The PCI DSS (Payment Card Industry Data Security Standard) requires system components, processes and custom software to be frequently tested to ensure security is maintained. The testing of security controls is especially important whenever there are changes to the CDE (cardholder data environment), such as deploying new software or changing system configurations.
Payment card data is usually the primary target in attacks against commercial environments. Yet many organisations do not regularly test the security controls governing their network and Internet-facing applications, which can leave vulnerabilities for criminal hackers to exploit.
This green paper attempts to demystify security testing requirements to help organisations comply with the PCI DSS.
- The difference between vulnerability scans and penetration tests;
- How PCI DSS security testing requirements apply to your organisation;
- The importance of scanning; and
- How penetration testing fits into your PCI DSS project.