The PCI DSS version 2.0 (PCI SSC, 2010) requires that external and internal
penetration be completed at least annually or when there are any significant changes to
the environment.

The Payment Card Industry Data Security Standard, introduced in 1999, is a
rigorous set of prescriptive requirements aimed at securing systems that handle credit
card numbers. The majority of organisations are overwhelmed by the cost of compliance
.Performing security specialist tasks such as formal risk assessment,
incident handling, alert monitoring and penetration testing are often over and above the
regular duties of the in-house I.T. staff. Maintaining a security team with the capabilities
to perform these tasks can be expensive and considered out-of-reach for many small and
medium organisations. Smaller organisations with smaller I.T. budgets often need to find
ways of lowering the cost of achieving compliance. Penetration Testing, in particular, can
be an expensive activity to commission either from an internal team or an external
provider. Considering that a clean Penetration Test report is a requirement of PCI DSS
, an organisation may need to initially perform a number of rounds of
testing to achieve a clean report, raising costs again

Pentest Details in Numbers





Check Points


Critical Controls