controlgap.com

Understanding PCI DSS requirements in depth can often be confusing and frustrating. The requirements covering penetration testing, PCI DSS 11.3, are a case in point. This article will help those of you who are seeking compliance to know what is expected and to guide you in the right direction. Specifically, we will look at what penetration testing is, how to perform penetration tests, the different types of penetration tests, and what you need to get out of penetration testing to be successful.

Despite the widespread adoption of logging as part of operational security practices, organizations have continued to be challenged in harnessing the value of effective log monitoring. Statistics indicate the average elapsed time between the first intrusion to detection of the compromise is a whopping 167 days. Improvements in technology have allowed malicious individuals to vastly improve their craft.