Penetration Testing for my Network

I have a Small Network that is in Need of PCI Compliance.

and Need to have a penetration Test done.

Looking for help with this Service and also if they have a re seller program.

Cjoego
Joseph SalazarVice President - Senior IT ConsultantAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Gareth Tomlinson CISSPNetwork and Security ManagerCommented:
Where are you based?
0
madunixCommented:
securitymetrics.com is one, they are good and recommended by many payment gateways
0
btanExec ConsultantCommented:
service from CESG CHECK, CREST, PCI QSA & PCI ASV approved company is worth thinking - below are candidates
http://www.procheckup.com/
https://www.randomstorm.com/services/pci-asv/
http://www.nettitude.co.uk/pci-qsa-services/

tools wise for self run has PCI template per se to guide if you need a self check
e.g. Security-Assessment.com recommends qualyguard (vulnerability test tool)
http://www.security-assessment.com/page/vulnerability-assessment.htm

note that for PCI DDS compliance you MUST run quarterly audits. if you store CC data you should be compliant - even if not accessing it directly. (PCI compliance required for handling of CC data, this includes storing/transmitting). Hence it may be worth engaging service on a long term basis for a more cost effective means ... else build an internal team which time and resource may not be in favourable

scope of vulnerability mgmt service should minimally include process to Review reports, Analyze results for false/true positives, Define actionable items, Prioritize items, Determine remediation/mitigation paths for each items etc.

Of course there are more candidate with the tool
http://www.comodo.com/e-commerce/compliance/pci-compliance.php
http://www.alienvault.com/solutions/pci-dss-internal-vulnerability-scan

but good to note the below
https://www.braintreepayments.com/blog/vulnerability-and-security-assessment-scans-for-pci-dss-compliance

3. How much do scanning services cost?
ControlScan: "Scanning services can range from $15 to $40 a month. One thing to keep in mind is that becoming PCI Compliant is more than just a scan. The PCI DSS is a set of 12 requirements that focus on specific areas of security. When evaluating which scanning vendor to use, do not assume that because you purchase a less expensive PCI scan that you are compliant."

SecurityMetrics: "Most merchants will pay $139.99 per year for full service PCI quarterly scanning and remediation help on all issues related to compliance including security policies and questionnaire assistance. The price is reduced as the IP count increases."
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Rich RumbleSecurity SamuraiCommented:
You need to have a 3rd party and PCI accredited scanning company quarterly scan. The PCI Council site has a list of approved vendors.
https://www.pcisecuritystandards.org/approved_companies_providers/approved_scanning_vendors.php
Make sure you are in fact bound by PCI however, many companies think they are, but they aren't keeping the data or are redirecting to a 3rd party. Just because you allow purchases doesn't mean you are bound to PCI. I'm sure you wouldn't ask the question, but it's happened to me a few times this week alone :) If pay-pal or someone else is the shopping cart for your site, then the compliance is mostly on them, the 3rd party.
-rich
0
Joseph SalazarVice President - Senior IT ConsultantAuthor Commented:
Hashemite we are in Orange County
0
btanExec ConsultantCommented:
0
Joseph SalazarVice President - Senior IT ConsultantAuthor Commented:
Wow !!!! Lots to choose from,

Thank you everybody.

Cjoego
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.