PCI-DSS vs ISO 27001

credit card, lock and safety shield

The objective for both standards is to secure and manage company information, but they do so in different ways and to different extents.

Penetration Testing Guidelines and Best Practices – Part 1

man inspecting requirements

What does PCI DSS say about penetration testing?  PDI DSS does provide some guidelines to penetration testing. What the PCI standard explicitly mandates about penetration testing is illustrated in Requirement 11.3, requiring organizations to perform annual penetration tests that would mainly: While the composition of the network layer tests is left to the discretion of the […]