they usually involve a lot of the same steps: initiation/planning, analysis, design, develop/test, implement, maintenance/support.
PCI DSS requirement 6.3 addresses secure application development, commonly called "S-SDLC".
Microsoft has some useful info on this to show how security should be integrated into software development [HERE]
The SDLC steps vary depending on who you talk to but they usually involve a lot of the same steps: initiation/planning, analysis, design, develop/test, implement, maintenance/support.
PCI DSS requirement 6.3 addresses secure application development, commonly called "S-SDLC".
Microsoft has some useful info on this to show how security should be integrated into software development [HERE]
Subscribe to:
Posts (Atom)