Home page logo

basics logo Security Basics mailing list archives

RE: PCI, EFS and the future?
From: "7thangel" <7thangel () powernet co uk>
Date: Tue, 20 Feb 2007 09:52:12 GMT

Hi Guys,

sorry for the late input on this one, but with regards to
PCI compliance I would recommend looking at the Cyber-Ark
Vaulting solution as it cover many of the issues raised with
this compliance standard along with the others and are
already the largest player in this market space.



3.4.1 If disk encryption is used (rather than file- or
column-level >Database encryption), logical access must be
managed >independently of native operating system access
control >mechanisms (for example, by not using local
system or Active >Directory accounts).

Decryption keys must not be tied to user accounts.
The wording suggests this applies to databases. Not file

How does it suggest that?  This is about encrypting data,
not the containers data might be found in.

This message has been comprehensively scanned for viruses,
please visit http://www.avg.power.net.uk/ for details.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]