For you IT type that have to endure the PCI audit, you know it's bit of a grind. However, this link shows that if you have someone that does not know what they are doing, it can be HELL.
http://serverfault.com/questions/293217/our-security-auditor-is-an-idiot-how-do-i-give-him-the-information-he-wants
This auditor really does not know what he is asking for, Also he does not know how passwords are stored securely (one way hash). His biggest fault is not understanding when he is wrong and doing the leg work to understand what people are telling him.
Enjoy.
Thursday, July 28, 2011
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment