- Financal Systems Databases,
- User Management Systems (Including Active Directory Domain server),
- Key Critical System (this is the system with the highest loss or damage value for the organisation).
Host Based IDS as a graph ploting changes over time
The worst industries are retail and property. In the case where there is a requirement for PCI-DSS to be met, I have ignored these all together. I have seen 2 orgainsations that are compliance with PCI-DSS.
I have seen 45 organisations that have PCI-DSS requirements that need to be met. Of these, 2 met the compliance standards as they had minimal systems. On top of this, 2 organisations have filed that they are nowhere near meeting the standards and file as being non-complaince, but Visa has yet not done anything. A further 3 organisations have "lodged" with Visa/Mastercard and thier banks that they are non-compliance but working on getting there and have an extension. 17 organisations have "fudged the results" and 6 have - well let us just say misrepresented the truth.