Requirement 11 of the PCI DSS describes the need to regularly and frequently carry out tests to identify unaddressed security issues and scan for rogue wireless networks. Regular testing is fundamental to ensuring that an organisation is prepared for the full range of attacks that companies have to face.
We would like to reassure our clients that all training and consultancy services will go ahead as scheduled during the current COVID-19 situation. As a company that fully embraces flexible and remote working, we are adjusting our delivery methods to allow us to provide consultancy services, penetration tests and training remotely where necessary. Please also refer to our COVID-19 policy.
IT Governance’s PCI compliance penetration tests aims to assess your security systems, public-facing devices and systems, databases and other systems that store, process or transmit cardholder data to discover your vulnerabilities before cyber criminals do.
Our penetration testing service will help you to determine whether and how a malicious user could gain unauthorised access to assets that affect the fundamental security of the system, files, logs and/or cardholder data; and confirm that the controls required by the PCI DSS are in place and effective.
Once identified, all identified vulnerabilities are presented in a format that allows an organisation to assess their relative business risk and the cost of remediation.
PCI DSS Requirements 11.4.1 and 11.4.2 state that internal and external penetration testing must be performed at least annually and after any significant changes – for example, infrastructure or application upgrades or modifications, or after installing new system components. Requirement 11.4.5 requires penetration testing of network segmentation controls.
Many organisations do not regularly test the security controls governing their network and Internet-facing applications, which can leave vulnerabilities for criminal hackers to exploit. However, it is widely known that payment card data is usually the primary target in attacks against commercial environments.
Our penetration tests will help you: