How do you conduct your IT risk assessments? In a recent ControlScan customer survey, we asked IT leaders about risk assessments. Specifically, we wanted to know how often businesses are conducting them, as well as if they are doing so formally by using an external … Read more
Find an Experienced Penetration Tester Like most security testing services, the quality of service you get in a penetration testing engagement can vary tremendously from vendor to vendor. That’s because penetration testing is human-driven, relying upon the tester’s expertise and diligence. Evaluate Potential Providers Asking the … Read more
What happens when your employee is also your company’s penetration tester? One of your employees is a Certified Penetration Tester (CPT). Can the organization use this employee to perform its external and application penetration testing? Yes, the PCI DSS does allow companies to pen test themselves, … Read more
Effective July 1, 2015, businesses validating their compliance via PCI SAQ version C are required to undergo a penetration test for the very first time. Brick-and-mortar merchants with payment applications connected to the Internet (but that do not electronically store cardholder data) are subject to … Read more
2014 has been a year filled with news about breaches – big breaches – record breaking breaches. I have spent the majority of the year talking to many people about PCI DSS version 3.0 SAQs. I have spoken to Merchant Banks, Processors, small businesses, IT … Read more
Question: In version 3.0 it states I need to complete penetration testing. In version 2.0 it was recommended and because of our business being 24 hours, we had an acceptable work around. I am being told that the penetration test is a MUST for 3.0? Answer: Penetration … Read more