Conducting a penetration test will allow you to discover the vulnerabilities in your IT infrastructure and correct them before they can be exploited by hackers and other hostile forces. One of the oldest and most trusted methods for assessing security risks is penetration testing. Penetration testing is designed to simulate a real-world attack using the tools and techniques employed by actual hackers. It provides realistic examples of how a real hacker could compromise sensitive data. A PCI Penetration Test involves the technical testing of your internal information resources and externally accessible networks, firewalls, IDS, routers, switches, servers and services as they pertain to your business' credit card environment.
PCI DSS Requirement 11, commonly referred to as the "pentest requirement," mandates any company that processes, stores, and transmits electronic card transactions to conduct one PCI penetration test annually. Additionally, the requirement states that organizations must conduct a penetration test each time a significant change occurs to network infrastructure or applications. What is deemed “significant” is highly dependent on an entity’s risk assessment process and on the unique IT environment. Penetration testing of such changes will ensure that controls assumed to be in place continue to work effectively after the upgrade or modification.
To better equip organizations to prevent cybersecurity attacks and maintain PCI compliance with changing regulations, cprlorca delivers a best practice security-testing methodology for the entire Cardholder Data Environment (CDE) perimeter, any critical systems that may impact the security of the CDE and all environments that are in-scope for PCI DSS 3.1. This includes the external perimeter (public-facing attack surfaces). A cprlorca PCI Penetration Test also includes access to TraceCSO vulnerability management and reporting capabilities.
Social Engineering Engagements: While the PCI-DSS Penetration Testing Guidelines do not require social engineering, they do acknowledge social engineering as a way to determine effectiveness of a security awareness program. cprlorca offers social engineering as an optional service that can be performed in conjunction with the required penetration testing. If a social engineering is being performed as part of a PCI Penetration Test, the findings will be reported in accordance with the PCI DSS Penetration report.
Since 2004, cprlorca has performed nearly 10,000 penetration tests. cprlorca Information Security Analysts conducting assessments have between 5 and 20+ years of experience in the IT and security industry with credentials and professional experience including Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), CISSP, CISM, CISA, CCNA, CCNP, CCIP, CCDA, CCNA Security, Security +, Linux+, MCSE: Security, MCITP, CWNA, CWSP, VCP, CEH, Network +, and they boast degrees in Computer Engineering, Information Systems, Computer Science, Business Administration, Electronics Engineering, and Information and Computer Science. Each is skilled and trained in the implementation and training of cprlorca products and the delivery of its security services.