SCAP Security Content Automation Process. Presentation för SIS
|
|
- Antony Cameron
- 8 years ago
- Views:
Transcription
1 SCAP Security Content Automation Process Presentation för SIS
2 About Nexus Consulting Technology Nexus, Grundad 1982, Produkter (PKI, kryptering, messaging) Konsulttjänster (informationssäkerhet) Nexus Consulting AB Stockholm och Linköping Fem fokusområden Business Assurance Decentralized Security Management Identity Management Technical Business Assurance PCI DSS Forensics
3 Tillbakablick 10 år Säkerhetsscanners SATAN, ISS, Cybercop Scanner Security Baselining COPS, Axent OmniGuard Systemen tävlade om att gnälla mest
4 SCAP och CVSS varför då? En titt på en granskningsrapport CVSS Base: 8 CVSS Temporal: 7,2 Mäta säkerhetsproblematik CVSS Inte bara mäta, utan också styra SCAP
5 Vilka är standarderna i SCAP? extensible Configuration Checklist Description Format Open Vulnerability and Assessment Language Common Vulnerability Scoring System Standard XML for specifying checklists and for reporting results of checklist evaluation Standard XML for testing procedures for security related software flaws, configuration issues, and patches as well as for reporting the results of the tests Standard for conveying and scoring the impact of vulnerabilities
6 Vilka är standarderna i SCAP? Common Vulnerabilities and Exposures Common Configuration Enumeration Common Platform Enumeration Standard identifiers and dictionary for security vulnerabilities related to software flaws Standard identifiers and dictionary for system configuration issues related to security Standard identifiers and dictionary for platform/product naming
7 <?xml version="1.0" encoding="utf-8"?> - <oval_definitions xsi:schemalocation=" windows-definitions-schema.xsd independent-definitions-schema.xsd oval-definitions-schema.xsd oval-common-schema.xsd" xmlns=" xmlns:xsi=" xmlns:oval=" xmlns:oval-def=" - <generator> <oval:product_name>the OVAL Repository</oval:product_name> <oval:schema_version>5.3</oval:schema_version> <oval:timestamp> t09:39: :00</oval:timestamp> </generator> - <definitions> - <definition id="oval:org.mitre.oval:def:2069" class="vulnerability" version="1"> - <metadata> <title>vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution</title> - <affected family="windows"> <platform>microsoft Windows 2000</platform> <platform>microsoft Windows XP</platform> <platform>microsoft Windows Server 2003</platform> <platform>microsoft Windows Vista</platform> <product>microsoft XML Core Services</product> </affected> <reference source="cve" ref_id="cve " ref_url=" /> <description>microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringdata method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.</description> - <oval_repository> - <dates> - <submitted date=" t09:28:35"> <contributor organization="threatguard, Inc.">Robert L. Hollis</contributor> </submitted> <status_change date=" t15:55: :00">draft</status_change> - <modified comment="set datatype to version for ste:3517" date=" t08:24: :00"> <contributor organization="opsware, Inc.">Jeff Cheng</contributor> - <modified comment="set datatype to version for ste:3181" date=" t08:24: :00"> <contributor organization="opsware, Inc.">Jeff Cheng</contributor> - <modified comment="set datatype to version for ste:3861" date=" t08:24: :00"> <contributor organization="opsware, Inc.">Jeff Cheng</contributor> - <modified comment="set datatype to version for ste:3240" date=" t08:24: :00"> <contributor organization="opsware, Inc.">Jeff Cheng</contributor> <status_change date=" t08:57: :00">interim</status_change> <status_change date=" t07:56: :00">accepted</status_change> - <modified comment="ste:3181 changed from to " date=" t19:55: :00"> <contributor organization="secure Elements, Inc.">Sudhir Gandhe</contributor> <status_change date=" t19:55: :00">interim</status_change> </dates> <status>interim</status> </oval_repository> </metadata> - <criteria operator="or"> - <criteria comment="windows OS" operator="and"> <criterion test_ref="oval:org.mitre.oval:tst:99" comment="the installed operating system is part of the Microsoft Windows family" /> <criterion test_ref="oval:org.mitre.oval:tst:4170" comment="the version of msxml3.dll is less than " /> - <criteria comment="office 2003/2007 and SharePoint" operator="and"> - <criteria operator="or"> <extend_definition comment="microsoft Office 2003 is installed" definition_ref="oval:org.mitre.oval:def:233" /> <extend_definition comment="microsoft Office 2007 is installed" definition_ref="oval:org.mitre.oval:def:1211" /> <criterion comment="sharepoint Team Services are enabled (2K, XP, 2003)" negate="false" test_ref="oval:org.mitre.oval:tst:2379" /> <criterion test_ref="oval:org.mitre.oval:tst:3622" comment="the version of msxml5.dll is less than " /> - <criteria comment="xml Core Services 4" operator="and"> <extend_definition comment="microsoft XML Core Services 4 is installed" definition_ref="oval:org.mitre.oval:def:1002" /> <criterion test_ref="oval:org.mitre.oval:tst:3938" comment="the version of Msxml4.dll is less than " negate="false" /> - <criteria comment="xml Core Services 6" operator="and"> <extend_definition comment="microsoft XML Core Services 6 is installed" definition_ref="oval:org.mitre.oval:def:454" /> <criterion test_ref="oval:org.mitre.oval:tst:3716" comment="the version of Msxml6.dll is less than " negate="false" /> </definition> - <definition id="oval:org.mitre.oval:def:454" version="1" class="inventory"> - <metadata> <title>microsoft XML Core Services 6 is installed</title> - <affected family="windows"> <platform>microsoft Windows 2000</platform> <platform>microsoft Windows XP</platform> <platform>microsoft Windows Server 2003</platform> </affected> <reference source="cpe" ref_id="cpe:/a:microsoft:xml_core_services:6" /> <description>microsoft XML Core Services 6 is installed.</description> - <oval_repository> - <dates> - <submitted date=" t05:29:41"> <contributor organization="threatguard, Inc.">Robert L. Hollis</contributor> </submitted> <status_change date=" t14:55: :00">draft</status_change> <status_change date=" t19:35: :00">interim</status_change> <status_change date=" t21:27: :00">accepted</status_change> </dates> <status>accepted</status> </oval_repository> </metadata> - <criteria> <criterion comment="microsoft XML Core Services 6 is installed" negate="false" test_ref="oval:org.mitre.oval:tst:182" /> </definition> - <definition id="oval:org.mitre.oval:def:233" version="2" class="inventory"> - <metadata> <title>microsoft Office 2003 is installed</title> - <affected family="windows"> <platform>microsoft Windows 2000</platform> <platform>microsoft Windows XP</platform> <platform>microsoft Windows Server 2003</platform> </affected> <reference source="cpe" ref_id="cpe:/a:microsoft:office:2003" /> <description>the application Microsoft Office 2003 is installed.</description> - <oval_repository> - <dates> - <submitted date=" t12:05:33"> <contributor organization="threatguard, Inc.">Robert L. Hollis</contributor> </submitted> <status_change date=" t09:15: :00">interim</status_change> <status_change date=" t09:15: :00">accepted</status_change> - <modified comment="added CPE reference." date=" t07:48: :00"> <contributor organization="the MITRE Corporation">Jonathan Baker</contributor> <status_change date=" t07:52: :00">interim</status_change> - <modified comment="corrected ste:449 to use a pattern match and allow a major version of 11 and not check for other version components. Implemented by Jon Baker of the MITRE Corporation." date=" t08:38: :00"> <contributor organization="patchlink Corporation">Ken Lassesen</contributor> <status_change date=" t15:05: :00">accepted</status_change> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< </dates> <status>accepted</status> </oval_repository> </metadata> - <criteria> <criterion comment="microsoft Office 2003 is installed" test_ref="oval:org.mitre.oval:tst:487" /> </definition> - <definition id="oval:org.mitre.oval:def:1211" version="2" class="inventory"> - <metadata> <title>microsoft Office 2007 is installed</title> - <affected family="windows"> <platform>microsoft Windows 2000</platform> <platform>microsoft Windows XP</platform> <platform>microsoft Windows Server 2003</platform> <platform>microsoft Windows Vista</platform> <product>microsoft Office 2007</product> </affected> <reference source="cpe" ref_id="cpe:/a:microsoft:office:2007" /> <description>the application Microsoft Office 2007 is installed.</description> - <oval_repository> - <dates> - <submitted date=" t09:15: :00"> <contributor organization="the MITRE Corporation">Jonathan Baker</contributor> </submitted> <status_change date=" t09:15: :00">draft</status_change> <status_change date=" t16:16: :00">interim</status_change> <status_change date=" t13:44: :00">accepted</status_change> - <modified comment="changed tst:3839 to check a different registry key to determine if Office 2007 is installed." date=" t21:24: :00"> <contributor organization="threatguard, Inc.">Robert L. Hollis</contributor> <status_change date=" t21:25: :00">interim</status_change> - <modified comment="corrected cpe name in reference." date=" t15:38: :00"> <contributor organization="the MITRE Corporation">Jonathan Baker</contributor> <status_change date=" t21:36: :00">accepted</status_change> </dates> <status>accepted</status> </oval_repository> </metadata> - <criteria> <criterion comment="microsoft Office 2007 is installed" test_ref="oval:org.mitre.oval:tst:3839" /> </definition> - <definition id="oval:org.mitre.oval:def:1002" version="1" class="inventory"> - <metadata> <title>microsoft XML Core Services 4 is installed</title> - <affected family="windows"> <platform>microsoft Windows 2000</platform> <platform>microsoft Windows XP</platform> <platform>microsoft Windows Server 2003</platform> </affected> <reference source="cpe" ref_id="cpe:/a:microsoft:xml_core_services:4" /> <description>microsoft XML Core Services 4 is installed.</description> - <oval_repository> - <dates> - <submitted date=" t05:29:41"> <contributor organization="threatguard, Inc.">Robert L. Hollis</contributor> </submitted> <status_change date=" t14:55: :00">draft</status_change> <status_change date=" t19:35: :00">interim</status_change> <status_change date=" t21:27: :00">accepted</status_change> </dates> <status>accepted</status> </oval_repository> </metadata> - <criteria> <criterion comment="microsoft XML Core Services 4 is installed" negate="false" test_ref="oval:org.mitre.oval:tst:30" /> </definition> </definitions> - <tests> - <file_test id="oval:org.mitre.oval:tst:182" version="1" check_existence="at_least_one_exists" check="at least one" comment="microsoft XML Core Services 6 is installed." xmlns=" <object object_ref="oval:org.mitre.oval:obj:190" /> </file_test> - <registry_test id="oval:org.mitre.oval:tst:487" version="2" comment="microsoft Office 2003 is installed" check_existence="at_least_one_exists" check="at least one" xmlns=" <object object_ref="oval:org.mitre.oval:obj:418" /> <state state_ref="oval:org.mitre.oval:ste:449" /> </registry_test> - <registry_test id="oval:org.mitre.oval:tst:3839" version="2" check_existence="at_least_one_exists" check="at least one" comment="microsoft Office 2007 is installed" xmlns=" <object object_ref="oval:org.mitre.oval:obj:1826" /> <state state_ref="oval:org.mitre.oval:ste:3218" /> </registry_test> - <file_test id="oval:org.mitre.oval:tst:30" version="1" check_existence="at_least_one_exists" check="at least one" comment="microsoft XML Core Services 4 is installed." xmlns=" <object object_ref="oval:org.mitre.oval:obj:191" /> </file_test> - <family_test id="oval:org.mitre.oval:tst:99" version="1" comment="the installed operating system is part of the Microsoft Windows family" check_existence="at_least_one_exists" check="only one" xmlns=" <object object_ref="oval:org.mitre.oval:obj:99" /> <state state_ref="oval:org.mitre.oval:ste:99" /> </family_test> - <file_test id="oval:org.mitre.oval:tst:4170" version="2" check="at least one" comment="the version of Msxml3.dll is less than " check_existence="at_least_one_exists" xmlns=" <object object_ref="oval:org.mitre.oval:obj:3" /> <state state_ref="oval:org.mitre.oval:ste:3517" /> </file_test> - <file_test id="oval:org.mitre.oval:tst:3938" version="3" check="at least one" comment="the version of Msxml4.dll is less than " check_existence="at_least_one_exists" xmlns=" <object object_ref="oval:org.mitre.oval:obj:191" /> <state state_ref="oval:org.mitre.oval:ste:3181" /> </file_test> - <file_test id="oval:org.mitre.oval:tst:3716" version="2" check="at least one" comment="the version of Msxml6.dll is less than " check_existence="at_least_one_exists" xmlns=" <object object_ref="oval:org.mitre.oval:obj:190" /> <state state_ref="oval:org.mitre.oval:ste:3861" /> </file_test> - <file_test id="oval:org.mitre.oval:tst:3622" version="2" check="at least one" comment="the version of Msxml5.dll is less than " check_existence="at_least_one_exists" xmlns=" <object object_ref="oval:org.mitre.oval:obj:47" /> <state state_ref="oval:org.mitre.oval:ste:3240" /> </file_test> - <registry_test id="oval:org.mitre.oval:tst:2379" version="1" check="at least one" comment="sharepoint Team Services are enabled (2K, XP, 2003)" check_existence="at_least_one_exists" xmlns=" <object object_ref="oval:org.mitre.oval:obj:1361" /> <state state_ref="oval:org.mitre.oval:ste:2228" /> </registry_test> </tests> - <objects> - <registry_object id="oval:org.mitre.oval:obj:418" version="1" xmlns=" <hive>hkey_local_machine</hive> <key>software\microsoft\windows\currentversion\uninstall\{ d3-8cfe c9}</key> <name>displayversion</name> </registry_object> - <registry_object id="oval:org.mitre.oval:obj:1826" version="0" xmlns=" <hive>hkey_local_machine</hive> <key>software\microsoft\office\12.0\common\installroot</key> <name>installcount</name> </registry_object> <family_object id="oval:org.mitre.oval:obj:99" version="1" comment="this is the default family object. Only one family object should exist." xmlns=" /> - <file_object id="oval:org.mitre.oval:obj:3" version="1" xmlns=" <path var_ref="oval:org.mitre.oval:var:200" /> <filename>msxml3.dll</filename> </file_object> - <file_object id="oval:org.mitre.oval:obj:191" version="1" xmlns=" <path var_ref="oval:org.mitre.oval:var:200" /> <filename>msxml4.dll</filename> </file_object> - <file_object id="oval:org.mitre.oval:obj:190" version="1" xmlns=" <path var_ref="oval:org.mitre.oval:var:200" /> <filename>msxml6.dll</filename> </file_object> - <file_object id="oval:org.mitre.oval:obj:47" version="1" xmlns=" <path var_ref="oval:org.mitre.oval:var:200" /> <filename>msxml5.dll</filename> </file_object> - <registry_object id="oval:org.mitre.oval:obj:219" version="1" comment="this registry key identifies the system root." xmlns=" <hive>hkey_local_machine</hive> <key>software\microsoft\windows NT\CurrentVersion</key> <name>systemroot</name> </registry_object> - <registry_object id="oval:org.mitre.oval:obj:1361" version="1" xmlns=" <hive>hkey_local_machine</hive> <key operation="equals">software\microsoft\shared Tools\Web Server Extensions\Setup Packages</key> <name operation="equals">sharepoint</name> </registry_object> </objects> - <states> - <registry_state id="oval:org.mitre.oval:ste:449" version="2" xmlns=" <value operation="pattern match">^11\..+</value> </registry_state> - <registry_state id="oval:org.mitre.oval:ste:3218" version="0" xmlns=" <value datatype="int" operation="greater than">0</value> </registry_state> - <family_state id="oval:org.mitre.oval:ste:99" version="1" comment="microsoft Windows family" xmlns=" <family>windows</family> </family_state> - <file_state id="oval:org.mitre.oval:ste:3517" version="2" xmlns=" <version operation="less than" datatype="version"> </version> </file_state> - <file_state id="oval:org.mitre.oval:ste:3181" version="3" xmlns=" <version operation="less than" datatype="version"> </version> </file_state> - <file_state id="oval:org.mitre.oval:ste:3861" version="2" xmlns=" <version operation="less than" datatype="version"> </version> </file_state> - <file_state id="oval:org.mitre.oval:ste:3240" version="2" xmlns=" <version operation="less than" datatype="version"> </version> </file_state> - <registry_state id="oval:org.mitre.oval:ste:2228" version="1" xmlns=" <value operation="equals">installed</value> </registry_state> </states> - <variables> - <local_variable id="oval:org.mitre.oval:var:200" version="1" comment="windows system 32 directory" datatype="string"> - <concat> <object_component item_field="value" object_ref="oval:org.mitre.oval:obj:219" /> <literal_component>\system32</literal_component> </concat> </local_variable> </variables> </oval_definitions><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< OVAL
8 CVSS potential for loss of life, The physical greaterassets, the proportion productivity of vulnerable or systems, revenue. the higher the score Limited/serious/catastrophic adverse effect on organization/individuals Unproven, of of concept, Official functional, Fix, Temporary high Fix, (=no Workaround, Unconfirmed, Local, Adjacent exploit needed), Unavailable, Network, Not Not defined Uncorroborated, DefinedConfirmed, Network High, Medium, Not defined Low Multiple, Single, None None, Partial, Complete
9 CVSS värdering av sårbarheter Low severity CVSS base score 0,0-3,9 Medium severity CVSS base score 4,0-6,9 High severity CVSS base score 7,0-10,0.
10 Sammanfattning SCAP Security Content Automation Process För en specifik plattform Common Platform Enumeration (CPE)..kan man lista identifierade sårbarheter Common Vulnerabilities and Exposures (CVE)..och säkerhetsmässigt rekommenderad konfiguration Common Configuration Enumeration (CCE) Sårbarheter kan graderas Common Vulnerability Scoring System (CVSS) och man avgör om den existerar i egen miljö genom Open Vulnerability and Assessment Language (OVAL) och åtgärdar den genom Extensible Configuration Checklist Description Format (XCCDF)
11 What s in it for me? Lokalt, eller över nätverk? Granska eller åtgärda? Vilken SCAP-profil? Rapportering?
12 Ett varningens finger. Sårbarhetsberoenden: Om Apache 2.0.xx körs tillsammans med Tomcat 5.0.yy uppstår sårbarheten xyz Apache är välpatchad och rätt konfigurerad Tomcat är välpatchad och rätt konfigurerad False Positives är erkänt svåra att hantera.
13 Vad behöver parterna göra? Systemleverantörer Skapa SCAP-beskrivningar av sina produkter Göra det möjligt att acceptera SCAPautomatiserade konfigurationer Communities, organisationer, Skapa OVAL-beskrivningar för nyupptäckta sårbarheter, integrera i verktyg Skapa XCCDF-checklistor Slutanvändaren Välja/implementera checklistor (med förnuft!) Mäta hur CVSS-talet går ned i den egna organisationen
14 Summa Summarum Vad mäts? Teknisk motståndskraft mot angrepp Varför mäts det? Ger stark möjlighet att skapa uppfattning om trender i säkerhetsförvaltningen Ger möjlighet att grovt uppskatta ett systems motståndskraft mot angrepp Ger möjlighet att skapa mål för säkerhetsinnehållet i systemadministrationen För vem mäts det? Systemägare, CSO, CIO, informationsägare
15 Länktips National Vulnerability Database CVSS OVAL
How To Use A Policy Auditor 6.2.2 (Macafee) To Check For Security Issues
Vendor Provided Validation Details - McAfee Policy Auditor 6.2 The following text was provided by the vendor during testing to describe how the product implements the specific capabilities. Statement of
More informationBMC Client Management - SCAP Implementation Statement. Version 12.0
BMC Client Management - SCAP Implementation Statement Version 12.0 BMC Client Management - SCAP Implementation Statement TOC 3 Contents SCAP Implementation Statement... 4 4 BMC Client Management - SCAP
More informationFederal Desktop Core Configuration (FDCC)
Federal Desktop Core Configuration (FDCC) Presented by: Saji Ranasinghe Date: October, 2007 FDCC Federal Desktop Core Configuration (FDCC) Standardized Configuration with Hardened Security Settings to
More informationSCAP for VoIP Automating Configuration Compliance. 6 th Annual IT Security Automation Conference
SCAP for VoIP Automating Configuration Compliance 6 th Annual IT Security Automation Conference Presentation Overview 1. The Business Challenge 2. Securing Voice over IP Networks 3. The ISA VoIP Security
More informationFDCC & SCAP Content Challenges. Kent Landfield Director, Risk and Compliance Security Research McAfee Labs
FDCC & SCAP Content Challenges Kent Landfield Director, Risk and Compliance Security Research McAfee Labs Where we have been 1 st Security Automation Workshop nearly 20 people in a small room for the day
More informationMicrosoft + SOA = Sant? Joakim Linghall Principal System Engineer SOA and Business Process joakiml@microsoft.com
Microsoft + SOA = Sant? Joakim Linghall Principal System Engineer SOA and Business Process joakiml@microsoft.com Agenda Real World SOA En plattform för SOA ESB SOA Governance Exempel Lite om framtiden
More informationSecure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities
Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities Sean Barnum sbarnum@mitre.org September 2011 Overview What is SCAP? Why SCAP?
More informationPCI Vulnerability Validation Report
Friday, March 9, 013 PCI Vulnerability Validation Report Introduction This report shows the results of a vulnerability validation tests conducted by CORE Impact Professional Professional in support of
More informationCritical Infrastructure Security: The Emerging Smart Grid. Cyber Security Lecture 5: Assurance, Evaluation, and Compliance Carl Hauser & Adam Hahn
Critical Infrastructure Security: The Emerging Smart Grid Cyber Security Lecture 5: Assurance, Evaluation, and Compliance Carl Hauser & Adam Hahn Overview Assurance & Evaluation Security Testing Approaches
More informationSAS Data Integration SAS Business Intelligence
Kursöversikt 2010 SAS Education Providing knowledge through global training and certification SAS Data Integration SAS Business Intelligence Specialkurser SAS Forum 2010 Kontaktinformation Stora Frösunda
More informationPenetration Testing Guidelines For the Financial Industry in Singapore. 31 July 2015
For the Financial Industry in Singapore 31 July 2015 TABLE OF CONTENT 1. EXECUTIVE SUMMARY 3 2. INTRODUCTION 4 2.1 Audience 4 2.2 Purpose and Scope 4 2.3 Definitions 4 3. REQUIREMENTS 6 3.1 Overview 6
More informationSecurity Content Automation Protocol for Governance, Risk, Compliance, and Audit
UNCLASSIFIED Security Content Automation Protocol for Governance, Risk, Compliance, and Audit presented by: Tim Grance The National Institute of Standards and Technology UNCLASSIFIED Agenda NIST s IT Security
More informationSecurity compliance automation with Red Hat Satellite
Security compliance automation with Red Hat Satellite Matt Micene Solution Architect, DLT Solutions @cleverbeard @nzwulfin Created with http://wordle.net Compliance is a major problem About half of the
More informationElektronikavfall. Thomas Lindhqvist IIIEE Lund University. 18 February 2009
Elektronikavfall Thomas Lindhqvist IIIEE Lund University 18 February 2009 Elektronik och miljö Problem? Livscykeltänkande Elektronikavfall kopplat till livscykeln W hat is e- w aste ( W EEE)? Varför elektronikavfall?
More informationQ: What is CVSS? Q: Who developed CVSS?
CVSS FAQ Q: What is CVSS? Q: Who developed CVSS? Q: What does CVSS not do? Q: What is involved in CVSS? Q: What are the details of the Base Metrics? Q: What are the details of the Temporal Metrics? Q:
More informationEnterprise Software Management Systems by Using Security Metrics
Enterprise Software Management Systems by Using Security Metrics Bhanudas S. Panchabhai 1, A. N. Patil 2 1 Department of Computer Science, R. C. Patel Arts, Commerce and Science College, Shirpur, Maharashtra,
More informationStrategisk planering, Aktiv demokrati, 6-8 jan 2012
Strategisk planering, Aktiv demokrati, 6-8 jan 2012 Följande är förslag till workshopen under AD konferensen för att på ett systematiskt sätt diskutera vad AD är, vill och hur vi skall förverkliga dem.
More informationSecstate: Flexible Lockdown, Auditing, and Remediation
Secstate: Flexible Lockdown, Auditing, and Remediation Certifiable Linux Integration Project Tresys Technology Karl MacMillan Topics Secstate Overview Sample session illustrating
More informationIntroduktion till SAS 9 Plattformen Helikopterkursen
Introduktion till SAS 9 Plattformen Helikopterkursen Kursens mål: Denna kurs/workshop ger dig en samlad överblick över den nye SAS 9 Intelligenta Plattformen. Denna dag är en bra start för att förstå SAS
More informationMaximizing customer protections
Maximizing customer protections 8 7 Vista XP XP end of support 8 XP 7 Vista XP What is the risk of continuing to run XP? Attackers will have the advantage over defenders After support ends, when Microsoft
More informationSTIGs,, SCAP and Data Metrics
Defense Information Systems Agency A Combat Support Agency STIGs,, SCAP and Data Metrics Roger S. Greenwell, CISSP, CISA, CISM Technical Director / Capabilities Implementation Division DISA Field Security
More informationAutomating Compliance with Security Content Automation Protocol
Automating Compliance with Security Content Automation Protocol presented by: National Institute of Standards and Technology Agenda Information Security Current State Security Content Automation Protocol
More informationCommon Result Format (CRF ) Specification Version 0.3 Jon Baker Andrew Buttner Todd Wittbold The MITRE Corporation
Common Result Format (CRF ) Specification Version 0.3 Jon Baker Andrew Buttner Todd Wittbold The MITRE Corporation Introduction...3 2 Use Cases...3 3 Related Preexisting Formats...3 3. XCCDF Results Format...3
More informationContinuous security audit automation with Spacewalk, Puppet, Mcollective and SCAP
Continuous security audit automation with Spacewalk, Puppet, Mcollective and SCAP Vasileios A. Baousis (Ph.D) Network Applications Team Slide 1 Agenda Introduction Background - SCAP - Puppet &Mcollective
More information6. Exercise: Writing Security Advisories
CERT Exercises Toolset 49 49 6. Exercise: Writing Security Advisories Main Objective Targeted Audience Total Duration Time Schedule Frequency The objective of the exercise is to provide a practical overview
More informationBizTalk 2013, Hands on, IaaS, Paas - Hybridbaserade integrationslösningar med BizTalk lokalt och/eller i molnet
BizTalk 2013, Hands on, IaaS, Paas - Hybridbaserade integrationslösningar med BizTalk lokalt och/eller i molnet Detta seminarium fokuserar på att visa nyheterna och möjligheterna för köra BizTalk 2013
More informationASV Scan Report Attestation of Scan Compliance
ASV Scan Report Attestation of Scan Compliance Scan Customer Information Company: David S. Marcus, Ph. D Approved Scanning Vendor Information Company: ComplyGuard Networks Contact: Contact: Support Tel:
More informationStatus Update. Jon Baker September 28, 2010
Status Update Jon Baker September 28, 2010 HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS). OVAL Overview An international, information security, community standard to promote
More informationHow I Learned to Stop Worrying and Love Compliance Ron Gula, CEO Tenable Network Security
How I Learned to Stop Worrying and Love Compliance Ron Gula, CEO Tenable Network Security PART 1 - COMPLIANCE STANDARDS PART 2 SECURITY IMPACT THEMES BUILD A MODEL THEMES MONITOR FOR FAILURE THEMES DEMONSTRATE
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Technical and Operational Requirements for Approved Scanning Vendors (ASVs) Version 1.1 Release: September 2006 Table of Contents Introduction...1-1 Naming
More informationMassively Scaled Security Solutions for Massively Scaled IT
Massively Scaled Security Solutions for Massively Scaled IT Michael Smith, SecTor 2009 Who is Michael Smith? 8 years active duty army Graduate of Russian basic course, Defense Language Institute, Monterey,
More informationChung-Huang Yang Kaohsiung Normal University, Taiwan http://security.nknu.edu.tw/ November 24th, 2015 @ Central South University
Chung-Huang Yang Kaohsiung Normal University, Taiwan http://security.nknu.edu.tw/ November 24th, 2015 @ Central South University Outline Introduction Digital Forensics for Mobile Devices Configuration
More informationSoftware Vulnerability Assessment
Software Vulnerability Assessment Setup Guide Contents: About Software Vulnerability Assessment Setting Up and Running a Vulnerability Scan Manage Ongoing Vulnerability Scans Perform Regularly Scheduled
More informationCDM Vulnerability Management (VUL) Capability
CDM Vulnerability Management (VUL) Capability Department of Homeland Security Office of Cybersecurity and Communications Federal Network Resilience Vulnerability Management Continuous Diagnostics and Mitigation
More informationA Complete Guide to the Common Vulnerability Scoring System Version 2.0
A Complete Guide to the Common Vulnerability Scoring System Version 2.0 June, 2007 Peter Mell, Karen Scarfone National Institute of Standards Sasha Romanosky Carnegie Mellon University and Technology Acknowledgements:
More informationMore Repeatable Vulnerability Assessment An introduction
Försvarets Materielverk/CSEC 2008 Document ID CB-039 Issue 0.4 More Repeatable Vulnerability Assessment An introduction Helén Svensson 1 Section Agenda Background Introduction to the following aspects
More informationSAS Education Providing knowledge through global training and certification. SAS Foundation. Kursöversikt 2010
Kursöversikt 2010 SAS Education Providing knowledge through global training and certification SAS Foundation SAS Forum 2010 och specialkurser SAS Master Class Kontaktinformation Stora Frösunda Gård Box
More informationGuide to Enterprise Patch Management Technologies
NIST Special Publication 800-40 Revision 3 Guide to Enterprise Patch Management Technologies Murugiah Souppaya Karen Scarfone C O M P U T E R S E C U R I T Y NIST Special Publication 800-40 Revision 3
More informationMcAfee Vulnerability Manager 7.0.2
McAfee Vulnerability Manager 7.0.2 The McAfee Vulnerability Manager 7.0.2 quarterly release adds features to the product without having to wait for the next major release. This technical note contains
More informationSecurity Vulnerabilities in Open Source Java Libraries. Patrycja Wegrzynowicz CTO, Yonita, Inc.
Security Vulnerabilities in Open Source Java Libraries Patrycja Wegrzynowicz CTO, Yonita, Inc. About Me Programmer at heart Researcher in mind Speaker with passion Entrepreneur by need @yonlabs Agenda
More informationKINAR13h, KINLO13h. The marking period is, for the most part, 15 working days, otherwise it s the following date:
Materialplanering och Styrning 7.5 ECTS Ladokcode: The exam is given to: 41I29M KININ13h, KININ13h1, KINAF13h-pgrp3, KINAF13h-pgrp4, KINAR13h, KINLO13h ExamCode: Date of exam: 2016-01-12 Time: 14:00 18:00
More informationEnhancing Security for Next Generation Networks and Cloud Computing
V1.0 Enhancing Security for Next Generation Networks and Cloud Computing Tony Rutkowski Yaana Technologies Georgia Tech ITU-T Q.4/17 Rapporteur ETSI Workshop 19-20 January 2011 Sophia Antipolis, France
More informationScrum Kandidatprojekt datateknik - TDDD83
14-23- 1 Agenda Scrum Kandidatprojekt datateknik - TDDD83 Vad är scrum? Hur fungerar det? Hur ska scrum användas i kursen? Aseel Berglund IDA Agile Approaches - Agile Alliance Lightweight approaches to
More informationAnge om en aktivitet har medfört att en tjänsteresa har utförts med flyg under 2013, och i sådana fall antal gånger.
Institutionen för lingvistik - Survey of travel at SU for 2013 Answer Count: 16 Ange om en aktivitet har medfört att en tjänsteresa har utförts med flyg under 2013, och i sådana fall antal gånger. Specify
More informationMicrosoft SQL Server 2012: Designing Buisness Intelligence Solutions
Microsoft SQL Server 2012: Designing Buisness Intelligence s Längd: 5 Days Kurskod: M20467 Version: A Sammanfattning: Denna 5-dagarskurs lär dig hur du designar och implementerar en BI-Infrastruktur. Kursen
More informationICT Security Cybersecurity CYBEX Overview of activities in ITU-T with focus on Study Group 17
ICT Security Cybersecurity CYBEX Overview of activities in ITU-T with focus on Study Group 17 TSB Briefing to the Regional Offices, 28 Feb 2011 Martin Euchner Advisor of ITU-T Study Group 17 Martin.Euchner@itu.int
More informationAppSentry Application and Database Security Auditing
AppSentry Application and Database Security Auditing May 2014 Stephen Kost Chief Technology Officer Integrigy Corporation About Integrigy ERP Applications Oracle E-Business Suite Databases Oracle and Microsoft
More informationSecurity Information and Event Management
Security Information and Event Management sponsored by: ISSA Web Conference April 26, 2011 Start Time: 9 am US Pacific, Noon US Eastern, 5 pm London Welcome Conference Moderator Phillip H. Griffin ISSA
More informationWeb Application Report
Web Application Report This report includes important security information about your Web Application. Security Report This report was created by IBM Rational AppScan 8.5.0.1 11/14/2012 8:52:13 AM 11/14/2012
More informationWEBINAR 5:E MARS 2013. Allt du skulle vilja veta om Marketing Automation men inte kunnat fråga om
WEBINAR 5:E MARS 2013 Allt du skulle vilja veta om Marketing Automation men inte kunnat fråga om Välkomna! Erik Garsten Footstep Marketing Guest speaker Jim Meyer Vice President and General Manager etrigue
More informationSCAP Compliance Checker Version 3.1 for Windows February 12, 2012
SCAP Compliance Checker Version 3.1 for Windows February 12, 2012 Developed by: Space and Naval Warfare (SPAWAR) Systems Center Atlantic P.O. Box 190022 North Charleston, SC 29419-9022 ssc_lant-scc@navy.mil
More informationA Vulnerability Assessment Tool based on OVAL in Linux System
A Vulnerability Assessment Tool based on OVAL in Linux System Youngmi Kwon 1, Hui Jae Lee 2, Geuk Lee 3 1 Dept. of InfoCom, Chungnam National University, Daejeon, South Korea ymkwon@cnu.ac.kr 2 Dept. of
More informationVRDA Vulnerability Response Decision Assistance
VRDA Vulnerability Response Decision Assistance Art Manion CERT/CC Yurie Ito JPCERT/CC EC2ND 2007 2007 Carnegie Mellon University VRDA Rationale and Design 2 Problems Duplication of effort Over 8,000 vulnerability
More informationApplying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains (DRAFT)
NIST Interagency Report 7800 (Draft) Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains (DRAFT) David Waltermire, Adam Halbardier,
More informationAn Approach to Vulnerability Management, Configuration Management, and Technical Policy Compliance
An Approach to Vulnerability Management, Configuration Management, and Technical Policy Compliance Presented by: John Banghart, Booz Allen Hamilton SCAP Validation Project Lead Thoughts on Current State
More informationANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details
Sub: Supply, Installation, setup and testing of Tenable Network Security Nessus vulnerability scanner professional version 6 or latest for scanning the LAN, VLAN, VPN and IPs with 3 years License/Subscription
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationManagement (CSM) Capability
CDM Configuration Settings Management (CSM) Capability Department of Homeland Security National Cyber Security Division Federal Network Security Network & Infrastructure Security Table of Contents 1 PURPOSE
More informationRepetition inför tentan. Kommunikation. Infrastruktur. ÖP 13-17 Inga hjälpmedel. v v v
Repetition inför tentan v v v ÖP 13-17 Inga hjälpmedel Kommunikation Infrastruktur 1 Skalbarhet När det inte går bra Organisation 2 Illvilja Repetition inför tentan Tentan hur kommer den att bli? 13-17
More information3gamma Från traditionell IT-leverans till modern, processtyrd tjänsteleverans i en multi-sourcing miljö. Peter Wahlgren, September 2013
3gamma Från traditionell IT-leverans till modern, processtyrd tjänsteleverans i en multi-sourcing miljö Peter Wahlgren, September 2013 Vem är Peter Wahlgren? VD & Konsult på 3gamma sedan 2008 AstraZeneca
More informationMedical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Capture Link Server V1.00
Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak Capture Link Server V1.00 Version 1.0 Eastman Kodak Company, Health Imaging Group Page 1 Table of Contents
More information1. Building Testing Environment
The Practice of Web Application Penetration Testing 1. Building Testing Environment Intrusion of websites is illegal in many countries, so you cannot take other s web sites as your testing target. First,
More informationAttack Vector Detail Report Atlassian
Attack Vector Detail Report Atlassian Report As Of Tuesday, March 24, 2015 Prepared By Report Description Notes cdavies@atlassian.com The Attack Vector Details report provides details of vulnerability
More informationAnvänd SAS för att bearbeta och analysera ditt data i Hadoop
make connections share ideas be inspired Använd SAS för att bearbeta och analysera ditt data i Hadoop Mikael Turvall Arkitektur SAS VISUAL ANALYTICS and SAS VISUAL STATISTICS SAS IN-MEMORY STATISTICS FOR
More informationEFFECTIVE VULNERABILITY SCANNING DEMYSTIFYING SCANNER OUTPUT DATA
EFFECTIVE VULNERABILITY SCANNING DEMYSTIFYING SCANNER OUTPUT DATA Paul R. Lazarr, CISSP, CISA, CIPP, CRISK Sr. Managing Consultant, IBM Cybersecurity and Biometrics January 21, 2016 PERSONAL BACKGROUND
More informationInterface Programmera mot interface Johan Eliasson Johan Eliasson Interface kan bryta beroendekedjor Skriv generell kod «Type» Class2 Interface
Interface Snabba att implementera Programmera mot interface Bryter beroenden Gör det enklare att samarbeta Gör det enkelt att i ett senare skede byta ut implementationer mot effektivare Interface kan bryta
More informationHow To Monitor Your Entire It Environment
Preparing for FISMA 2.0 and Continuous Monitoring Requirements Symantec's Continuous Monitoring Solution White Paper: Preparing for FISMA 2.0 and Continuous Monitoring Requirements Contents Introduction............................................................................................
More informationNCIRC Security Tools NIAPC Submission Summary Harris STAT Scanner
NCIRC Security Tools NIAPC Submission Summary Harris STAT Scanner Document Reference: Security Tools Internal NIAPC Submission NIAPC Category: Vulnerability Scanning Date Approved for Submission: 24-04-2007
More informationComputer animations in physical chemistry. Kim Bolton School of Engineering, University College of Borås, SE-501 90, Borås
Computer animations in physical chemistry Kim Bolton School of Engineering, University College of Borås, SE-501 90, Borås Introduction The immense increase in computational power, variety of computer-based
More informationVet du redan nu att du vill studera på Emirates Academy kan du fylla i ansökan nedan och skicka till KILROY.
ANSÖKAN Emirates Academy Undergraduate KILROY education hjälper dig med ansökan till Emirates Academy. Vi ger dig information om kurser, antagningskrav, terminsavgifter, CSN, boendemöjligheter och visum.
More informationAn Enterprise Continuous Monitoring Technical Reference Architecture
An Enterprise Continuous Monitoring Technical Reference Architecture 12/14/2010 Presenter: Peter Mell Senior Computer Scientist National Institute of Standards and Technology http://twitter.com/petermmell
More informationCPNI TECHNICAL NOTE 04/2008 VULNERABILITY ASSESSMENT TOOLS
CPNI TECHNICAL NOTE 04/2008 VULNERABILITY ASSESSMENT TOOLS DECEMBER 2008 CPNI would like to acknowledge and thank NCC for their help in the preparation of this report. Disclaimer: Reference to any specific
More informationIntroduction to OVAL: A new language to determine the presence of software vulnerabilities
Introduction to OVAL: A new language to determine the presence of software vulnerabilities Matthew Wojcik / Tiffany Bergeron / Robert Roberge November 2003 The MITRE Corporation Table of Contents Introduction
More informationDECISION/BESLUT 2003-09-30
DECISION/BESLUT 2003-09-30 Ärendenr. 23. Sökande/Complainant IT Butikken A/S, Danmark Motpart/Respondent Shoppingsajterna Svenska AB, 556577-2547, Önsvala Gård, 245 93 Staffanstorp Saken/The Matter Alternativt
More informationWeb application vulnerability statistics for 2010-2011
Web application vulnerability statistics for 2010-2011 SERGEY GORDEYCHIK DMITRY EVTEEV ALEXANDER ZAITSEV DENIS BARANOV SERGEY SCHERBEL ANNA BELIMOVA GLEB GRITSAI YURI GOLTSEV TIMUR YUNUSOV ILYA KRUPENKO
More informationTotal Protection for Compliance: Unified IT Policy Auditing
Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.
More informationWeb Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability
Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability WWW Based upon HTTP and HTML Runs in TCP s application layer Runs on top of the Internet Used to exchange
More informationTowards security management in the cloud utilizing SECaaS
Towards security management in the cloud utilizing SECaaS JAN MÉSZÁROS University of Economics, Prague Department of Information Technologies W. Churchill Sq. 4, 130 67 Prague 3 CZECH REPUBLIC jan.meszaros@vse.cz
More informationSecurity Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems
IT 4823 Information Security Administration Securing Operating Systems June 18 Security Maintenance Practices Basic proactive security can prevent many problems Maintenance involves creating a strategy
More informationSecurity Vulnerabilities and Patches Explained IT Security Bulletin for the Government of Canada
Security Vulnerabilities and Patches Explained IT Security Bulletin for the Government of Canada ITSB-96 Last Updated: March 2015 1 Introduction Patching operating systems and applications is one of the
More informationQualys PC/SCAP Auditor
Qualys PC/SCAP Auditor Getting Started Guide August 3, 2015 COPYRIGHT 2011-2015 BY QUALYS, INC. ALL RIGHTS RESERVED. QUALYS AND THE QUALYS LOGO ARE REGISTERED TRADEMARKS OF QUALYS, INC. ALL OTHER TRADEMARKS
More informationSample Vulnerability Management Policy
Sample Internal Procedures and Policy Guidelines February 2015 Document Control Title: Document Control Number: 1.0.0 Initial Release: Last Updated: February 2015, Manager IT Security February 2015, Director
More informationON ATTACK GRAPH MODEL OF NETWORK SECURITY. Hasmik Sahakyan, Daryoush Alipour
26 ON ATTACK GRAPH MODEL OF NETWORK SECURITY Hasmik Sahakyan, Daryoush Alipour Abstract: All types of network systems are subject to computer attacks. The overall security of a network cannot be determined
More informationNETWORK PENETRATION TESTING
Tim West Consulting 6807 Wicklow St. Arlington, TX 76002 817-228-3420 Twest@timwestconsulting.com OVERVIEW Tim West Consulting Tim West Consulting is a full service IT security and support firm that specializes
More informationMobil data hetare än någonsin.
Mobil data hetare än någonsin. Peter Jerhamre, Systems Engineer 2010 Cisco and/or its affiliates. All rights reserved. 1 2010 Cisco and/or its affiliates. All rights reserved. 2 60% Ifrågasätter kontorets
More informationManage Vulnerabilities (VULN) Capability Data Sheet
Manage Vulnerabilities (VULN) Capability Data Sheet Desired State: - Software products installed on all devices are free of known vulnerabilities 1 - The list of known vulnerabilities is up-to-date Desired
More informationINFORMATION SECURITY TESTING
INFORMATION SECURITY TESTING SERVICE DESCRIPTION Penetration testing identifies potential weaknesses in a technical infrastructure and provides a level of assurance in the security of that infrastructure.
More informationMartin Holmgren Vice President Fleet Management Cramo Group +46706276860
Martin Holmgren Vice President Fleet Management Cramo Group +46706276860 Utskifting hvor langt kan man strekke seg? - når k-punktet er passert bakkerekord eller knall og fall? Utskifting hvor langt kan
More informationD. Best Practices D.2. Administration The 6 th A
Best Practices I&C School Prof. P. Janson September 2014 D. Best Practices D.2. Administration The 6 th A 1 of 26 The previous section described how to improve IT security through use of better development
More informationCar Customer Service. SFK Väst, January 2016, Måns Falk, mfalk, Security Class; Proprietary 2016-01-21
Car Customer Service SFK Väst, January 2016, Måns Falk, mfalk, Security Class; Proprietary 2016-01-21 1 Lean SERVICE En upptäcktsresa Måns Falk Volvo Car Customer Service Customer Service Lean Knowledge
More informationARF, ARCAT, and Summary Results. Lt Col Joseph L. Wolfkiel
ARF, ARCAT, and Summary Results Lt Col Joseph L. Wolfkiel Enterprise-Level Assessment and Reporting The Concept Assessment Results Format (ARF) Assessment Summary Results (ASR) The Assessment Results Consumer
More informationA Study of Failure Development in Thick Thermal Barrier Coatings. Karin Carlsson
A Study of Failure Development in Thick Thermal Barrier Coatings Karin Carlsson LITH-IEI-TEK--07/00236--SE Examensarbete Institutionen för ekonomisk och industriell utveckling Examensarbete LITH-IEI-TEK--07/00236--SE
More informationPayment Card Industry (PCI) Executive Report 08/04/2014
Payment Card Industry (PCI) Executive Report 08/04/2014 ASV Scan Report Attestation of Scan Compliance Scan Customer Information Approved Scanning Vendor Information Company: A.B. Yazamut Company: Qualys
More informationContinuous Monitoring
Continuous Monitoring The Evolution of FISMA Compliance Tina Kuligowski Tina.Kuligowski@Securible.com Overview Evolution of FISMA Compliance NIST Standards & Guidelines (SP 800-37r1, 800-53) OMB Memorandums
More informationSAST, DAST and Vulnerability Assessments, 1+1+1 = 4
SAST, DAST and Vulnerability Assessments, 1+1+1 = 4 Gordon MacKay Digital Defense, Inc. Chris Wysopal Veracode Session ID: Session Classification: ASEC-W25 Intermediate AGENDA Risk Management Challenges
More informationGuideline on Vulnerability and Patch Management
CMSGu2014-03 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Vulnerability and Patch Management National Computer Board
More informationIntelligent Vulnerability Management The Art of Prioritizing Remediation. Phone Conference
Intelligent Vulnerability Management The Art of Prioritizing Remediation An IANS Interactive Phone Conference SUMMARY OF FINDINGS F e b r u a ry 2010 Context Joel Scambray shared IANS point of view on
More informationWHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK
WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK DATE OF RELEASE: 27 th July 2012 Table of Contents 1. Introduction... 2 2. Need for securing Telecom Networks... 3 3. Security Assessment Techniques...
More informationQuantitative Security Risk Analysis of Enterprise Systems: Techniques and Challenges Tutorial ICISS, December 2014
Quantitative Security Risk Analysis of Enterprise Systems: Techniques and Challenges Tutorial ICISS, December 2014 Anoop Singhal Computer Security Division National Institute of Standards and Technology
More informationOnline Compliance Program for PCI
Appendix F Online Compliance Program for PCI Service Description for PCI Compliance Monitors 1. General Introduction... 3 2. Online Compliance Program... 4 2.1 Introduction... 4 2.2 Portal Access... 4
More information