PCI DSS Compliance
Within the Payment Card Industry Data Security Standard (PCI DSS) twelve requirements are a number of mandatory testing requirements. In outline these are:
- Quarterly Requirement:
- Requirement 11.1 - Test for the presence of wireless access points
- Requirement 11.2 - Internal and external network vulnerability scans
- Annual Requirement:
- Requirement 6.6 - Web application vulnerability testing
- Requirement 11.3 - External and internal penetration tests annually and after any significant infrastructure or application upgrade or modification (including network-layer and application layer tests)
commissum is able to provide a full range of services to cover all PCI DSS testing and scanning requirements. The standard prescribes that annual testing of applications and infrastructure must be conducted by personnel that are “organisationally separate from the management of the environment being tested” and “qualified”. As a long standing independent provider of penetration testing services and a CREST member company, commissum is ideally placed to fulfil the stringent requirements of PCI DSS and any organisation seeking compliance with the standard.
Get in touch with one of our security consultants today
- No obligation
- Expert advice
- Tailored solutions
"We have been working with commissum for over five years on both rolling service contracts and ad hoc projects. We've found them extremely helpful and flexible in tailoring services to meet our requirements which, owing to the nature of our business, change frequently at short notice. Their staff are always professional, friendly and a pleasure to work with.”
Mark S, Head of IT - National Television Broadcaster
Latest News
Botnets go mobile and net a lucrative catch
Researchers at security firm Symantec and at North Carolina State University have recently discovered a large and successful botnet -- with the twist that this one involves mobile phones, specifically Android smartphones.A botnet is a cluster of devices infected with the same malware (unknown to their owners), and under the ...Wed 15 Feb, 2012 //
Government cybersecurity report urges awareness rather than fear
The UK Government's Science and Technology Committee has released a report on malware and cybercrime in the UK.Malicious software, or "malware", infects computers and steals banking details and personal identity information, which can be used for identity theft. It poses a growing threat in the UK, as more people use ...Fri 10 Feb, 2012 //
UK cyber-security among the world's best in recent report
A new report collates the views of international cybersecurity experts to grade several countries according to the strength of their defence against Internet attacks.  The report, sponsored by the computer security company McAfee, ranks Israel, Finland and Sweden as the top-performing countries, with four and a half out of five ...Tue 31 Jan, 2012 //


