Requirement 11 – Resources

Requirement 11: Regularly test security systems and processes

Wireless testing
– Kismet, airmon, airodump
– www.visiwave.com

Wireless IDS / IPS
– http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/secwlandg20/wireless_ips.html
– http://www.sans.org/reading-room/whitepapers/detection/inexpensive-wireless-ids-kismet-openwrt-33103
– http://www.arubanetworks.com/

Sample Incident Response Plan
– https://cio.unm.edu/standards/docs/unm-pci-incident-response-plan-1306.pdf

Vulnerability scanning tools
– Nessus (www.tenable.com/‎)
– Qualys (www.qualys.com/‎)
– Nexpose (www.rapid7.com/products/nexpose/)

List of Approved Scanning Vendors (ASVs)
– https://www.pcisecuritystandards.org/approved_companies_providers/approved_scanning_vendors.php

Penetration testing methodology
– NIST SP800-115 – csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf
– SANS – http://www.sans.org/reading-room/whitepapers/auditing/conducting-penetration-test-organization-67

Posted in Resources.