The term “Rules of Engagement” sounds intimidating the first time you hear it, but don’t be alarmed, it is meant to protect both you as the client and your penetration testers. The Rules of Engagement, or ROE, are meant to list out the specifics of your penetration testing project to ensure that both the client […]
Segmentation is not a requirement to meet PCI compliance. However, it is strongly recommended by the PCI Council as it can greatly reduce the cost, scope, and difficulty of meeting compliance. In this blog, we will explore these reasons a bit further and explain the importance of PCI segmentation. What is Segmentation? Segmentation, from a […]
Having performed numerous Reports on Compliance (ROC) for corporations and assisted a myriad of clients with their Self Assessment Questionnaire (SAQ), one thing is apparent to us: companies large and small are having difficulty determining PCI scope for their environment. This can have a profound impact on your compliance. Having the wrong scope can invalidate […]
Technically, no, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) does not specifically require penetration testing. But stick with me, because there are some important nuances to make note of here. While the act never specifically calls out vulnerability scans or penetration testing, there are a number of industry experts and standards organizations […]
We often get asked, “what is the typical timeline for a penetration test?” The projected schedule can often dictate the business decision around which penetration testing firm to ultimately go with. When you’re under a tight deadline, it’s helpful to get a better idea of what to expect when contracting for a penetration test. While […]
Among the security testing that PCI DSS v3.2 requires is external penetration testing. External penetration testing is becoming a regular part of security practitioner’s vocabularies, with seemingly every security standard requiring it and any mature security program identifying its importance. The requirements surrounding a PCI external penetration test have some specific nuances that are worth […]
