and thi is believ by mani FunnyObstacleCourse to be best accomplish by seek the servic of a firm which special in thi fieldOutsourc these requir to an organis that can deliv comprehens independ result and that is also wholli focus on the deliveri of these profession servic is usual prefer by larger organisations. Penetr test should not onli be conduct to meet complianc obligations. What thi test should do is lead to an improv secur posture..
which must be run intern or by an ASV Approve Scan Vendor respectively. Each of these activ must also be perform either when chang take place in the applications,A n organisation' requir for administ a yearli extern and intern penetr test that also includ applic test is cover by PCI DSS requir 11.3. Thi is differ than the PCI DSS 11.2 requir that deal with an organisation' requir for run intern and extern vulner scan quarterly. which includ upgrades, network, and infrastructur of the organisation, or at the mandat intervals.
the penetr test tri to take advantag of the vulner by exploit them,From a technic perspect there ar kei differ in these requir as well. To determin the magnitud of the issu and full busi impact. while note issu ar just identifi and report by the vulner assessment. The penetr test must includ applic layer tests, and is more manual and comprehens as compar to the vulner scans.
however,Th yearli penetr test doe not need to be conduct by a parti extern to the organis accord to the guidanc suppli from the PCI SSC. The testing. need to be complet by a parti that is well qualified, who is organisation separ from the manag of the system be tested. All in-scop locat should be includ in the penetr test, and the test should be appropri for the size and intricaci of the organisation. Result from either black box or white box penetr test approach should be documented, with all system and network in the cardhold data environ includ in the scope of the testing. Smaller organis that have onli limit resourc could have some difficulti in demonstr their adher to these requirements.
没有评论:
发表评论