PCI - DSS requires an institution to conduct periodic (in most cases, quarterly) network vulnerability scans, both internally and externally. Moreover, it is necessary to test the network after migrations, upgrades, component installations, new applications, firewall re-configurations, general network topology changes, etc. PCI compliance is achieved with Security Compliance Associates verifying that the most recent scan is a passing grade and that the institution’s testing is documented.
SCA will work with the staff in developing an assessment program that meets or exceeds the PCI - DSS requirements.
Because of the relative resource constraints an institution may encounter with the accelerated assessment schedule, Security Compliance Associates will provide timely reports that offer concise direction for remedy.
In addition to periodic vulnerability scans, it is necessary to conduct true penetration testing on an annual basis. This applies both externally and internally. Should the institution undergo significant network infrastructure change or modification, additional penetration testing is mandated, per occurrence.
The testing will include, but is not limited to network layer penetration testing, operating systems and network application testing. Security Compliance Associates will verify the integrity of intrusion detection services and preventions, along with the associated configurations, maintenance, updates, etc. It is also necessary to verify the use of file integrity monitoring products and results. Monitored files should include system executables, application executables, configuration & parameter files and all centrally stored archives of log and audit files.
Microsoft yesterday issued 13 security updates that patched 22 vulnerabilities in Internet Explorer, Windows, Office and other software, including one that harked back two decades to something dubbed "Ping of Death."
Microsoft released 13 security bulletins, patching 22 vulnerabilities across its product line, including two critical updates affecting Internet Explorer and the Windows DNS Server. While Microsoft issued fewer updates this month, August was still marked as a busy month for system administrators.
Hackers flying the AntiSec banner today released what they said was 400 megabytes of internal data from a government cybersecurity contractor, ManTech, as part of their campaign to embarrass the FBI every Friday, as well as target other government agencies and their partners.
The U.S. Attorney's Office in Houston has brought charges against four men for stealing more than $400,000 as part of an ATM skimming scam targeting local banks.
Morgan Stanley Smith Barney is the latest company behind Sony and Epsilon to have its customers' personal data compromised.
A gang that made more than $72m (£45m) peddling fake security software has been shut down in a series of raids.
