Quote:
Originally Posted by Wayne at Pelican Parts
Firstly, the HackerSafe people do back up their logo with good scanning. They emulate hacker attacks on the servers all the time - to the point where it is very annoying sometimes, and they actually bring stuff down (mostly through Denial-Of-Service type events).
|
This is still only relevant to a specific point in time, ie which vulnerabilities are known
today that they can check for
right now. Are they also constantly developing new intrusion methods? Re-running the same attacks over and over again is pretty much futile; the chances of certain ports etc magically opening up are pretty slender.
Even then, all this certifies is that your s/w & n/w were defensible at a given point in time from a specific perspective. It's entirely possible that there's a keylogger on one or more internal machines, sending data to a server in the Ukraine.
Quote:
|
The service is also coupled with something called PCI and CISP, which you are requied to adopt if you want to accept and process credit cards. Pelican is PCI and CISP compliant.
|
How is compliance checked/tracked? Is it audited?
I suffered through an IT HIPPA audit a while back, and I doubt that PCI/CISP are as stringent as that.