If there is one type of assessment that is not like the others, it is the physical penetration test. A physical penetration tests assesses the risk to your organization of an attacker physically breaking in. This blog will explore the physical penetration test, what questions it answers, what type of clients typically seek physical penetration […]
The term “Rules of Engagement” sounds intimidating the first time you hear it, but don’t be alarmed, it is meant to protect both you as the client and your penetration testers. The Rules of Engagement, or ROE, are meant to list out the specifics of your penetration testing project to ensure that both the client […]
Segmentation is not a requirement to meet PCI compliance. However, it is strongly recommended by the PCI Council as it can greatly reduce the cost, scope, and difficulty of meeting compliance. In this blog, we will explore these reasons a bit further and explain the importance of PCI segmentation. What is Segmentation? Segmentation, from a […]
Having performed numerous Reports on Compliance (ROC) for corporations and assisted a myriad of clients with their Self Assessment Questionnaire (SAQ), one thing is apparent to us: companies large and small are having difficulty determining PCI scope for their environment. This can have a profound impact on your compliance. Having the wrong scope can invalidate […]
Technically, no, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) does not specifically require penetration testing. But stick with me, because there are some important nuances to make note of here. While the act never specifically calls out vulnerability scans or penetration testing, there are a number of industry experts and standards organizations […]
We often get asked, “what is the typical timeline for a penetration test?” The projected schedule can often dictate the business decision around which penetration testing firm to ultimately go with. When you’re under a tight deadline, it’s helpful to get a better idea of what to expect when contracting for a penetration test. While […]
