Resources | Opportunities | Direction
(Industry Leading Certifications)
Technical Publications /
Security Research / Best Practice
CDE scoping, including identifying and defining where payment cards are stored, is critical for compliance. The following free and low-cost tools can be used to search your networks and systems for payment card data:
Organizations are required to implement file-integrity monitoring tools that alert employees to unauthorized modifications of critical system, configuration, and content files. The following free file integrity monitoring tools can be used for this requirement:
- OWASP Top 10 Project: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
- Samurai WTF: http://www.samurai-wtf.org/
Organizations may want to implement intrusion-detection systems (IDS) and/or intrusion-prevention systems (IPS) to monitor all traffic at the perimeter of the data environment (DE) and at critical points inside the DE. The following free IDS/IPS tools can be used for this requirement:
Network monitoring tools can be used to ensure that NIST-required controls and process (e.g. SSH, SLL) are correctly running. The following free network monitoring tools are often seen by Coalfire during PCI assessments:
Organizations should regularly detect and identify wireless access points (WAPs) within their environments. The following free and low-cost tools can be used to detect and identify WAPs:
- Wireless netview: http://www.nirsoft.net/utils/wireless_network_view.html
- Kismet: http://www.kismetwireless.net
- Inssider Office: http://www.metageek.net/products/inssider-office
- Xirrus Wi-Fi Inspector (NOW CAMBIUM): https://www.cambiumnetworks.com/xirrus/
Industry Leading Organizations & Certifications
In today's competitive industry, having a certification and clear direction for your career path will help a cybersecurity professional stand out to highlight their knowledge base.
As a cybersecurity professional, there is a need to work with partners to defend against today's threats and collaborating to build more secure and resilient infrastructure for the future.
Technical Publications & Security Research
In a climate where technology is constantly evolving, research and articles can help keep a cybersecurity professional up-to-date. The following publications are targeted for IT staff such as best practice guides and security research.
SP 800-53 Rev. 5
Security and Privacy Controls for Information Systems and Organizations