Vulnerability scanning. Mention those two words, and your IT operations staff usually shudders. Conversely, your IT audit/security staff usually start doing a happy dance (I think those guys are sadists, like Steve Martin in Little Shop of Horrors.) Love it or hate it, vulnerability scanning is required by many compliance regimens. The PCI DSS states that you have to perform vulnerability scanning quarterly, and from both an external and internal perspective. If you follow the letter of the PCI law, that’s at least eight scans a year. I would like to posit that if you’re really doing PCI vulnerability scanning correctly, it’s more like a minimum of 12 scans each year, with 16 being the better number.Read more

Brett Edgar

Brett is a Founder and the Director of Managed Security Services at TRUE. He has been working in the system and network forensics field since graduating from the University of Tulsa with a B.S. Computer Science in 2003. He speaks hexadecimal fluently and is TRUE's resident human Ethernet transceiver. He holds CISSP, CSSLP, and CNSS 4011-4015 certificates, loves MLB and NCAA Football, and when he gets tired of hexadecimal, he goes home to hang out with his wife and kid.

Twitter - More Posts