Penetration testing should always reflect a measured approach to tackle the problem at hand, which is to ensure your systems are resilient from criminal attack. A penetration test should do this by simulating said criminal attacks, and attempt to gain access to your systems, people and premises. The marketplace is still clouded with firms that
Tick in the Box Penetration Testing (and why it’s bad) Read More »
I was recently asked by Computer Weekly for my thoughts around the biggest threats facing us in 2014. Unfortunately my predictions are far from optimistic, as criminals begin to target individuals on an unprecedented scale. 2013 saw an alarming rise in clever spear phishing techniques that companies and ISPs were simply too slow to respond
Lock up personal data in 2014 Read More »
Read Tim’s thoughts on privacy and data protection for 2014 here.
Computer Weekly – Dec 2013 Read More »
Last remaining places are available for our December training courses, which are the first instructor-led PCI DSS v3.0 training courses available worldwide since the release of the new standard: December 5 – Introduction to PCI DSS Training Course December 5/6 – 2 day Advanced PCI DSS Training Course
PCI DSS v3.0 Training – 5/6 December, London Read More »
Selecting a penetration testing provider can be a daunting task. The industry is somewhat unregulated and other than the likes of CHECK / CREST / Tiger Scheme there are relatively few means to check your penetration testing provider is actually capable of testing your systems, infrastructure, buildings and people to sufficient depth. On one hand
Penetration Testing – Building the Business Case Read More »
Tim talks about cyber security insurance. Read more..
Computer Weekly – Oct 2013 Read More »
ControlScan, Inc. and 2-sec, Ltd. to Present “Incident Response Plan Toolkit” SIG Proposal at North American, European Payment Card Industry Community Meetings PCI Special Interest Group would improve merchants’ risk preparedness, incident handling ATLANTA and LONDON, Sept. 12, 2013 – Payment security and compliance solution provider ControlScan, Inc., and security testing, QSA, PA-QSA
2-sec and ControlScan announce Incident Response Plan Toolkit SIG Read More »
The PCI SSC announced draft changes for PCI DSS v3.0 and PA-DSS v3.0 this week. Whilst for most QSAs this shouldn’t come as a surprise, what the standard will do is offer improved guidance for those whom are self assessing, to help ensure the intent of the standard is better understood by the merchant community.
PCI DSS 3.0 Draft Changes Read More »
We’ve been doing a few data centre audits as of late, and most entities seem to think just because they have CCTV at their co-location data centres, they meet the compliance requirements of PCI DSS. You’ll note from wording that access control systems need to be MONITORED. If you’ve a data centre with a few
