Virtualisation Security – An Auditors Perspective

Dr David Ross from Bridge Point presented this paper to the CACS confernece in April 2011.  The paper discusses the pitfalls and possible solutions to information systems security in virtualised environments. The paper focuses on the issues with compliance and audit against the Payment Card Industry Data Security Standard for the security cardholder data and the systems of the cardholder data environment when virtualisation technologies are introduced.

The pros and cons of various virtualisation technologies are discussed and possible solutions illustrated.