PCI Compliance is here to stay:
Typically, IT managers dread the annual PCI assessment. With publicized credit card breaches on the rise, meeting PCI compliancy will be even more so of a requirement with potential increases in punitive actions for companies not meeting that compliancy. To add to the existing complexity of PCI DSS, with emerging threats of capabilities to breach corporate networks on a consistent basis, PCI requirements will remain in a perpetual state of change.
Topics: Ethical Hacking, Vulnerability Management, Compliance, Penetration Testing, Threat Management
What is PCI Compliance?
Topics: Managed Detection & Response, Information Security, Vulnerability Management, Compliance
In March 2015, the PCI Council released their Information Supplement for Penetration Testing Guidance. This is a fantastic move as previous guidelines were centered on the completion of penetration tests and left the methodology for completing those up to the auditor. With this guidance in place, we now have a clear definition to what qualifies as a penetration test in the eyes of the Council. There isn’t a need to rehash the document for you here, and I encourage everyone to read it. I would like to focus on a few key highlights that I’m happy to see added.
Topics: Ethical Hacking, Compliance, Penetration Testing