Why Penetration Tests are Critical for Accurately Assessing Security Risk

October 10, 2017 • Published Categories Best Practices Tags ,
Penetration tests look for vulnerabilities within various endpoints

How do you conduct your IT risk assessments? In a recent ControlScan customer survey, we asked IT leaders about risk assessments. Specifically, we wanted to know how often businesses are conducting them, as well as if they are doing so formally by using an external … Read more

Penetration Testing: Ask the Right Questions Before You Sign

February 24, 2016 • Published Categories Best Practices Tags ,

Find an Experienced Penetration Tester Like most security testing services, the quality of service you get in a penetration testing engagement can vary tremendously from vendor to vendor. That’s because penetration testing is human-driven, relying upon the tester’s expertise and diligence. Evaluate Potential Providers Asking the … Read more

Can an Employee Conduct Our Company’s Penetration Testing?

November 4, 2015 • Published Categories Best Practices Tags , ,
The in-house penetration tester: Good or bad?

What happens when your employee is also your company’s penetration tester? One of your employees is a Certified Penetration Tester (CPT). Can the organization use this employee to perform its external and application penetration testing? Yes, the PCI DSS does allow companies to pen test themselves, … Read more

Penetration Testing: What’s a small business to do?

July 29, 2015 • Published Categories Industry Topics Tags , ,

Effective July 1, 2015, businesses validating their compliance via PCI SAQ version C are required to undergo a penetration test for the very first time. Brick-and-mortar merchants with payment applications connected to the Internet (but that do not electronically store cardholder data) are subject to … Read more

Ready Your 3.0 SAQ Game Plan

December 17, 2014 • Published Categories Best Practices Tags , , , , , , , ,

2014 has been a year filled with news about breaches – big breaches – record breaking breaches. I have spent the majority of the year talking to many people about PCI DSS version 3.0 SAQs.  I have spoken to Merchant Banks, Processors, small businesses, IT … Read more

Is Penetration Testing Now a Must for My Business?

November 20, 2014 • Published Categories Industry Topics Tags , ,

Question: In version 3.0 it states I need to complete penetration testing. In version 2.0 it was recommended and because of our business being 24 hours, we had an acceptable work around. I am being told that the penetration test is a MUST for 3.0? Answer: Penetration … Read more