Ever wonder how companies get away with selling dirt cheap penetration tests? Odds are they are outsourcing the work to offshore engineers in other countries. I’m sure there are some great penetration testing companies that are using offshore resources and I know there are great companies that are headquartered in places besides the United States, […]
Today we’re going to tackle a consistent issue we see with companies trying to meet and maintain PCI compliance, creating evidence. When we talk about creating evidence for compliance purposes, we’re really talking about all the different ways you are proving that you are compliant. For example, it’s great that you tell me as an […]
No one likes to talk about documentation. And for good reason, it’s boring, tedious, and generally doesn’t accomplish any of your tasks or goals, it’s just ancillary support work. When it comes to PCI Compliance though, the more thorough your documentation is the easier your QSA onsite assessment will be or the more honestly you’ll […]
The North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to assure the effective and efficient reduction of risks to the reliability and security of the grid. NERC develops and enforces Reliability Standards; annually assesses seasonal and long‐term reliability; monitors the bulk power system through system awareness; and educates, […]
PCI’s new Secure Software Lifecycle (SLC) assessment standard has been released. This new Secure SLC standard, released alongside the Software Security Framework (SSF) that we’ll talk about in a separate blog, provides a framework for assessing how payment software vendors develop and maintain secure payment software. Similar to the current Merchant and Service Provider PCI […]
Today’s QSA tip has the potential to save you a lot of time, effort, and cost associated with getting your organization into compliance with the PCI Data Security Standard (DSS). Triaxiom Security is a PCI QSA certified company who performs audits on a myriad of organizations trying to meet PCI standards. From large organizations who […]
There are several phases of a security incident that are important, but first and foremost, the identification that an incident occurred is your first opportunity to gather information and understand what is going on. It’s helpful to have a checklist that employees are aware of to take down some initial information that can help your […]
One of the questions we get most when at hiring events, conferences, trade shows, etc. is how can someone get into penetration testing or break into the industry as a penetration tester? There are many avenues to becoming a penetration tester, but today we will touch on a few strategies to help get your foot […]
In today’s blog, we are going to discuss three potential show stoppers for a QSA On-site Assessment. These all come from recent conversations with potential clients, and all three would have resulted in a failing Report on Compliance (RoC). So as a result, we thought a blog discussing what those are and what to do […]
As penetration testing continues to grow in popularity and more companies are either required to have it or are doing it as part of best practice, people are running into the problem of how to shop for penetration testing. But what makes a good penetration testing company and how do you compare companies? What should […]
