..

This design element requires flash & JavaScript to be enabled to play. Download the latest version of flash from Adobe.com.

PCI DSS Testing

Regular testing of your network infrastructure and applications is a critical activity for ongoing assurance that your network remains safe, and that your investment in perimeter controls is yielding the expected return.

commissum provides a comprehensive range of internal and external network and application testing services, as well as cost-effective vulnerability assessments in between these detailed tests.

PCI DSS Compliance

Within the Payment Card Industry Data Security Standard (PCI DSS) twelve requirements are a number of mandatory testing requirements. In outline these are:

  • Quarterly Requirement:
    • Requirement 11.1 - Test for the presence of wireless access points
    • Requirement 11.2 - Internal and external network vulnerability scans
  • Annual Requirement:
    • Requirement 6.6 - Web application vulnerability testing
    • Requirement 11.3 - External and internal penetration tests annually and after any significant infrastructure or application upgrade or modification (including network-layer and application layer tests)

commissum is able to provide a full range of services to cover all PCI DSS testing and scanning requirements. The standard prescribes that annual testing of applications and infrastructure must be conducted by personnel that are “organisationally separate from the management of the environment being tested” and “qualified”. As a long standing independent provider of penetration testing services and a CREST member company, commissum is ideally placed to fulfil the stringent requirements of PCI DSS and any organisation seeking compliance with the standard.

Get in touch with one of our security consultants today

  • No obligation
  • Expert advice
  • Tailored solutions
"We have been working with commissum for over five years on both rolling service contracts and ad hoc projects. We've found them extremely helpful and flexible in tailoring services to meet our requirements which, owing to the nature of our business, change frequently at short notice. Their staff are always professional, friendly and a pleasure to work with.”

Mark S, Head of IT - National Television Broadcaster

Latest News

mobile-phone-and-keyboard

Botnets go mobile and net a lucrative catch

Researchers at security firm Symantec and at North Carolina State University have recently discovered a large and successful botnet -- with the twist that this one involves mobile phones, specifically Android smartphones.A botnet is a cluster of devices infected with the same malware (unknown to their owners), and under the ...
Wed 15 Feb, 2012 // Briony
BigBen

Government cybersecurity report urges awareness rather than fear

The UK Government's Science and Technology Committee has released a report on malware and cybercrime in the UK.Malicious software, or "malware", infects computers and steals banking details and personal identity information, which can be used for identity theft. It poses a growing threat in the UK, as more people use ...
Fri 10 Feb, 2012 // Briony
country flags

UK cyber-security among the world's best in recent report

A new report collates the views of international cybersecurity experts to grade several countries according to the strength of their defence against Internet attacks.  The report, sponsored by the computer security company McAfee, ranks Israel, Finland and Sweden as the top-performing countries, with four and a half out of five ...
Tue 31 Jan, 2012 // Briony