Penetration Testing for my Network

Posted on 2014-08-11
Medium Priority
Last Modified: 2014-08-20
I have a Small Network that is in Need of PCI Compliance.

and Need to have a penetration Test done.

Looking for help with this Service and also if they have a re seller program.

Question by:Joseph Salazar

Expert Comment

by:Gareth Tomlinson CISSP
ID: 40255044
Where are you based?
LVL 25

Expert Comment

ID: 40255294
securitymetrics.com is one, they are good and recommended by many payment gateways
LVL 65

Accepted Solution

btan earned 1332 total points
ID: 40255667
service from CESG CHECK, CREST, PCI QSA & PCI ASV approved company is worth thinking - below are candidates

tools wise for self run has PCI template per se to guide if you need a self check
e.g. Security-Assessment.com recommends qualyguard (vulnerability test tool)

note that for PCI DDS compliance you MUST run quarterly audits. if you store CC data you should be compliant - even if not accessing it directly. (PCI compliance required for handling of CC data, this includes storing/transmitting). Hence it may be worth engaging service on a long term basis for a more cost effective means ... else build an internal team which time and resource may not be in favourable

scope of vulnerability mgmt service should minimally include process to Review reports, Analyze results for false/true positives, Define actionable items, Prioritize items, Determine remediation/mitigation paths for each items etc.

Of course there are more candidate with the tool

but good to note the below

3. How much do scanning services cost?
ControlScan: "Scanning services can range from $15 to $40 a month. One thing to keep in mind is that becoming PCI Compliant is more than just a scan. The PCI DSS is a set of 12 requirements that focus on specific areas of security. When evaluating which scanning vendor to use, do not assume that because you purchase a less expensive PCI scan that you are compliant."

SecurityMetrics: "Most merchants will pay $139.99 per year for full service PCI quarterly scanning and remediation help on all issues related to compliance including security policies and questionnaire assistance. The price is reduced as the IP count increases."
Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 668 total points
ID: 40255994
You need to have a 3rd party and PCI accredited scanning company quarterly scan. The PCI Council site has a list of approved vendors.
Make sure you are in fact bound by PCI however, many companies think they are, but they aren't keeping the data or are redirecting to a 3rd party. Just because you allow purchases doesn't mean you are bound to PCI. I'm sure you wouldn't ask the question, but it's happened to me a few times this week alone :) If pay-pal or someone else is the shopping cart for your site, then the compliance is mostly on them, the 3rd party.

Author Comment

by:Joseph Salazar
ID: 40257485
Hashemite we are in Orange County
LVL 65

Assisted Solution

btan earned 1332 total points
ID: 40257584

Author Closing Comment

by:Joseph Salazar
ID: 40274511
Wow !!!! Lots to choose from,

Thank you everybody.


Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question